Wireless Secret Sharing Game for Internet of Things

: In the era of Internet of Things (IoT), billions of small but smart wireless devices work together to make our cities more intelligent and sustainable. One challenge is that many IoT devices do not have human interfaces and are very difﬁcult for humans to manage. This creates sustainability and security issues. Enabling automatic secret sharing across heterogeneous devices for cryptography purposes will provide the needed security and sustainability for the underlying IoT infrastructure. Therefore, wireless secret sharing is crucial to the success of smart cities. One secret sharing method is to utilize the effect of the randomness of the wireless channel in the data link layer to generate the common secret between legitimate users. This paper models this secret sharing mechanism from the perspective of game theory. In particular, we formulate a non-cooperative zero-sum game between the legitimate users (Alice and Bob) and an eavesdropper (Eve). Alice and Bob’s strategy is deciding how to exchange packets to protect the secret, and Eve’s strategy is choosing where to stay to better intercept the secret. In a symmetrical game where Eve has the same probability of successfully receiving a packet from Alice and Bob when the transmission distance is the same, we show that both pure and mixed strategy Nash equilibria exist. In an asymmetric game where Eve has different probabilities of successfully receiving a packet from Alice and Bob, a pure strategy may not exist; in this case, we show how a mixed strategy Nash equilibrium can be found. We run simulations to show that our results are better than other approaches.


