1

Channel State Information Based Cryptographic KeyGeneration for Intelligent Transportation Systems

Soheyb Ribouh, Kelvin Phan, Arnav Vaibhav Malawade, Yassin EL Hillali, Atika Rivenq, Mohammad AbdullahAl Faruque

Abstract—Due to the sensitivity of the information exchangedin Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I)communication, generating secret keys is critical to secure thesecommunications. As nature is open access, distributed keys aremore vulnerable to attacks in the vehicular environment. Physicallayer key generation methods using wireless channel character-istics show promise in preventing such attacks, generating keysindependently, and removing the need for distribution. In thispaper, we present a novel key generation approach in a real ve-hicular environment based on Channel State Information (CSI),including a new algorithm for key bit extraction. We implementedour algorithm using USRP B210 Software-Defined Radios (SDR)and the industry-standard V2X communication protocol: IEEE802.11p. The proposed key generation protocol uses the CSIvalues of each sub-carrier as a source of randomness, from whichbits are extracted using a new QAM demodulator quantizer(QAM-Dem-Quan). We compared our technique to state-of-the-art Received Signal Strength (RSS)-based approaches, and showthat our method achieves better performance. Moreover, wereached a min-entropy of approximately 70% for the generatedkeys and a key generation rate of less than 150 µs/key for keylengths ranging from 16 to 128 bits.

Index Terms—Channel State Information (CSI), IEEE 802.11p,Physical layer key generation, QAM-Dem-Quan, V2V security,V2X communications.

I. INTRODUCTION AND RELATED WORK

CONNECTED vehicle technology is expected to seeprevalent usage as part of intelligent transportation sys-tems (ITS), which themselves are projected to be widelyimplemented in urban centers. This expectation is supportedby industry trends, such as automakers Volkswagen and Toyotadeclaring their intent to deploy Vehicle-To-Everything (V2X)communication technology in 2021. Moreover, it is furthersupported by policy trends like the proposed mandate from theNational Highway Traffic and Safety Administration (NHTSA)that would have required all vehicles to have V2X capabilityby 2020 [1]. These trends themselves are likely motivated bythe benefits promised by ITS, which would help resolve cur-rent urban mobility issues. ITS have the potential to reduce theseverity of up to 80 percent of non-impaired crashes accordingto the NHTSA and the data collected from these systems caninform better traffic flow management for decreased commutetimes and, as a result, reduced emissions [2],[3]. Autonomousvehicles have also been the focus of recent transportationadvancement, slated to make up 40 percent of vehicle trafficby the 2040s with the promise of better safety, mobility, trafficflow, and energy usage [4]. Through Vehicle-To-Vehicle (V2V)and Vehicle-To-Infrastructure (V2I) communications, a fully

realized ITS composed of connected autonomous vehiclespromises to be the future of transportation [5],[6],[7].

Given the critical role Vehicle-To-Everything (V2X) wire-less communication plays in connected vehicle infrastructure,it thus follows that the security of these communications isequally important. ITS vehicles are highly mobile and so,exchange information in an ad hoc fashion forming Vehi-cle Ad Hoc Networks (VANETs) or Mobile Ad Hoc Net-works (MANETs); however, the growing connectivity betweenvehicles and the external environments in these VANETsmeans that there is an increase in attack surfaces and vul-nerabilities [8]. As a result, various studies have affirmedthe typical security concerns for VANET security standards:authentication, ensuring messages are generated by legitimateusers; availability, maintaining access to ITS services; in-tegrity, preventing messages from being tampered with; andprivacy/confidentiality, restricting message access to relevantparties [9],[10],[11],[12],[13]. In these studies, current VANETsecurity concerns are presented as unsolved and maliciousparties are profiled as those intending to disrupt transportationsystems since compromising the security of transportationoften involves sabotaging the transmission of critical safetydata; therefore, it follows that V2X security is an open researchchallenge and necessary to the advancement of ITS. Of thesesecurity challenges, our concern, and that of the related workdescribed below, is the confidentiality of V2X automotivewireless communications in ITS.

Currently, the most common methods for securing V2Xcommunications utilize a public key infrastructure (PKI) [14].However, encryption methods based on traditional PKI presentsome risks [15] and incur significant latency while performingthe necessary cryptographic operations of the ITS-S [16].Furthermore, they require a significant amount of computingresources and power [17]. For V2X applications where safety-critical communications must be completed within 200 msand embedded hardware with limited computing power isemployed, such high latency and power requirements arenot viable[18]. These restrictions led to the development ofa Vehicular Public Key Infrastructure (VPKI) that mitigatesthese issues. The Security Credential Management System(SCMS) is a leading candidate for standardizing V2X securityin the United States because it can provide data authenticationto preserve privacy and provides the additional security mea-sure of being able to revoke of permissions for misbehavingvehicles [19] [20]. Despite these security measures, therisk assessment concluded that the SCMS is still vulnerableto some types of attacks [20]. The current state-of-the-art

2

solutions in this research area are thus based on quantumcryptography such as the quantum random number generator[21] and quantum-SCMS [22], which uses quantum theoryto perform cryptographic tasks, but this is a cost-prohibitivesolution [17]. Physical layer-based approaches that leverageshared wireless channel characteristics in a Pre-Shared Key(PSK) infrastructure have thus emerged as a cost-effective,practical solution to the latency and power issues found intraditional approaches.

In this physical layer approach, measurements of the sharedwireless channel are used to seed a key generator individualto each communicating party on opposing sides of a two-way communication link. The shared channel would mean thatequivalent symmetric keys are generated without requiring akey exchange step. Existing publications have explored differ-ent channel attributes as sources of randomness. A majorityof these methods are based on either the Received SignalStrength Indicator (RSSI) or the Channel Impulse Response(CIR), which can be characterized by the CSI values estimated.Existing key generation methods based on entropy sourcessuch as RSSI or CIR are generally assessed on the performanceof most, if not all, of the following three components: Quanti-zation, Reconciliation, and Privacy amplification. Compared toRSSI-based approaches, CIR-based quantization methods havedemonstrated inherent advantages in the level of secrecy andkey generation rate. However, the RSSI-based approach is stilla viable method because it is reachable from higher networklayers and is typically self-implemented in SDR devices. Keygeneration rates based on RSSI and CSI have been comparedin [23]. One example is the RSSI-based physical layer keygeneration technique for V2V communication introduced in[24]. In this methodology, RSSI values are measured from aprobe signal exchanged between two communicating vehiclesthrough Bluetooth. The RSSI values are then quantized usingthresholds to get a sequence of binary values for key gen-eration. Additionally, this paper proposes protocol algorithmsto support this key generation technique including scenariomapping, optimization, and cryptographic key derivation. Asimilar approach was proposed in [25] for securing opticallight communication between vehicles. However, RSSI valuesare not the only sources of entropy in physical-layer applica-tions. The technique proposed in [25] was expanded to theapplication of optical fiber link security in [26] and [27],where Polarization Mode Dispersion (PMD) was used as asource of randomness for generating keys from optical signals.Similar to the RSSI-based approaches, the collected PMD weredivided into many group sizes, then quantized using differentupper and lower thresholds for each group size to get binarysequences used for key generation.

