Non-Reconciled Physical-Layer Keys-Assisted Secure Communication Scheme Based on Channel Correlation

Physical-layer key generation technology requires information reconciliation to correct channel estimation errors between two legitimate users. However, sending the reconciliation signals over the public channel increases the communication overhead and the risk of information leakage. Aiming at the problem, integrated secure communication schemes using non-reconciled keys have attracted extensive attention. These schemes exploit channel coding to correct both inconsistent keys and transmission error bits. Meanwhile, more redundant code bits must be added to correct errors, which results in a lower secure transmission rate. To address the problem, we analyze the merit of channel correlation between non-reconciled key generation and secure transmission. Inspired by this, we propose a non-reconciled physical-layer keys-assisted secure communication scheme based on channel correlation. First of all, the signal frame is designed to make use of channel correlation between non-reconciled key generation and secure transmission. Based on the channel correlation, non-reconciled keys are then generated from the wireless channel to encrypt transmitted data. Moreover, an adaptive coding algorithm based on the equivalent channel is presented to encode the data bits before encryption, to guarantee reliable transmission. Finally, theoretical analysis and simulations demonstrate the significant performance of the proposed scheme in terms of low bit error ratio and high secure transmission rate.


Introduction
With the continuous evolution of wireless communication technology, ubiquitous mobile communication has become an indispensable part of our daily life. In particular, fifth-generation (5G) wireless communications transmit a large amount of information with high data rates and extremely low latency, which further promotes the rapid development of the Internet of Things (IoT) [1][2][3][4]. Meanwhile, information security is always the main concern in wireless communications because the open and broadcast nature of the wireless medium leads to inherent vulnerability to eavesdropping attacks. Thus, considerable research focuses on classic public-key cryptography techniques to ensure the confidentiality of transmitted information [5]. However, public-key infrastructure is required to be established in these techniques, which leads to difficulties in key distribution and management in resource-limited communication systems. In addition, these techniques rely on the computational complexity of mathematical problems and are thus at risk of being broken by powerful quantum computers in the foreseeable future [6].
Recently, the physical-layer key generation technique, which is considered a supplement to upper-layer public key cryptography techniques, has attracted widespread attention [7,8]. As a secure approach to key distribution and management based on the wireless channel, this technique can exploit the characteristics of the wireless channel to generate random keys from the wireless channel. Specifically, based on the reciprocity and temporal variation of the wireless channel, two legitimate users can extract unpredictable and highly correlated channel state information (CSI) after probing channels. Moreover, the spatial decorrelation of the wireless channel prevents eavesdroppers from obtaining the relevant information of the legitimate channels, to ensure the security of keys generated by legitimate users [9]. The physical-layer key generation consists of four steps, i.e., channel estimation, quantization, information reconciliation, and privacy amplification [10]. In general, the channel estimates of two legitimate users are inconsistent due to channel fading and noise. Thus, to generate identical symmetric keys, information reconciliation is required by sending signals to correct channel estimation errors between two legitimate users. There are several common information reconciliation methods such as cascade [11] and BBBSS [12]. In order to improve reconciliation efficiency, the authors in [13] designed a new hybrid information reconciliation protocol. The reconciled keys are used to encrypt transmitted data information to achieve secure transmission, which can be termed a reconciled physical-layer keys-based secure communication (RK-SC) scheme [14]. However, the reconciliation signals are sent over the public channel, which increases the communication overhead and the risk of eavesdropping attacks.
Therefore, increasing attention is being directed at integrated schemes such as physicallayer secure communication schemes using non-reconciled keys. Note that an integrated non-reconciled physical-layer keys-based secure communication (NRK-SC) scheme was first proposed in [15]. This scheme generates keys without information reconciliation but shares the error correction capability of channel coding. Based on [15], the authors in [16] designed an efficient polar code that could significantly improve the secure communication efficiency of the NRK-SC scheme. Moreover, the authors in [17] evaluated the superior performance of the NRK-SC scheme compared to the RK-SC scheme by deriving the bit error ratio (BER), channel capacity, and security capacity. Similarly, it was proved that the NRK-SC scheme outperformed the RK-SC scheme in terms of communication overhead, computation complexity, and the secure transmission rate in [18]. However, note that the existing NRK-SC scheme no longer corrects inconsistent keys via information reconciliation but instead adds key errors to the transmission process. Thus, channel coding with a stronger ability is required to correct both key errors and transmitted error bits, which leads to a lower secure transmission rate. This continues to be a significant problem for the existing NRK-SC scheme.
Aiming at this problem, this paper conducts a comprehensive and theoretical study on non-reconciled key generation and secure transmission. Furthermore, the potential merit of channel correlation between key generation and secure transmission is analyzed. Motivated by this advantage, we present a non-reconciled physical-layer keys-assisted secure communication scheme based on channel correlation. The main contributions are as follows: • We design a signal frame to adjust the pilot and data signals transmission process, which contributes to utilizing channel correlation between non-reconciled key generation and secure transmission. • Based on the channel correlation, the non-reconciled keys generated from the wireless channel are used to encrypt transmitted data. Before encryption, we propose an adaptive coding algorithm based on the equivalent channel to encode data bits according to different signal-to-noise ratios (SNRs). • Theoretical analysis and simulation results demonstrate that compared with the NRK-SC scheme, the proposed scheme has significant effects in reducing BER and improving the secure transmission rate.
The rest of this paper is organized as follows. Section 2 deals with the system model and introduces the problem statement with respect to the prior scheme. The non-reconciled physical-layer keys-assisted secure communication scheme based on channel correlation is proposed in Section 3. The security and reliability of the proposed scheme are evaluated in Section 4 through mathematical analysis. Section 5 presents the simulation results, and Section 6 concludes the paper.