Introduction
Urbanization has brought millions of people to cities and is expected to continue for decades to come.While urbanization creates prosperity and economic growth, it also causes severe sustainability issues due to the increased demand for water, energy, and better infrastructure [1].Making cities "smart" is an important strategy to combat these issues.One enabling technology for smart cities is the Internet of Things (IoT), where millions of low-cost and yet powerful wireless devices are interconnected to gather information, make decisions, and perform control [2,3].With the help of IoT, our homes are more energy efficient, transportation systems are more intelligent and have less congestion, and the well-being of senior citizens has been improved [4].
IoT brings us not only opportunities but also challenges.Security and privacy in IoT are especially challenging: (i) network level privacy is hard to guarantee with the presence of heterogeneous mobile edge computing [5]; (ii) the existence of a vast amount of different types of devices makes the credibility and privacy protection harder [6]; and (iii) the broadcast nature of wireless communications creates vulnerability in secure information exchange.In this paper, we discuss strategies to mitigate the risk of having insecure wireless communications in IoT.Most battery powered wireless devices rely on symmetric-key cryptography, which requires pre-established private keys at both the transmitter and the receiver [7].In the era of IoT where machine to machine (M2M) communications frequently occur with minimum human intervention, the automatic and secure sharing of secrets for the purpose of cryptography is crucial to information security and the sustainability of smart cities.For example, automatic secret sharing helps protect privacy and critical wireless ECG data that monitor heart health [8].
There are various ways to share secrets automatically in wireless networks.One way is physical layer key generation (PLKG) [9], a.k.a., an information-theoretic approach, which exploits the principle of reciprocity [10] in wireless communications and extracts the secret from the common observation between Alice and Bob on the randomly varying wireless channel state.Similarly, there are early theoretical results in [11,12] that derive the secrecy capacity and bounds of a secret key rate.Recent works can be found in [13][14][15] for interference, broadcast, and multiple access channels, respectively.They have also been studied by using cooperation such as cooperative relaying and jamming to enhance wireless secrecy [16].
Mathur et al. [17] developed a practical PLKG algorithm that extracts secrets by sending channel probes between two legitimate users, Alice and Bob.In particular, levelcrossings and quantization were used to extract the secret bits, and their results were validated using 802.11adevices in indoor environments.A differential secret sharing mechanism was proposed in [18], where the secret sharing rate is 3-4 times faster than [17] with a higher probability of success.While most PLKG algorithms only focus on the pairwise key generation between two users, Tang et al. [19] took advantage of the MIMO antennas available on newer devices to generate group secret keys.PLKG methods have been used for 5G systems [20][21][22][23][24], low-power LoRa wide-area networks [25][26][27], and sensor networks [28,29].Another application of PLKG is vehicular scenarios.Zhu et al. [30] extended the existing level crossing techniques to extract secrets from the received signal strength indicator (RSSI) values in packets exchanged between two cars in a noisy vehicular environment.They were able to extract about 5 bits per second in real-world vehicular networks.Recent works for inter-vehicle secret sharing can be found in [31,32].Although PLKG approaches have attracted lots of attention, they do not work very well when the speed of variation in wireless channels is slow.A recent work [33] tries to improve the performance of PLKG in slowly varying environments by introducing channel obfuscation.However, PLKG in general may require modifications to existing physical layer communication protocols, making it incompatible with legacy devices.
The effect of wireless channel dynamics on the data link layer is utilized to share secrets [34][35][36].It is based on the fact that packet transmissions over wireless channels are not always reliable [37], and the idea is as follows: Alice and Bob keep sending each other unicast packets without retry, with which the secret is derived; Eve will eventually lose a packet and be unable to extract the secret even if she knows exactly which mechanism Alice and Bob are using.Safaka et al. [38] extended it to the multiple legitimate users case by assuming that broadcast packets can always be delivered reliably with acknowledgments, which may require modifications to the existing wireless protocols.The authors added support for multi-hop networks in [39] and showed that thousands of bits can be extracted per second in real-world scenarios.Another work that shares secrets among multiple nodes can be found in [40] where the authors exploit the benefit of being able to switch among multiple available wireless channels.Their work may also require modifications to existing protocols since channel switching currently takes time and is not designed to happen often.In [41], Bhatti and Saleem acquired a multi-party secret key using bloom filter and tested and verified their approach in real-world IEEE 802.11 wireless setups.Rabiah [42,43] extended the work in [34] further for IoT devices by adding authentication: one master key and an initial session key are provided to all nodes at startup, and the subsequent session keys change over time.Our previous work in [44] discussed optimal secret sharing between Alice and Bob with the presence of Eve.In particular, we assumed that Eve's location is random, and only Alice and Bob can choose how to generate the secret; we showed that when the probability of successfully transmitting a packet is monotonically decreasing with the transmission distance and Eve's location is uniformly distributed, the optimal strategy for Alice and Bob to successfully share the secret is to generate half of the packets from each one of them.Ref. [44] also offers a mechanism for sharing secrets among multiple wireless devices.
In real-world eavesdropping scenarios, Eve may intelligently choose her location in order to maximize her probability of receiving all of the packets and extracting the secret.This motivates our work in this paper where we extend the results in [44].Specifically, we assume that both the legitimate users (Alice and Bob) and the eavesdropper (Eve) do not know each other's strategy but are both rational.Let P e be the probability of Eve extracting the secret.Then, Alice and Bob's goal is to minimize P e or maximize −P e , and Eve's goal is to maximize P e .Therefore, we formulate the problem as a zero-sum game between the legitimate users and the eavesdropper.
Security games have been studied extensively on the interaction between legitimate and malicious users, and game-theoretic approaches have been applied to a wide range of problems, including security at the physical and MAC layers, security at the application layer, and cryptography.For comprehensive reviews, see [45][46][47].Our secret-sharing game is different from the existing ones in the literature: we study how to share secrets using the effect of the unreliable nature of wireless channels on the data link layer.Our results are based on the probability function of Eve successfully receiving a packet.Nonetheless, our analysis does not rely on a specific form of the probability function; instead, our work would be applicable to any probability function as long as a mild assumption is satisfied.
The main contributions of this paper are as follows: (i) To the best of our knowledge, all previous works either do not take the eavesdropper Eve's location into consideration or simply assume that her location is random.We believe this is the first work in the literature that formulates the optimal secret-sharing problem as a game between two legitimate users and the eavesdropper Eve.(ii) We analyze the symmetric game case and identify both pure and mixed strategy Nash equilibria.(iii) For the asymmetric game case, we discover two different scenarios that yield a pure and a mixed Nash equilibrium, respectively.(iv) We show how the mixed strategy Nash equilibrium can be found when the probabilities of successful packet transmission are known.
The organization of the rest of the paper is as follows: in Section 2, we formulate the secret sharing game; in Section 3, we present the main results of the optimal secret sharing zero-sum game; Section 4 discusses simulation and numeral results; and finally, we conclude and discuss future work in Section 5.