In [28], a novel method of extracting bits using CSI-basedkey generation from the OFDM-FDD system of 3G-LTE ispresented; it aims to estimate the uplink CSI of the BS(base station) and UE (user equipment) at the same time byexchanging a known, private probe signal. The amplitude ofthe estimated CSI is then quantized via a lower and upperthreshold to bit values ‘0’ and ‘1’ respectively to generatea key. Simulation results show that this approach supportsdifferent scenarios with low complexity. CSI-based methods

are further explored in [29], where a new approach calledSKECE is proposed. The CSI-based key extraction of thismethod has three primary steps. First, CSI values are quantizedby fixing two adaptive thresholds and assigning ”1” to valuesabove the upper thresholds and ”0” to values below the lowerthresholds; CSI values between the thresholds are dropped.Second, leakage-resilient consistency validation is performedby using an SHA-1 to hash the bitstreams. Finally, weightedkey recombination is used in case all bit sequences have mis-matches. To resolve this, reconciliation is performed to extracta consistent bitstream using a weighted key recombinationmethod. SKECE was evaluated through various experimentsusing off-the-shelf 802.11 devices in real-world scenarios.

As an alternative to threshold-based quantization, a new keyextraction mechanism called alternating channel quantizationwas established in [30] and [31]. It is based on the use ofnonequivalent quantization sectors on the space of observablecomplex channels, by adapting the quantization map to thechannel observation. This approach has been simulated andtested in an indoor environment using a MIMO system andhas been shown to achieve better performance than the grandband methods which use equally probable quantization sectors.Similar to alternating channel quantization, an intelligent keygeneration mechanism called phase shifting is explored in[32]. It involves converting the shifted phases of the CSIvalues to constellation points, with a direct quantization after.The simulation results of a typical SISO outdoor channelmodel show that this method can achieve high efficiency.Nonetheless, all the previously explored methods have somelimitations: first, they are not suitable for vehicular fadingchannels; second, results show low entropy with the decreaseof the key generation rate (KGR) at high vehicle velocities;third, the security of these mechanisms has yet to be validatedin real-world driving scenarios given that most were tested insimulation or indoor environments.

The remainder of this paper is organized as follows: SectionII describes the research challenges and our contributions tosolving them, Section III describes our wireless communi-cation and security model, Section IV gives an overview ofthe proposed key generation process, Section V describes ourexperimental setups and the experimental results, and SectionVI evaluates the success of our proposed method.

II. RESEARCH CHALLENGES AND OUR CONTRIBUTIONSTo overcome the limitations of the aforementioned

approaches, it is necessary to solve the following key researchchallenges:

1) Minimizing performance overhead: For automotivewireless communications or V2X communications, keygeneration must meet the strict timing constraints ofsafety-critical messages while operating within the com-putational limits of vehicular control systems.

2) Selecting a reliable entropy source: The source ofentropy for the key generator must preserve the sharedphysical layer characteristics that produce matchingsymmetric keys while simultaneously providing suffi-cient randomness to create secure keys.

3

To address the previously cited challenges, our main con-tributions in this paper are as follows:

1) We propose a new method of physical layer keygeneration for 802.11p-based V2X communication. Thebit sequences are extracted from the shared wirelesschannel, characterized by the estimated CSI values. Inthis context, we come up with a new quantizer basedon a QAM demodulator quantizer (QAM-Dem-Quan)with the addition of a hash function in the output toincrease the min-entropy of the key.

2) The proposed approach was implemented on industry-standard software-defined radios (SDR). This solutionwas validated in several real-world, dynamic vehicularenvironments (urban and highway). Furthermore, theproposed key generation schema was evaluated for per-formance and security, demonstrating comparable resultsin both when compared to the state-of-the-art.

III. SYSTEM MODEL

Fig. 1: System Model

Given that CSI is the most accurate representation ofthe wireless channel characteristics and the related researchhad demonstrated its efficiency in generating secured keys,we establish a wireless communication model centered onthe CSI values and their associated characteristics. We usea half-duplex transmitter/receiver pair of vehicular wirelesscommunication nodes (Figure 1), where Vehicle 1 (Alice)represents a connected vehicle that exchanges messages withVehicle 2 (Bob): another connected vehicle or a Road SideUnit (RSU).These two vehicles generate a secret symmetric key by exploit-ing the estimated CSI values to encrypt their communications.The same symmetric key is generated in each vehicle sepa-rately, without requiring a Pre-Shared Key step.The proposed V2X network operates on the IEEE 802.11pstandard, known by its industry label of WAVE in the UnitedStates and ITS-G5 in Europe. The physical layer of thisstandard is based on the Orthogonal Frequency DivisionMultiplexing (OFDM) waveform, which aims to divide the

transmitted signal over a large number of sub-carriers. 802.11puses 64 sub-carriers, where four of them are pilot symbols usedfor channel estimation.The transmitted signal based on the OFDM waveform isrepresented in the time domain as follows:

X(t) =

M−1∑K=0

X(k)e2πkt/T , 0 ≤ t < T (1)

Where X(k) are the transmitted data symbols, M is thenumber of sub-carriers and T is the OFDM symbol time.However, the received signal in frequency domain over thewireless channel can be written as:

Y (k) = X(k)H +W (k) (2)

Where H is the wireless channel response and W is thenoise in the receiver. After filtering the noise, the receiveddata symbols in each vehicle can be written in the followingmatrix form:

Y1 = X2H (3)

Y2 = X1H (4)

Y1, Y2 and X1, X2 represent the received and transmitteddata symbols at Vehicle 1 and Vehicle 2 respectively andH is the channel matrix, where its coefficients are the CSIvalues. These CSI values are obtained in the equalization partof the receiver, where they are estimated based on the fourtransmitted pilot’s sub-carriers. The information transmitted inthe pilot’s sub-carriers is known by both the transmitter andthe receiver.

In existing research, there are various algorithms for cal-culating the H matrix’s coefficients. For our model, we haveused the least square estimator (LS).(see Equation 5)

HLS = Ypilot.X−1pilot (5)

By using an interpolation function between the resultingvalues and the pilot symbols, we retrieve the remaining valuesof the H matrix which compose the CSI values. The vehicularwireless channel between the transmitter and the receiver isgiven as a double selective fading propagation channel, whichis characterized by the delay spread and the Doppler spread[33]. The base-band time-varying response of the multi-pathchannel is given by:

h(t, τ) =

L−1∑l=0

Al(t)δ(τ − τl(t)) (6)

Where L, Al(t), and τl(t) represent the number of non-zero paths, the time-varying complex amplitudes for eachpath l, and the time-varying path delays, respectively. On theother hand, note that in this case the phase of the complexamplitude Al(t) depends on the variation of the Doppler shift.The propagation of the signal over this channel can inducea Doppler shift to each path in addition to the time delay.As a result, at the receiver side we observe the superposition

4

of multiple different delayed and frequency shifted versionsof the transmitted signal. Due to the reciprocity [34] of theshared wireless channel at the physical layer, we assumethat two communicating vehicles estimate the same channelcharacteristics (CSI) if they are sending messages to each otherwithin the channel’s coherence time Tc. (Tc is the time intervalover which the channel response is considered not varying).