System Model
We consider a single-input single-output single-eavesdropper model that operates in time-division duplex (TDD) mode, as shown in Figure 1. All the users are equipped with a single antenna. Two legitimate users, Alice and Bob, wish to establish shared keys to ensure secure communication in the presence of the passive eavesdropper, Eve. The wireless channel is a slowly varying Rayleigh fading channel and remains constant during the coherence time, where h AB , h BA ∼CN (0, 1). We define h AB , h BA , and h AE as denoting the channels from Alice to Bob, Bob to Alice, and Alice to Eve, respectively. According to the reciprocal of the wireless channel, h AB = h BA . Eve is located more than half a wavelength away from legitimate users. In addition, Eve and the legitimate users have no line of sight (LoS). Therefore, Eve experiences a wireless channel independent of that of the legitimate users, because they are spatially decorrelated between different geographic locations [19,20]. We assume that Alice and Bob have the same transmitting power, i.e., P A = P B = P, where the power allocation parameters of the pilot and data signals are α and 1 − α, respectively. In addition, Eve knows the complete communication process and the information transmitted over public channels. Alice and Bob probe the channel to generate keys, which are employed to encrypt data information to realize secure communication.

Problem Statement
As mentioned in the Introduction, the NRK-SC scheme [15][16][17][18] realizes secure communication using non-reconciled keys to deal with information leakage and the communication overhead caused by information reconciliation. For comparison purposes, we provide a brief description of the existing NRK-SC scheme [15][16][17][18]. As shown in Figure 2, the non-reconciled keys K A and K B are generated by Alice and Bob via channel estimation and quantization. Note that since the inconsistent keys are not corrected via information reconciliation, channel coding is required to correct not only transmitted error bits but also inconsistent keys. After that, the generated keys K A are used to encrypt encoded source bits X A via exclusive-OR (XOR) encryption. Next, the ciphertexts E A are transmitted to Bob over the wireless channel. Then, Bob receives the ciphertexts E B and recovers X B from the ciphertexts via XOR decryption. The source bits M B can be obtained after channel decoding.
In the XOR operation process, when the key and transmitted bit errors occur simultaneously, the errors can be corrected. As shown in Figure 2, note that E B and K B errors occur. The decrypted bit received by Bob X B = E B ⊕ K B is correct. Thus, when there exists a channel correlation between key generation and secure transmission, the error probabilities of keys and transmitted bits are correlated, which can result in the achievement of an excellent error correction effect via the XOR operation. This is the potential advantage that channel correlation can offer.
However, in the existing NRK-SC scheme, key generation and secure transmission are performed at different coherence times. The keys generated by the previous coherence time are used to encrypt the encoded data bits of the next coherence time. Thus, the error probability of keys is different from that of the transmitted bits, and the advantage does not apply. Moreover, non-reconciled keys share the error correction capability of channel coding in the NRK-SC scheme. Thus, more redundant code bits must be added to correct error bits, leading to a lower coding efficiency and a lower secure transmission rate. Therefore, to address the problem and fully use the advantage of channel correlation, we propose a non-reconciled physical-layer keys-assisted secure communication scheme based on channel correlation.  Figure 2. The existing NRK-SC scheme.