The Secret Sharing Game
The summary of system symbols and their definitions can be found in Table 1.In our system model, the two legitimate users Alice and Bob are at two different locations that are D meters away, and they are trying to exchange N packets {Pkt 1 , Pkt 2 , . . ., Pkt N }, using which the secret is calculated.See the illustration in Figure 3 in [44] for a packetexchange process.One simple way to obtain the secret is to exclusive-OR all N packets together: Due to the unreliable nature of wireless communications, Eve will have a high probability of losing one or more packets when N is large so that she will not be able to extract the secret.Without loss of generality, we let N be an even number.For ease of notation, we assume that each of the two game players, i.e., the legitimate users and the eavesdropper, has three strategies.For Alice and Bob, there are totally N + 1 strategies, which can be represented by (1) S A,n : Alice sends N − n, n ∈ {0, 1, . . ., N  2 − 1} packets to Bob, and Bob sends n packets to Alice; (2) S B,n : Bob sends N − n, n ∈ {0, 1, . . ., N  2 − 1} packets to Alice, and Alice sends n packets to Bob; and (3) S AB : each one of them sends N/2 packets to the other.Eve chooses to stay somewhere between Alice and Bob, and she has three different strategies: staying close to Alice, staying close to Bob, and staying in the exact middle.We use L A , L B , and L M to denote these three locations/strategies, respectively.We further assume that locations L A and L B are , ∈ (0, D 2 ) meters away from Alice and Bob, respectively; location L M is D 2 meters away from both Alice and Bob.Thus, P A ( ), P A (D − ), and P A ( D 2 ) are the probabilities of Eve successfully receiving a packet from Alice when Eve's strategy is L A , L B , and L M , respectively.Similarly, P B ( ), P B (D − ), and P B ( D 2 ) are the probabilities of Eve successfully receiving a packet from Bob when Eve's strategy is L B , L A , and L M , respectively.Let P A (d) and P B (d) be the probability of Eve successfully receiving a packet from Alice or Bob, respectively, when the transmission distance is d.We have the following assumption about P A (d) and P B (d).The assumptions above are generic and do not require the exact form of functions P A (d) and P B (d). Parts (i) and (ii) above are valid in slow-fading environments where the coherence time of the wireless channel is long and the channel state is stable during the period of secret sharing.Part (iii) states that the key factor that determines the probability of successful packet transmission is the distance, which is especially true in long-distance wireless communications.An example of P A (d) and P B (d) supporting the monotonicity assumption in VANET (vehicular ad hoc networks) environments can be found in [48], in which Killat et al. simulate and verify a theoretical probability of a successful transmission function of distance inferred from the Nakagami-m distribution of RF wave propagation.It is well known that in free space, the path loss of RF signals is proportional to the square of distance.Part (iv) above reflects this: in spite of random factors such as channel fading, the signal's power and the probability of successful transmission attenuates faster when the distance is larger; there is evidence in the literature showing that the probability is a concave function of distance, especially for short-distance wireless communications (see Figure 1 in [48], Figure 12 in [49], Figures 9 and 10 in [50], Figure 6b in [51], and Figure 10 in [52]).

Optimal Secret Sharing as a Zero-Sum Game
Let s L and s E be the strategies of the legitimate users, i.e., Alice and Bob, and the eavesdropper, Eve, respectively.We have s L ∈ {S A,n , S B,n , S AB }, and s E ∈ {L A , L B , L M } We use U L (s L , s E ) = −P e and U E (s L , s E ) = P e to denote the utility functions of the legitimate users and Eve, respectively.Essentially, Alice and Bob would like to minimize the probability of Eve figuring out the secret, and Eve would like to maximize that same probability.
for each feasible strategy s E .