Tc ≈0.423

fd(7)

Where fd is the maximum Doppler frequency. In vehicularcommunication,fd can be expressed by the speed differencebetween the two communicating vehicles ∆V as shown below:

fd =∆V

cf0

∆V = |V1 − V2|(8)

where c is the celerity (speed of light) and f0 is thecommunication frequency. As such, the channel characteristicschange every coherence time window: Tc. Therefore, thehigher the ∆V is, the more frequently the channel is changing.However, to extract matching bits to generate the key, CSIvalues must be extracted within a given coherence time,Tc,otherwise, the channel characteristics will change and it willresult in non-matching keys.

A. Security Strength ModelFor cryptographic keys, security strength is a measure of

the work required to break the encryption through brute force.The formal definition of security strength then, as given bythe National Institute of Standards and Technology (NIST),is that an algorithm has ”X-bits security strength” if it takes”X” number of attempted symmetric keys to guess the correctkey [35]. To quantify the randomness and security of a key,we use the concept of min-entropy which is a worst-caseentropy estimation that provides a lower bound on the key’srandomness [36]. If K is the set of all possible randomlygenerated keys, the equation for min-entropy is as follows:

H∞ = Hmin = − log(maxk∈K

Pr[k = K]) (9)

Pr[k = K] refers to the probability of generating key k ∈K. As an extension of this, we consider security strength tobe the following:

Securitystr = Hmin/Keysize (10)

where Keysize is the key length and Securitystr is a valuebetween 0 and 1. The higher the value the higher the securitystrength as it provides more bits of entropy.

B. Attack ModelFor our methodology, we consider a non-intrusive wireless

attack model in which the attacker (Eve) attempts to eaves-drop on the communication between two legitimate partiesthrough a third channel[36]. It is assumed that Eve can captureall the wireless packets and is aware of the characteristics ofthe V2X network. In this case, if Eve can obtain the samesymmetric key, then the system is considered broken.

Fig. 2: Attack Model

IV. KEY GENERATION METHODOLOGY

RSSI-Based Algorithm 1 is sourced from [36] and beginsby taking Gsizexτstep to collect RSS values from the wirelesschannel in lines 3-5. Once the RSS values are filtered toremove low-frequency noise via a high-pass filter, thresholdsare calculated for RSSfiltered in Lines 7-10. Subsequently,Lines 11-19 generate the Key after quantizing the RSS whilealso recording the indices of used RSS values. This will beused later in the reconciliation step to remove bits associatedwith mismatched indices.

Our CSI based key generation process (see Algorithm 2)consists of the following two main components: quantizationand privacy amplification. In our proposed approach, thetypical reconciliation step is not necessary.

A. Quantization

After CSI values are collected, Line 4 quantizes the CSIvalues using a novel QAM demodulation technique to extractbits. Since CSI values are complex numbers, we consider thequantization step as a QAM demodulation problem, becausethe QAM demodulator’s normal function is to transform eachdata complex number to a sequence of bits according to itsresponding bits value in the constellation diagram (Figure 3).In our proposed approach we use the same functionality, butinstead of using QAM-modulated data, we use the CSI valuesas the input. Multiple M-QAM demodulation orders (4,16and 64) were evaluated for the quantizer and we observedthat the 64QAM demodulation results in the most random bitsequences.

B. Privacy Amplification

Once values are quantized, We apply a secure hash al-gorithm to the extracted bits sequences in Line 11. This isdone to add randomness and to avoid having repeated keysand sequences. Moreover, the hash function can provide moresecrecy to the generated keys.

5

Algorithm 1: Algorithm for RSSI-Based PhysicalLayer Key Generation for a Wireless Automotive CPS

Input: Measured Signal Strength RSSInput: Sample Time Step: τstepInput: Group Size: GsizeInput: Threshold parameter: αInput: Required Key Length: LkeyOutput: Generated Key: Key

1 L = 0;Key = 0;RSSset = ∅;RSSfiltered =∅;Keyidx = ∅

2 while L ¡ Lkey do3 for i = 1 to Gsize do4 RSSset = RSSset

⋃RSS;

5 Wait(τstep)

6 RSSfiltered = RSSset ∗Hhighpass(t);7 MeanV alue = AverageV alueofRSSfiltered;8 V ar = V ariationV alueofRSSfiltered;9 Thup = MeanV alue+ α ∗ V ar;

10 Thlo = MeanV alue− α ∗ V ar;11 foreach RSSj ∈ RSSfiltered do12 if RSSj > Thup then13 Key = (Key

6

Fig. 4: Experimental setup with Ettus B210 Boards and carvehicles(Alice, Bob, and Eve)

A. Real Vehicle Tests for RSSI-Based Key Generation

1) RSSI Data Collection: As presented in Figure 5, RSSImeasurements are calculated from raw input data that is col-lected from a data recorder on the IEEE 802.11p transceiver.Frame decoding refers to the process by which wireless pack-ets are received, synchronized, and decoded. The raw inputdata is in the form of complex power values that are processedby the following functional blocks: Sync Short, Sync Long,and Frame Equalizer. Sync Short and Sync Long, as noted inthe figure, are responsible for detecting potential packet framesand aligning frames respectively. These functional blocks aresynchronous GNU Radio blocks, meaning that data is alwaysbeing periodically received by the transceiver, and so, the datarecorder is programmed to only sample complex power valueswhen Sync Short indicates it has detected a frame. Using a cus-tom RSSI measurement function, these complex power valuesare converted to RSSI values measured in decibel-milliwatts(dBm), producing approximately 14 RSSI values per packetreceived. Unlike the raw power values, these RSSI values arescalar and can now be used as input data for Key Generationin Algorithm 1. This RSSI calculation, however, introduceslatency as it requires costly filters and transformations. Keysare generated using every possible combination of thresholdparameter α and Group Size Gsize listed in Table II.