The Proposed Non-Reconciled Keys-Assisted Secure Communication Scheme Based on Channel Correlation
As illustrated in Figure 3, the proposed scheme has three steps, namely, signal frame design, non-reconciled key generation, and secure transmission based on adaptive coding. The first step is aimed at designing the signal transmission process to fully use channel correlation between key generation and secure transmission. In the second step, the wireless channel is probed to generate non-reconciled keys. Subsequently, in the third step, the generated keys are used to encrypt encoded data bits to achieve secure transmission, where data source bits are encoded by the adaptive coding based on the equivalent channel. In the following, we discuss the three steps in detail.  Figure 3. The proposed non-reconciled keys-assisted secure communication scheme based on channel correlation.

Signal Frame Design
To take advantage of channel correlation between non-reconciled key generation and secure transmission, we design the signal frame to perform these two processes at one channel coherence time. As shown in Figure 4, we take downlink commmunication as an example. The downlink and uplink pilot lengths are T pa and T pb , respectively, where T pa = T pb . The downlink data length is T d . In addition, T c represents the interval length of one channel coherence time. Firstly, two legitimate users send downlink and uplink pilot signals for channel probing to generate the keys. Subsequently, we transmit data signals after the pilot signals. The keys are used to encrypt the encoded data source bits. In addition, the length of the transmitted signals must satisfy The design of short-packet communication with limited packet length can meet the low-latency requirements of wireless communication. It is especially suitable for real-time communication scenarios. In addition, we consider that the signal power ratio is equal to the length ratio, i.e., α = T pa T pa + T d . Hence, we can minimize the BER of the communication system by reasonably setting the power allocation parameters α, which will be further introduced in Section 5.

Non-Reconciled Physical-Layer Key Generation
There are two mainstream approaches for legitimate users to generate keys from the wireless channel in TDD wireless communication systems. One involves estimating the CSI using the received pilot signals, and the other involves sending random signals in order to mix the random signals and the channel gains [21]. The former is selected in our scheme.
During the key generation process, Alice and Bob first send pilot signals to each other to extract the CSI from the wireless channel. The transmitting pilot power values of Alice and Bob are σ 2 A and σ 2 B , respectively. The channel noise is additive white Gaussian noise (AWGN) with zero mean and variance σ 2 n . Hereafter, Alice, Bob, and Eve use the leastsquares (LS) algorithm to estimate the channel. The channel estimates can be expressed as where w A , w B , and w E denote channel estimation errors. They are independent identically distributed complex Gaussian random variables, with zero mean and variance σ 2 n /σ 2 , i.e., w B and w E are CN 0, σ 2 n /σ 2 A and w A ∼CN 0, σ 2 n /σ 2 B . Then, Alice and Bob quantize the channel estimatesĥ AB andĥ BA . In order to make the distribution of the quantized sequences in each quantization interval as uniform as possible, we consider using an equal probability quantization algorithm to quantize the channel estimates [17]. The probability distribution function (PDF) of the channel estimates is used to divide the quantization interval. To extract more keys, we quantize the real part and the imaginary part of the channel estimates. The quantized sequences are converted into Gray code with length q, where q represents the quantization precision. After that, the non-reconciled keys K A and K B can be obtained.

Secure Transmission Based on Adaptive Coding
When using the coding method with a low code rate to encode transmitted data bits at high SNR, more redundant code bits must be added to correct errors, resulting in lower coding efficiency. However, at low SNR, using a high code rate cannot fully correct inconsistent keys and transmitted error bits, making it difficult to ensure reliable communication. Thus, to maximize the secure transmission rate at different SNRs, an adaptive coding algorithm using BCH code (n, k, t) based on the equivalent channel is presented. We use BCH code in this paper since it is widely used due to its lightweight and low-complexity advantages. An equivalent channel that contains an encryption channel and a transmission channel is constructed to compute the BER. Next, the calculation results are used to further design the optimal parameters of n and k. Finally, according to n and k, we can encode data bits to guarantee reliable transmission at the maximum secure transmission rate. The adaptive coding algorithm based on the equivalent channel is summarized in Algorithm 1. to obtain encoded bits X A by using n and k UB . 5: Return X A .