Symmetric Game
We first consider a symmetric game scenario in which the following hold: We show the utility matrix in Table 2, where the utility functions of Eve are positive and the ones of Alice and Bob are negative.Next, let us first introduce an auxiliary lemma.S A,n , q A,n S AB , q AB S B,n , q B,n

Proof. It can be seen from the utility matrix that
From Definition 1, it follows that strategy profile (S AB , L M ) is a pure strategy Nash equilibrium.
Lemma 2 indicates that in the pure strategy Nash equilibrium, Alice and Bob each generate half of the packets and Eve stays in the middle location L M .We now turn our attention to a mixed strategy Nash equilibrium, in which Eve has probabilities p 1 , p 2 , and p 3 = 1 − p 1 − p 2 to use strategies L A , L M , and L B , respectively; similarly, Alice and Bob have probabilities q A,n , q AB , and q B,n , the sum of which is 1, to use strategies S A,n , S AB , and S B,n , respectively.Lemma 3. In a mixed strategy Nash equilibrium, Eve's strategy is to stay at L M with probability 1; Alice and Bob should have positive probabilities on all strategies S A,n , S B,n , and S AB so that: Proof.Suppose that 0 < q A,n < 1, 0 < q AB < 1, and 0 < q B,n < 1, ∀n ∈ {0, 1, . . ., N 2 − 1}.In a mixed strategy Nash equilibrium, we have: where the equations above are utility functions of Alice and Bob's strategies.Solving the above equations, we obtain p 1 = p 3 = 0, and p 2 = 1.If it is the case in the mixed strategy Nash equilibrium, we must also have ( 2) and ( 3).
Case 1: , for all n.In this case, (4) always holds as long as q A,n are nonzero probabilities.
Case 2: , for some n.In this case, we can always pick small enough positive q A,n values so that (4) holds.

Asymmetric Game
We now consider an asymmetric game scenario in which P A (d) > P B (d), i.e., when the transmission distance is the same, Eve has higher probability of successfully receiving a packet from Alice than from Bob.For example, if Alice has higher transmission power than Bob or Bob is closer to a noise source, then the signal to noise ratio between Alice and Eve may be higher than that between Bob and Eve, causing the asymmetric game scenario described above.We have the following utility matrix shown in Table 3.