Alpha 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9

Group Size 20, 40, 60, 80, 100

TABLE II: Key Generation parameters for RSSI-basedalgorithm

2) Correlation of RSSI Values: A subset of 5000 samplesfrom 902,870 RSSI values collected in a real driving scenariotest is displayed in Figure 6. Based on the similar shape andamplitude of displayed results, it is apparent that the RSSIvalues collected at Vehicle A and Vehicle B for the wirelesschannel communications from Vehicle A to Vehicle B wouldbe highly correlated if they were aligned. This potential highcorrelation is a result of the shared physical layer or the shared

ReceivedSignal

Sync Short(Frame

detection)

Sync Long(Frame

alignment)

Fast FourierTransform

FrameEqualizer

DecodeFrame

OutputReceived

Frame

complexpower

samples

High PassFilter

Fast FourierTransform

RSSICalculation

KeyGenerationAlgorithm

OutputEncryption

Key

Frame Decoding

Key Generation Process

Fig. 5: Flow chart describing RSSI-based key generationprocess

0 1,000 2,000 3,000 4,000 5,000−10

−5

0

5

6

MisalignedMisaligned

Number of RSSI Values

RSS

IV

alue

s[dB

m]

Vehicle AVehicle B

Fig. 6: Collected RSSI values from Vehicles A and B in anUrban Scenario.

wireless channel between Vehicle A and Vehicle B, whichmeans the channel response should be similar, but the delayscaused by the multi-path on the received signal can negativelyaffect the correlation between the RSSI values collected atVehicle A and Vehicle B. From [36], it is known that this

7

correlation allows for the generation of matching symmetrickeys as seen when using the threshold-based quantizationtechnique in Algorithm 1. RSSI measurements that are furthestfrom the mean dBm value (i.e. large spikes in signal strength)are used to generate a key. Cross-correlation techniques wereused to determine the delay caused by packet reception timingdifferences and shift the delayed set of RSSI values accord-ingly. The result of this is displayed, but despite shifting thecorrelated values of the RSSI data closer, the values are stillclearly not aligned. Potential reasons for this misalignment areelaborated in Section VI.

16 32 64 128 256

0

2

4

6

8

10

7.75

7.3

2

6.64

6.3

7

6.37

1·1

0−3

0 0 0 0

Key Length (Number of Bits)

Perc

enta

geof

Mat

ched

Key

s

Successful AlignmentUnsuccessful Alignment

Fig. 7: Matched Key Rate for Vehicles A and B forSuccessful and Unsuccessful Alignment.

3) Percentage of Matching Keys and Relevance of SignalAlignment: After collecting RSSI values from tests conductedaccording to the real driving scenarios described in Section V,the RSSI measurements are used in Algorithm 1 to generatekeys in post-processing. Keys are generated separately usingVehicle A values and Vehicle B values independently beforeperforming a reconciliation step, at which point matching keysare those without mismatched bits. In Figure 7, the percent-age of matching keys for each key length after generatingkeys with all possible parameter combinations is listed. Theproportion of matching keys for all key lengths are found tobe under 10% and demonstrates an inverse relationship withkey length, meaning the matching rate decreases as key lengthincreases. However, this relatively low matching rate is onlypossible in the case that the correlated RSSI measurementsare aligned. If these measurements are out of alignment, asseen in the matching rate for unsuccessful alignment, thereare 0% matching keys. For these tests, successful alignmentwas only achieved in the more static urban/parking scenario atlow speeds of 15 - 20 mph and only after manually aligningthe values in post-processing. Examples of matching keyswith varying length achieved in this case can be found inTable III, showing that wireless channel characteristics forV2X communications can be a reliable entropy source forsufficiently strong keys should the keys match. Nonetheless,

these matching keys were only produced under more staticconditions, which cannot always be expected in normal V2Xusage scenarios. At speeds of 40-50 mph in the dynamichighway scenario, signal alignment could not be achieved evenin post-processing, and accordingly, the matching rate of 0%follows the previous trend of low matching for unsuccessfulalignment. Given the apparent correlation between matchingrate and alignment, it thus proves necessary that measures ofchannel characteristics during packet activity must be aligned.

KeyLength

Generated Keys

16 0010000000000111

32 00000000001111111111111110010000

64 0000000000111111111111111001000000000011111111111111100100000000

128 00000000001111111111111110010000000000111111111111111001000000000011111111111111100100000000001111111111111110010000000000111111

256 0000000000111111111111111001000000000011111111111111100100000000001111111111111110010000000000111111111111111001000000000011111111111111100100000000001111111111111110010000000000111111111111111001000000000011111111111111100100000000001111111111111110010000

TABLE III: Keys Generated from RSSI Data in UrbanScenario Tests

B. Real Vehicle Tests for CSI-Based Key Generation

1) CSI Data Collection: As shown in Figure 8, CSI valuesare collected as output data from the Frame Equalizer func-tional block, which performs the transceiver’s equalization stepby estimating CSI values as described in Section III. Framedecoding is described earlier in the RSSI Data Collectionpart of Subsection V-A but is essentially the synchronizationand decoding of a frame’s complex power values to bits.It is important to note that CSI values are only generatedwhen a packet has been fully received unlike data from SyncShort or Sync Long which sometimes produces false positivesfor packet reception. Given this dependence on full packetreception, CSI values are not collected from dead air likeRSSI values, and, as stated in Section III, are a more accurateestimate of channel characteristics while also providing 64 CSIValues per packet received. Using the QAM demodulation-based quantization described in Section IV, the complex CSIvalues can be converted to bits for generating keys as shownin Algorithm 2.

2) Correlation of CSI Values: A subset of 256 samplesfrom 3264 CSI values collected in a real-world drivingscenario test is displayed in Figure 9. From the similarshape and amplitude of the displayed results, it is apparentthat the CSI values collected at Vehicle A and Vehicle Bfor the wireless channel communications between Vehicle Aand Vehicle B are highly correlated. This high correlation

8

ReceivedSignal

Sync Short Sync Long Fast FourierTransform

FrameEqualizer

DecodeFrame

OutputReceived

Frame

CSI ValuesCalculated

KeyGenerationAlgorithm

OutputSymmetric

Key

Frame Decoding

Key Generation Process

Fig. 8: Flow chart describing CSI-based key generationprocess

0 20 40 60 80 100 120 140 160 180 200 220 240 260−3.5

−2

−1

0

1

2

3.5

Aligned

Aligned

Number of CSI Values

Phas

eA

ngle

ofC

SI(r

adia

ns)

Vehicle AVehicle B

Fig. 9: Collected CSI Values from vehicles and B inHighway Scenario Tests.

of CSI values is likely a result of the shared wirelesschannel between Vehicle A and Vehicle B, indicating that thecorrelated characteristics of shared channels are representedin CSI estimations; therefore, given that CSI values area measure of channel characteristics like RSSI and RSSIhas demonstrated potential as an entropy source [36], wecan reasonably conclude that CSI values are a reliableentropy source for generating symmetric keys. Alignment,in this case, is achieved without the use of cross-correlationtechniques or the like. Given this successful alignmentand the lack of accidental measurements from dead air, allCSI values are produced by real packets and can act asinput data for Algorithm 2. At 64 CSI values per packet,CSI estimations can be considered a high yield entropy source.

Key Length Generated Keys

16 1100011110010110

32 11011011001111001101101101100101

64 1100101100011110010110100110010111010111001011100011001001110011

128 11001001100100110000111001001100011111000110001110010110100110101110001111000011001011100111010011001011101001110001100001110111

TABLE IV: Keys Generated from CSI Data in HighwayScenario Tests

16 32 64 128

0

20

40

60

16

31

57

50

23

17

12

3

Key Length (Number of Bits)

Perc

enta

geof

Mat

ched

Key

s Urban/ParkingHighway

Fig. 10: Matched Key Rate for Urban and HighwayScenarios.