Adaptive Coding Based on the Equivalent Channel
We define the channel between adaptive coding and decoding as the coding channel, as indicated in Figure 3. To facilitate analysis, an equivalent channel is set up to calculate the BER of the coding channel in step 1 of Algorithm 1. We will introduce the model in detail in the following.
As shown in Figure 5, the coding channel is composed of the encryption channel, transmission channel, and decryption channel, where K A and K B represent keys for performing encryption and decryption, respectively. The keys K A and K B are not exactly identical. Note that a pair of symmetrical virtual encryption and decryption modules are added at both ends of the coding channel in order to build the equivalent channel. The virtual XOR encryption and decryption use symmetric keys K B . We assume that the input and output alphabets of virtual encryption and decryption modules are S A and S B , respectively, and that source bits are binary encoded. Therefore, the coding channel is a binary discrete memoryless channel (DMC) with a probability space of [X A , p(x B |x A ), X B ], where p(x B |x A ) denotes the transfer probability of the coding channel. Here, x A and x B are symbols taken from X A and X B , respectively, where x A , x B ∈ {0, 1}. The transmission channel formed by the modulator, wireless channel, and demodulator is also a DMC, which can be expressed as [E A , p(e B |e A ), E B ], where p(e B |e A ) denotes the transfer probability of the transmission channel, while e A ∈ E A denote ciphertexts which are encrypted by keys K A and e B ∈ E B denote ciphertexts recovered by the demodulator. The equivalent channel consists of an encryption channel [S A , p(e A |s A ), E A ] and a transmission channel  Note that there is no new noise or interference added at the virtual XOR encryption and decryption modules. Thus, the transfer probability of the coding channel does not change after adding the virtual modules, which can be shown as where s A ∈ S A , s B ∈ S B . In addition, according to the principles of the binary field, we have S B = E B . This means that p(s B |s A ) = p(e B |s A ). Therefore, we can obtain In other words, we can derive the BER of the coding channel from the equivalent channel, which can be computed as where (a) is given by the total probability formula and (b) represents p(e B |e A s A ) ≤ p(e B |e A ), since the encryption channel and the transmission channel are correlated such that p(e B |e A s A ) = p(e B |e A ) holds when E B only depends on E A and is independent of S A . In addition, P key AB and P e represent the key disagreement rate (KDR) and the transmission bit error rate (TBER), respectively. Therefore, the upper bound of the BER of the coding channel is P UB et = P e + P key AB − 2P e P key AB . Next, to calculate the BER of the coding channel, we solve the KDR and the TBER according to the SNR. Taking the real part of the channel estimates as an example, the 1-bit quantized KDR ofĥ BA andĥ AB can be derived as According to [17], The TBER of the BPSK signal transmitted in the Rayleigh fading channel can be calculated as We take γ p = αP to represent the SNRs of the pilot signals of Alice or Bob and the SNR of the received data signals, respectively.
In step 2, to maximize the secure transmission rate, the problem can be expressed as To solve this problem, we can compute that In this way, we can derive that k ≤ n − 2nP et − 1. Hence, the upper bound of the secure transmission rate is Furthermore, k UB = nR UB = n − 2nP UB et − 1 can be calculated in step 3. By exploiting the relationship between n and k UB , we can obtain the maximum value of the optimal parameter k by fixing n. According to n and the maximum value of k, we can use BCH code (n, k, t) to encode source bits M A to obtain X A in step 4.

Secure Transmission
The encoded bits X A are encrypted by keys K A , and we can obtain E A = X A ⊕ K A . Then, the ciphertexts E A are transmitted through the transmission channel, and Bob receives the ciphertexts E B . The source bits recovered by Bob can be expressed as where ε = K A ⊕ K B represents the difference between K A and K B . Note that there is a difference between E A and E B due to channel fading and noise, which can be corrected by adaptive coding.

Performance Evaluation
In this section, the performance of the proposed scheme is evaluated using security analysis and reliability analysis.

Security Analysis
Since the eavesdropping channel and the legitimate channels are independent of each other, we consider that the encryption channel and the transmission channel are also independent for Eve. Similarly to (4), The BER of Eve can be calculated as where the KDR of Alice and Eve is given by where Equation (13) holds due to the independence of the legitimate channels and the eavesdropping channel. Thus, we substitute P key AE = 1 2 into (12) to obtain P Eve = 1 2 , which indicates that Eve cannot steal any key information via the eavesdropping channel. The security of the communication system is guaranteed.

Reliability Analysis
From (4), we have P et ≤ P e + P key AB − 2P e P key AB , where P eN = P e + P key AB − 2P e P key AB represents the BER of the existing NRK-SC scheme [15][16][17][18]. Note that the proposed scheme has a lower BER compared to the NRK-SC scheme. This is due to the fact that the errors are corrected via an XOR operation when the encryption channel [S A , p(e A |s A ), E A ] and the transmission channel [E A , p(e B |e A ), E B ] are correlated. From (4) and (10), the comparison of the secure transmission rate can be expressed as where R UB N and R UB I represent the upper bounds of the secure transmission rate of the NRK-SC scheme and our proposed scheme, respectively. It is worth noting that our proposed scheme has superior performance compared to the NRK-SC scheme with respect to the secure transmission rate.
Moreover, we analyze the reliability of the proposed scheme. When X A obeys an equal probability distribution, i.e., Pr[x A = 1] = Pr[x A = 0] = 0.5, the channel capacity can be derived as That is to say, compared with the NRK-SC scheme, our proposed scheme has a higher channel capacity. In addition, Shannon's second theorem shows that when the information transfer rate is lower than the channel capacity, reliable communication can be guaranteed by channel coding. This means that Bob can recover the same information as Alice.