3) Percentage of Matched Keys in Urban and HighwayScenarios: Once the CSI values have been collected from testsconducted according to the real driving scenarios described inSection V, the CSI values are used in Algorithm 2 to gen-erate keys in post-processing. Keys are generated separatelyusing Vehicle A values and Vehicle B values independentlybefore checking for matching keys or keys that do not havemismatched bits. In Figure 10, the percentage of matchingCSI-based keys generated for each key length is listed forboth a low-speed Urban Scenario and a high-speed HighwayScenario. For the more static Urban Scenario with low speedsof 15-20 mph, key length and matching rate have a positivecorrelation wherein the matching rate increases with keylength. The reverse is true for the more dynamic HighwayScenario with higher speeds of 40-50 mph, where the matchingrate decreases as key length increases. As described in SectionIV, our proposed key generation methodology quantizes thereceived CSI values into a stream of bits that is used toproduce the requested key. Each set of keys in both realdriving scenarios are generated from a single data set, meaning

9

that the keys for each scenario are generated from the finitedata gathered in that test. Therefore, the positive trend in theproportion of matched keys for the Urban Scenario is likelynot a result of an increase in matching bits, but having thesame matching bits for the fewer keys generated at longerkey lengths. However, in the Highway Scenario, the moredynamic environment can result in dropped packets or similarinterruptions. Given that CSI estimations require fully receivedpackets, the instability of the channel prevents the generationof longer keys and results in a lower key-match rate for greaterkey lengths as shown in the figure. Examples of the keysgenerated in the dynamic Highway Scenario are displayed inTable IV, proving that CSI values capture the unique physicalcharacteristics of shared channels and can thus, be used as areliable entropy source.

4) Performance Overhead and Security Strength of CSI-Based Key Generation: Regarding performance, the majorsources of overhead are data sampling and quantization. Giventhat there are 64 CSI values collected per packet, whichproduces a greater number of usable bits after quantization,we ignore data sampling latency since only a few packetsare needed to generate each key and the transmission timefor few packets is negligible. Thus, we consider quantizationto be the main source of performance overhead. As seenin Table V, our proposed use of QAM Demodulation forquantization results in execution times on a microsecondscale. Though this latency increases with key length, all of thelisted quantization times meet the 200 ms latency requirementfor V2X communication set in [18][36].

Regarding security strength requirements, based on testingresults, our proposed CSI-Based Physical Layer Key Gen-eration Methodology meets the uniqueness and min-entropyrequirements outlined in Section III-A. The basic premisefor our proposed methodology is that separate channels withseveral wavelengths distance between them are independent ofeach other and thus, produce different keys even in the samecoherence time. In [36], this premise is confirmed when resultsdemonstrated that an attacker positioned several wavelengthsdistance away experiences different wireless channel charac-teristics and so, cannot generate the same secret key as partiesin the legitimate channel. According to the results outlinedin Table V, it is clear that keys generated from the channelbetween Vehicle A and Vehicle C have a mismatch rate greaterthan 50% with the keys generated from the channel betweenVehicle A and Vehicle B. This meets the required uniquenessstandard and supports the basic premise for our methodologywherein an attacker that is at least several wavelengths awaywill not be able to predict/generate the secret key due toexperiencing different channel characteristics.

To estimate the min-entropy of our proposed key generationalgorithm, we use Equation 9 in Section III-A. We firstgenerate 46,352 8-bit keys from the CSI values collected inthe Highway Scenario test to form a set of keys K that hasgreater than or equivalent to 100∗28 = 25, 600 keys, which isthe number of keys necessary to reasonably conclude that thecalculation produces an average min-entropy. From this set ofkeys, the key with the most frequent appearance is used togenerate Prmax or Pr[k = K].

Key Length Average Execution Time(µs)Average Bit MismatchRate for Attacker C (%)

16 18.65 52.38

32 34.75 52.60

64 78.45 50.97

128 149.58 54.29

TABLE V: Average Execution Time for Key Generation andAverage Bit Mismatch Rate for Keys Generated by Attacker

Vehicle C

As seen in Figure 11, our Key Generation Methodology hasan average min-entropy of 70.52% which exceeds that of theRSSI-based method in [36] and industry-standard methods in[38].

Pre-

dist

DFF

-PU

F

RSS

I-PH

Y

Our

tech

SRA

M-P

UF

0

20

40

60

80

100

0

50

67.69 70.52

87

Ave

rage

Min

-Ent

ropy

(Per

cent

age)

Fig. 11: Comparison of Our Average Min-Entropy toState-of-the-Art

VI. DISCUSSION

A. Minimum Performance Overhead

Given that our proposed key generation algorithm is in-tended for use in a time-critical setting, it is necessary for thekey generation time to consistently meet latency requirementsin every scenario. According to [39] qtd. in [36], this hard timelimit typically falls within 50 to 200 milliseconds. Assumingno alignment issues, the original RSSI-based Key Generationtechnique incurs latency from its bit extraction rate metric,which means that it can require more packets depending onthe environment and key length. This bottleneck is due inpart to variations in the number of usable RSSI values, whichresult from there being arbitrary RSSI formulas and pollingrates across different RSSI hardware sensors. Threshold-basedquantization exacerbates this issue because even once all us-able RSSI values are collected, not all will be used to generatea key. Multiple packets are commonly required for keys of

10

greater length. Data sampling thus becomes a major sourceof latency alongside the costly RSSI calculation that takesvaluable milliseconds to complete. In contrast, our proposedCSI-based Key Generation methodology has a demonstratedperformance measured consistently in microseconds, wellunder the 50-200 ms operational range as seen in the ex-perimental results. The source of this successful performanceis likely the use of CSI estimations, which provides 64usable values per packet and the use of the low-latency QAMDemodulation that quantizes these values into 64 or more keybits in microseconds. Due to these mechanisms, our proposedhas low overhead in all scenarios as it only requires singularpackets for most key lengths and efficiently uses all datacollected.

B. Reliable Symmetric Keys and Security Strength

As described under research challenges in Section II, match-ing keys must be reliably generated in various driving sce-narios while also having industry-standard security strength.Though it has demonstrated comparable min-entropy to state-of-the-art methods, RSSI-Based Key Generation has displayedsuccess in limited static scenarios. This limited success isfurther exacerbated by the need for signal alignment, whichhas been completed in post-processing for this experiment butwould require real-time mechanisms in real driving scenarios.Our CSI-Based Key Generation methodology does not sufferfrom this need for signal alignment because it does not mea-sure dead air or dropped packets, resulting in a significantlyhigher matching rate and success in both scenarios. Addition-ally, we have demonstrated that our methodology is safe fromeavesdropping, as shown by the high mismatch rate betweenthe eavesdropper, Vehicle C, and Vehicle A. Moreover, giventhis method’s average-min entropy of 70.52%, it has securitystrength comparable with state-of-the-art methods and thus,meets the minimum security requirements outlined in [35].

C. Algorithm Complexity

We evaluate the Big-O complexity of our proposed algo-rithm in terms of the input size (CSIset) and find that ouralgorithm has a worst-case execution time on the order ofO(nlogn). Thus, we can say that our algorithm is a superlinearalgorithm where the running time grows approximately inproportion to the CSIset size. Our experimental results shownin Table V match this assertion.

D. Brute Force Time

The brute force time is the worst-case time needed foran attacker to break a secret key by trying every possiblepermutation. A key of length k has (2k) possible values. Thegreater the key length, the greater the brute force time andthe stronger the key. The brute force time depends on the keylength and the attacker’s capabilities (floating-point operationsper second). As a result, longer key lengths are generallymore preferable as they are more difficult to brute force. Asshown in Table VI, the brute force time has been evaluated forvarious key sizes and levels of attacker capabilities including

those of supercomputers (TaihuLight) and quantum computers.Since our work focuses on practical, real-world attacks onindividual vehicles, a brute force attack using a TaihuLightsupercomputer or a quantum computer are extremely unlikely;however, we present them here to demonstrate that our keylengths and rotation times ensure security with conventionaland future computing hardware. From the table, it is clearthat keys less than 64 bit are not very secure against bruteforce attacks; however, we propose rotating 16 and 32-bitkeys for every single message to prevent the possibility ofan attacker using the broken key to impersonate Alice orBob. Additionally, confidential information could be reservedfor use with 128-bit keys while smaller key sizes are usedfor immediate safety-critical messages not containing sensitivedata.

E. NIST Random Bit Generator Classification

According to the National Institute of Standards and Tech-nology (NIST) recommendations [40], there are two classes ofrandom bit generators (RBGs). The first class uses dedicatedhardware or physical experiments to generate random bits,where every bit of output is based on a physical processthat is unpredictable; methods in this class are known asNon-Deterministic Random Bit Generators (NRBGs). Thesecond class consists of methods that compute bit sequencesdeterministically based on pseudo-random number generationmethods using specific algorithms; methods in this class areknown as Deterministic Random Bit Generators (DRBGs).Thus our proposed approach can be classified as an NRBG.From NIST recommendations [41] the entropy source modelfor NRBGs is shown in Figure 12. The entropy source blockincludes the following components:

Fig. 12: Entropy Source Model

1) Noise Source: It is the root of security for the en-tropy source and the RBG as a whole. It provides the non-deterministic sequences (CSI values in our approach) fromthe physical process which is the vehicular wireless channelin the setup of our experiments. As shown in the figure, thesampling process includes digitization to convert analog noiseto binary data. In our proposed method, since the CSI valuesare complex numbers, the digitization is performed by theQAM demodulator quantizer (QAM-Dem-Quan).

2) Optional Conditioning: This component aims to in-crease the entropy of the resulting output bits. In our approach,we use a hash function as our conditioning component asshown in Algorithm 2.

11

Key Size(bits)

Time Required at 106FLOPs

Time Required at 109FLOPs

Time Required at 1017FLOPs (TaihuLight)

Time Required at 1018FLOPs (quantum computer)

Keys Rotation Time(Validity Period)

16 65 ms 65 µs 6.5X10−4 ns 6.5X10−5 ns 1 message

32 1.17 hours 4.2 s 0.42 ns 0.42X10−1 ns 1 message

64 75.03X104 years 570.39 years 1.8X102 s 18 s 1 minute

128 1.08X1025 years 1.08X1022 years 1.08X1014 years 1.08X1013 years 15 minutes

TABLE VI: Brute Force Time vs Key Size.

F. Future WorkAs discussed in Section V, we validated our key generation

methodology in multiple scenarios on a real-world testbed ofthree vehicles equipped with industry-standard V2X hardware.Although we demonstrated good results with our real-worldtestbed, the practicality and feasibility of CSI-based key gen-eration on larger-scale testbeds with more vehicles remains anopen research problem. We leave this for future work.

VII. CONCLUSIONExploiting the randomness of the wireless channel in the

form of estimated CSI, we have presented a physical layerkey generation technique that can generate secret symmet-ric keys to secure automotive wireless communications. Ourmethodology solves the security challenge of preserving theconfidentiality of V2X communications and solves the re-search challenge of selecting and utilizing a reliable entropysource for generating keys from V2X wireless channels. Theresults of our real-world tests have demonstrated that ourmethodology has minimal performance overhead measuredin microseconds, well within the expected operational rangeacross various scenarios. These results also showed that thekeys generated have an average min-entropy of 70.52% andthus, have comparable security strength to current state-of-the-art methods. In summary, we have validated our CSI-basedkey generation technique as a practical solution to securingautomotive wireless communications.

REFERENCES[1] S. Abuelsamid, “Toyota Has Big Plans To Get Cars Talking To Each

Other And Infrastructure In The U.S..”[2] M. Alam, A. Rayes, X. He, M. Atiquzzaman, J. Lloret, and K. F.

Tsang, “Guest Editorial Introduction to the Special Issue on DependableWireless Vehicular Communications for Intelligent Transportation Sys-tems (ITS),” IEEE Transactions on Intelligent Transportation Systems,vol. 19, pp. 949–952, Mar. 2018.

[3] L. Greer, J. L. Fraser, D. Hicks, M. Mercer, and K. Thompson, “Intel-ligent Transportation Systems Benefits, Costs, And Lessons Learned :2018 Update Report,” Mar. 2018.

[4] S. Smith, J. Bellone, S. Bransfield, A. Ingles, G. Noel, E. Reed, andM. Yanagisawa, “Benefits estimation framework for automated vehicleoperations.,” Aug. 2015.

[5] K. Kockelman, S. Boyles, P. Stone, D. Fagnant, R. Patel, M. W. Levin,G. Sharon, M. Simoni, M. Albert, H. Fritz, R. Hutchinson, P. Bansal,G. Domnenko, P. Bujanovic, B. Kim, E. Pourrahmani, S. Agrawal, T. Li,J. Hanna, A. Nichols, and J. Li, “An assessment of autonomous vehicles: traffic impacts and infrastructure needs : final report.,” Mar. 2017.

[6] L. Yue, M. Abdel-Aty, Y. Wu, and L. Wang, “Assessment of the safetybenefits of vehicles’ advanced driver assistance, connectivity and lowlevel automation systems,” Accident Analysis & Prevention, vol. 117,pp. 55–64, Aug. 2018.

[7] E. Uhlemann, “Time for Autonomous Vehicles to Connect [ConnectedVehicles],” IEEE Vehicular Technology Magazine, vol. 13, pp. 10–13,Sept. 2018.

[8] B. Sheehan, F. Murphy, M. Mullins, and C. Ryan, “Connected andautonomous vehicles: A cyber-risk classification framework,” Trans-portation Research Part A: Policy and Practice, vol. 124, pp. 523–536,June 2019.

[9] R. Abassi, “VANET security and forensics: Challenges and opportuni-ties,” Wiley Interdisciplinary Reviews: Forensic Science, vol. 1, p. e1324,Mar. 2019.

[10] H. Hasrouny, A. E. Samhat, C. Bassil, and A. Laouiti, “VANet securitychallenges and solutions: A survey,” Vehicular Communications, vol. 7,pp. 7–20, Jan. 2017.