Simulation Results
In this section, the performance of our proposed scheme is verified through Monte Carlo simulations. The experiment is repeated 10 6 times in each simulation. We use a single antenna for Alice, Bob, and Eve. The wireless channel is modeled as a Rayleigh fading channel. In addition, the transmitted bits are modulated by BPSK. When simulating the BER of the coding channel and the secure transmission rate, we assume that the power allocation for the pilot and data signals is the same, i.e., α = 0.5.
The BER performance of the coding channel with different quantization precisions q in the two schemes is illustrated in Figure 6. It is obvious that the BER of our proposed scheme is lower than that of the NRK-SC scheme in [15][16][17][18] at the same quantization precision, which verifies the correctness of the theoretical derivation. The reason for this is that our proposed scheme makes full use of channel correlation, and there are similar error probabilities between keys and transmitted bits. Thus, the errors that occur in both keys and transmitted bits can be corrected via an XOR operation, which is conducive to reducing the BER of the coding channel. In addition, note that the BER between Alice and Eve is always kept at 0.5 as the SNR increases, which indicates that Eve cannot obtain any private information from the key, regardless of the computing power. This is due to the fact that the generated keys are firmly bound to the channel characteristics. Furthermore, the eavesdropping channel and the legitimate channels are independent of each other. Therefore, the generated keys between Eve and Alice are not correlated. In order to verify the superiority of our proposed adaptive coding algorithm, a comparison between adaptive coding and the single-code-rate coding method in different channel environments is given in Table 1. We take a low SNR of 0 dB and a high SNR of 20 dB as examples for analysis. We compare the code rate and the BER after decoding using BCH code with code length n = 127. When the BER is lower than 10 −6 , we consider that reliable transmission can be achieved. That is, the BER is equal to 0 in Table 1. It is observed that the BER using adaptive coding and coding with 1/4 code rate can satisfy the BER requirements at 0 dB and 20 dB. However, it is noted that the code rate of adaptive coding is higher than 1/4, and therefore a higher secure transmission efficiency can be achieved. In addition, when the SNR is 0 dB, The BER using the error correction for the 1/2 code rate is 10 −4 , which cannot realize the reliability of communication systems. At 20 dB SNR, although using the 1/2 code rate to correct errors can meet the BER requirements, the code rate is lower than that of adaptive coding. Meanwhile, adding more redundant code bits will lead to lower secure transmission efficiency. The upper bound of the secure transmission rate versus SNR is plotted in Figure 7. The secure transmission rate of our proposed scheme is higher than that of the existing NRK-SC scheme in [15][16][17][18] at the same quantization precision. This is because the BER is obviously decreased in our scheme, and fewer redundant code bits are required to correct errors. Therefore, a higher secure transmission rate can be achieved. Reasonable power allocation can minimize the BER of communication systems, which has an important impact on improving the reliability of communication systems, especially in resource-limited communication systems. In order to achieve optimal power allocation, the BER of the coding channel versus the power allocation parameter is given in Figure 8. Note that the minimum values of the BER at different SNRs are obtained at α > 0.5. This is due to the fact that the errors of communication systems include inconsistent keys and transmitted error bits, and most of the errors originate from inconsistent keys. Therefore, more power should be appropriately allocated to pilot signals in the design of communication systems. Clearly, when the power allocation parameter is between 0.6 and 0.8, the BER is lower than for other power allocation parameters.

Conclusions
This paper presented a non-reconciled physical-layer keys-assisted secure communication scheme based on channel correlation. The design of this scheme included three steps, namely, signal frame design, non-reconciled key generation, and secure transmission based on adaptive coding. The proposed signal frame utilizes channel correlation between non-reconciled key generation and secure transmission to reduce the BER of the communication system. Moreover, the proposed adaptive coding algorithm based on the equivalent channel can maximize the secure transmission rate at different SNRs. Theoretical analysis verified the security and reliability of this scheme. Furthermore, simulation results showed a significant performance improvement for this scheme in terms of BER and secure transmission rate.