[11] Q. E. Ali, N. Ahmad, A. H. Malik, G. Ali, and W. U. Rehman, “Issues,Challenges, and Research Opportunities in Intelligent Transport Systemfor Security and Privacy,” Applied Sciences, vol. 8, p. 1964, Oct. 2018.

[12] M. Giordani, A. Zanella, T. Higuchi, O. Altintas, and M. Zorzi, “Emerg-ing Trends in Vehicular Communication Networks,” in Emerging Wire-less Communication and Network Technologies: Principle, Paradigmand Performance (K. V. Arya, R. S. Bhadoria, and N. S. Chaudhari,eds.), pp. 37–57, Singapore: Springer Singapore, 2018.

[13] F. Camacho, C. Cárdenas, and D. Muñoz, “Emerging technologies andresearch challenges for intelligent transportation systems: 5g, HetNets,and SDN,” International Journal on Interactive Design and Manufac-turing (IJIDeM), vol. 12, pp. 327–335, Feb. 2018.

[14] M. Khodaei and P. Papadimitratos, “The key to intelligent transporta-tion: Identity and credential management in vehicular communicationsystems,” IEEE Vehicular Technology Magazine, vol. 10, no. 4, pp. 63–69, 2015.

[15] C. Ellison and B. Schneier, “Ten risks of pki: What you’re not beingtold about public key infrastructure,” Comput Secur J, vol. 16, no. 1,pp. 1–7, 2000.

[16] F. Haidar, A. Kaiser, and B. Lonc, “On the performance evaluation ofvehicular pki protocol for v2x communications security,” in 2017 IEEE86th Vehicular Technology Conference (VTC-Fall), pp. 1–5, IEEE, 2017.

[17] S. N. Premnath, S. Jana, J. Croft, P. L. Gowda, M. Clark, S. K.Kasera, N. Patwari, and S. V. Krishnamurthy, “Secret key extractionfrom wireless signal strength in real environments,” IEEE Transactionson mobile Computing, vol. 12, no. 5, pp. 917–930, 2012.

[18] M. Boban, A. Kousaridas, K. Manolakis, J. Eichinger, and W. Xu,“Connected Roads of the Future: Use Cases, Requirements, and De-sign Considerations for Vehicle-to-Everything Communications,” IEEEVehicular Technology Magazine, vol. 13, pp. 110–123, Sept. 2018.

[19] M. A. Simplicio, E. L. Cominetti, H. K. Patil, J. E. Ricardini, andM. V. M. Silva, “The unified butterfly effect: Efficient security credentialmanagement system for vehicular communications,” in 2018 IEEEVehicular Networking Conference (VNC), pp. 1–8, IEEE, 2018.

[20] B. Brecht, D. Therriault, A. Weimerskirch, W. Whyte, V. Kumar,T. Hehn, and R. Goudy, “A security credential management system forv2x communications,” IEEE Transactions on Intelligent TransportationSystems, vol. 19, no. 12, pp. 3850–3871, 2018.

[21] X. Ma, X. Yuan, Z. Cao, B. Qi, and Z. Zhang, “Quantum random numbergeneration,” npj Quantum Information, vol. 2, no. 1, pp. 1–9, 2016.

[22] P. S. Barreto, J. E. Ricardini, M. A. Simplı́cio Jr, and H. K. Patil,“qscms: Post-quantum certificate provisioning process for v2x.,” IACRCryptology ePrint Archive, vol. 2018, p. 1247, 2018.

[23] Y. Liu, S. C. Draper, and A. M. Sayeed, “A secret key generation systembased on multipath channel randomness: Rssi vs cssi,” tech. rep., 2011.

[24] J. Wan, A. Lopez, and M. A. A. Faruque, “Physical layer key gener-ation: Securing wireless communication in automotive cyber-physical

12

systems,” ACM Transactions on Cyber-Physical Systems, vol. 3, no. 2,pp. 1–26, 2018.

[25] I. U. Zaman, A. B. Lopez, M. A. Al Faruque, and O. Boyraz, “A physicallayer security key generation technique for inter-vehicular visible lightcommunication,” in Signal Processing in Photonic Communications,pp. SpTu1F–3, Optical Society of America, 2017.

[26] I. U. Zaman, A. B. Lopez, M. A. Al Faruque, and O. Boyraz, “Polar-ization mode dispersion-based physical layer key generation for opticalfiber link security,” in Optical Sensors, pp. JTu4A–20, Optical Societyof America, 2017.

[27] I. U. Zaman, A. B. Lopez, M. A. Al Faruque, and O. Boyraz, “Physicallayer cryptographic key generation by exploiting pmd of an optical fiberlink,” Journal of Lightwave Technology, vol. 36, no. 24, pp. 5903–5911,2018.

[28] X. Wu, Y. Peng, C. Hu, H. Zhao, and L. Shu, “A secret key generationmethod based on csi in ofdm-fdd system,” in 2013 IEEE GlobecomWorkshops (GC Wkshps), pp. 1297–1302, IEEE, 2013.

[29] J. Zhao, W. Xi, J. Han, S. Tang, X. Li, Y. Liu, Y. Gong, and Z. Zhou,“Efficient and secure key extraction using csi without chasing downerrors,” arXiv preprint arXiv:1208.0688, 2012.

[30] J. W. Wallace, C. Chen, and M. A. Jensen, “Key generation exploitingmimo channel evolution: Algorithms and theoretical limits,” in 2009 3rdEuropean Conference on Antennas and Propagation, pp. 1499–1503,IEEE, 2009.

[31] J. W. Wallace and R. K. Sharma, “Automatic secret keys from reciprocalmimo wireless channels: Measurement and analysis,” IEEE Transactionson Information Forensics and Security, vol. 5, no. 3, pp. 381–392, 2010.

[32] Y. E. H. Shehadeh, O. Alfandi, K. Tout, and D. Hogrefe, “Intelligentmechanisms for key generation from multipath wireless channels,” in2011 Wireless Telecommunications Symposium (WTS), pp. 1–6, IEEE,2011.

[33] P. Alexander, D. Haley, and A. Grant, “Cooperative intelligent transportsystems: 5.9-ghz field trials,” Proceedings of the IEEE, vol. 99, no. 7,pp. 1213–1235, 2011.

[34] C. Ye, S. Mathur, A. Reznik, Y. Shah, W. Trappe, and N. B. Mandayam,“Information-theoretically secret key generation for fading wirelesschannels,” IEEE Transactions on Information Forensics and Security,vol. 5, no. 2, pp. 240–254, 2010.

[35] E. Barker, “Recommendation for Key Management Part 1: General,”Tech. Rep. NIST SP 800-57pt1r4, National Institute of Standards andTechnology, Jan. 2016.

[36] J. Wan, A. B. Lopez, and M. A. Al Faruque, “Exploiting wirelesschannel randomness to generate keys for automotive cyber-physicalsystem security,” in 2016 ACM/IEEE 7th International Conference onCyber-Physical Systems (ICCPS), pp. 1–10, IEEE, 2016.

[37] B. Bloessl, A Physical Layer Experimentation Framework for Automo-tive WLAN. PhD thesis, Universitätsbibliothek, 2018.

[38] G. E. Suh and S. Devadas, “Physical Unclonable Functions for DeviceAuthentication and Secret Key Generation,” p. 6.

[39] T. Schütze, “Automotive Security: Cryptography for Car2x Communi-cation,” p. 16.

[40] E. Barker and J. Kelsey, “Nist special publication 800-90a recommen-dation for random number generation using deterministic random bitgenerators,” 2012.

[41] M. S. Turan, “Recommendation for the entropy sources used for randombit generation,” NIST Special Publication, vol. 800, p. 90B, 2018.

Soheyb Ribouh received a B.S. degree in Electri-cal Engineering and Computer Science, from theEngineering School of Technology Algeria (ENT),in 2015 and an M.S. degree in Embedded Sys-tems and Mobile Communications Systems, fromthe Polytechnic University of the Hauts-de-France(UPHF) in 2017. Currently, he is a Ph.D. Student onTelecommunications at the Polytechnic Universityof the Hauts-de-France-UPHF. His research interestsinclude Hybrid V2X communications using IEEE802.11p and cellular technology (4G and 5G), vehic-

ular wireless channel modeling, channel estimation, and resource allocationschemes of OFDM.

Kelvin Phan received a B.S. in Computer Engineer-ing from the University of California, Irvine in 2018and is currently an M.S. Student at the University ofCalifornia, Irvine under the supervision of ProfessorMohammad Al Faruque. His research interests in-clude the security of wireless V2X communicationsand the design of intelligent transportation systemsfor connected/autonomous vehicles.

Arnav Vaibhav Malawade received a B.S. in Com-puter Science and Engineering from the Universityof California, Irvine in 2018. He is currently anM.S./Ph.D. Student studying Computer Engineeringat the University of California, Irvine under thesupervision of Professor Mohammad Al Faruque.His research interests include the design and securityof cyber-physical systems in connected/autonomousvehicles, manufacturing, IoT, and healthcare.

Yassin El Hillali was born in Chemaia, Morocco,in 1979. He received an M.S degree in 2002, andthen a Ph.D. degree in 2005, from the Universityof Valenciennes, France. Currently, he is an As-sistant Professor at the electronics department ofthe Polytechnic University of the Hauts-de-France(UPHF). He is responsible for ITSCOM platforms(ITS Communications) in the IEMN-DOAE Lab.His research interest includes: signal processing andwireless communication systems (WAVE, ITSG55G) applied to intelligent transportation, machine

learning dedicated to target detection and recognition using heterogeneoussensors (UWB RADAR, cameras and Lidar) and currently his working oncyber-security for ITS and industrial systems.

13

Atika Rivenq was born in Marrakech (Morroco)in 1970. She was graduated Engineer from theENSIMEV engineering school in 1993, received anM.S. degree in electronic engineering in 1993, andthen a Ph.D. degree in 1996 from the Universityof Valenciennes (France). She is a Full Professorat the Department of Electronic Engineering, IEMNLab, Polytechnic University of the Hauts-de-France(UPHF), France. She is the head of ComNum Groupand she is responsible for the SYFRA platform (Sys-tems for smart road applications) with the IEMN-

DOAE Lab. Her main activities are in digital communications applied tointelligent transports systems: V2X communications (4G/5G, UWB, ITS-G5,Full Duplex), Cybersecurity and Advanced Perception (Radar, UWB, Detec-tion of vulnerable persons, Deep learning). She Participates in many nationaland European projects dedicated to C-ITS and inter-vehicle communicationsespecially using ITS-G5 and Cellular systems. Pr. Rivenq has more than 100publications in international journals, conferences, and workshops in the areaof digital communications. She has participated as a General Chair, Memberof the Technical Committee, Session Chair, or Program Committee Memberof numerous conferences.

Mohammad Abdullah Al Faruque is currentlywith the University of California Irvine (UCI), wherehe is an associate professor (with tenure) and di-recting the Cyber-Physical Systems Lab. Prof. AlFaruque is the recipient of the School of Engineer-ing Mid-Career Faculty Award for Research 2019,the IEEE Technical Committee on Cyber-PhysicalSystems Early-Career Award 2018, and the IEEECEDA Ernest S. Kuh Early Career Award 2016. Heis also the recipient of the UCI Academic SenateDistinguished Early-Career Faculty Award for Re-

search 2017 and the School of Engineering Early-Career Faculty Award forResearch 2017. He served as an Emulex Career Development Chair fromOctober 2012 till July 2015. Before, he was with Siemens Corporate Researchand Technology in Princeton, NJ. His current research is focused on thesystem-level design of embedded systems and Cyber-Physical-Systems (CPS)with special interest in model-based design, multi-core systems, CPS security,etc.

Prof. Al Faruque received his B.Sc. degree in Computer Science and En-gineering (CSE) from Bangladesh University of Engineering and Technology(BUET) in 2002, and M.Sc. and Ph.D. degrees in Computer Science fromAachen Technical University and Karlsruhe Institute of Technology, Germanyin 2004 and 2009, respectively.

Prof. Al Faruque received the Thomas Alva Edison Patent Award 2016 fromthe Edison foundation, the 2016 DATE Best Paper Award, the 2015 DAC BestPaper Award, the 2009 IEEE/ACM William J. McCalla ICCAD Best PaperAward, the 2016 NDSS Distinguished Poster Award, the 2008 HiPEAC PaperAward, the 2015 Hellman Fellow Award, the 2015 Kane Kim FellowshipAward, the 2017 DAC Best Paper Award Nomination, the 2012 DATE Best IPAward Nomination, the 2005 DAC Best Paper Award Nomination, the EECSProfessor of the year 2015-16 Award, and the 2015 UCI Chancellors Awardfor Excellence in Fostering Undergraduate Research. Besides 80+ IEEE/ACMpublications in the premier journals and conferences, Prof. Al Faruque holds8 US patents.

Introduction and Related WorkResearch Challenges and Our ContributionsSystem ModelSecurity Strength ModelAttack Model

Key Generation MethodologyQuantizationPrivacy Amplification

experimental setupReal Vehicle Tests for RSSI-Based Key GenerationRSSI Data CollectionCorrelation of RSSI ValuesPercentage of Matching Keys and Relevance of Signal Alignment

Real Vehicle Tests for CSI-Based Key GenerationCSI Data CollectionCorrelation of CSI ValuesPercentage of Matched Keys in Urban and Highway ScenariosPerformance Overhead and Security Strength of CSI-Based Key Generation

DiscussionMinimum Performance OverheadReliable Symmetric Keys and Security StrengthAlgorithm ComplexityBrute Force TimeNIST Random Bit Generator ClassificationNoise SourceOptional Conditioning

Future Work

ConclusionReferencesBiographiesSoheyb RibouhKelvin PhanArnav Vaibhav MalawadeYassin El HillaliAtika RivenqMohammad Abdullah Al Faruque