Simulation and Numerical Results
In this section, we run a simulation and present a numerical example to verify the results in Section 3.For ease of presentation, we assume that Alice and Bob have only three strategies: S A,0 , S AB , and S B,0 .We first consider the symmetric case where P A ( ) = P B ( ) = 0.99, P A (D/2) = P B (D/2) = 0.9, and P A (D − ) = P B (D − ) = 0.8.As shown in Figure 1, the number of exchanged packets between Alice and Bob is from 10 to 100 with increment of 10 at a time.For each data point, we run the simulation 1 million times, and the probability of Eve receiving all of the packets is calculated by using the number of times that Eve receives all of the packets to divide 1 million.The vertical axis in Figure 1 is the logarithm of that probability, and five strategies are compared: (1) Equilibrium: This is the pure Nash equilibrium (S AB , L M ) specified in Lemma 2, i.e., Alice and Bob each send half of the packets, and Eve stays in the middle; (2) Alice sends all of the packets, and Eve stays in the middle; (3) Bob sends all of the packets, and Eve stays in the middle; (4) Eve stays near Alice, and Alice and Bob each send half of the packets; and (5) Eve stays near Bob, and Alice and Bob each send half of the packets.We have two observations on the simulation result.First, (S AB , L M ) is indeed the Nash equilibrium because both players have no motivation to deviate from it: when Eve leaves the middle, her probability of receiving all of the packets goes down; when Alice or Bob send all of the packets, the probability stays unchanged.Second, Eve's probability of receiving all of the packets decreases exponentially with the increase in the number of packets exchanged between Alice and Bob.This shows that when N is large, the proposed method is very effective at preventing Eve from knowing the secret.Next, we consider the asymmetric case where it is easier for Eve to receive packets from Alice than from Bob: P A ( ) = 0.99 > P B ( ) = 0.7, P A (D/2) = 0.9 > P B (D/2) = 0.6, P A (D − ) = 0.8 > P B (D − ) = 0.5, and P B ( ) < P A (D − ).As shown in Figure 2, the number of exchanged packets between Alice and Bob is from 2 to 20 with increment 2 at a time.For each data point, we run the simulation 1 million times, and the probability of Eve receiving all of the packets is calculated the same way as in Figure 1.The vertical axis in Figure 2 is the logarithm of that probability, and five strategies are compared: (1) Equilibrium: This is the pure Nash equilibrium (S B,0 , L B ) specified in Lemma 4, i.e., Bob sends all of the packets, and Eve stays near Bob; (2) Bob sends all of the packets, and Eve stays near Alice; (3) Bob sends all of the packets, and Eve stays in the middle; (4) Eve stays near Bob, and Alice sends all of the packets; and (5) Eve stays near Bob, and Alice and Bob each send half of the packets.It can be observed that (S B,0 , L B ) is indeed the Nash equilibrium because both players have no motivation to deviate from it: when Eve stays in the middle or be close to Alice, her probability of receiving all of the packets goes down; when Bob does not send all of the packets, the probability of Eve receiving all of the packets rises.In what follows, we use a numerical example to demonstrate how to find a mixed strategy Nash equilibrium.For ease of calculation, we let N = 2, and the probabilities are P A ( ) = 0.99, P A ( D 2 ) = 0.94, P A (D − ) = 0.80, P B ( ) = 0.90, P B ( D 2 ) = 0.84, and P B (D − ) = 0.70.Invoking Lemma 5, there is no pure strategy Nash equilibrium.The mixed strategy utility functions corresponding to (q 1 ) through (p 3 ) are: −0.3401p We start out by assuming that p 1 ∈ (0, 1), p 2 ∈ (0, 1), and 1 − p 1 − p 2 ∈ (0, 1).Under this proposition, we have (12) = (13) = (14), whose solution is q 1 = 1.946, q 2 = −3.292,and 1 − q 1 − q 2 = 2.346.This is infeasible, meaning that p 1 , p 2 , and 1 − p 1 − p 2 cannot be all positive and less than 1.Next, we discuss three cases of p 1 , p 2 , and 1 − p 1 − p 2 .Case 1: p 1 ∈ (0, 1), p 2 ∈ (0, 1), and 1 − p 1 − p 2 = 0.It yields that (12) = (13) > (14).

Conclusions and Future Work
We have studied the optimal secret-sharing problem between two legitimate users (Alice and Bob) and an eavesdropper (Eve).The methodology of the secret-sharing mechanism allows Alice and Bob to exchange packets until Eve loses one due to the unreliable nature of wireless communications; Alice and Bob can then use the exchanged packets to establish the secret.To the best of our knowledge, this is the first work in the literature that formulates the problem as a non-cooperative zero-sum game.In the symmetric game case, both pure and mixed strategy Nash equilibria exist.Our results indicate that regardless of the type of the equilibrium, Eve should always stay in the middle of Alice and Bob.In the pure strategy Nash equilibrium, the best strategy of Alice and Bob is to generate half of the packets from each one of them; in a mixed strategy Nash equilibrium, Alice and Bob could generate all of the packets from one user only, but some inequalities involving the probabilities must hold.
In the asymmetric game case that Eve has a higher chance of successfully receiving packets from Alice than from Bob, we show that there are two scenarios: if it is very asymmetrical, then a pure strategy Nash equilibrium exists, in which Bob is the one who generates all of the packets and Eve chooses to stay near Bob; o.w., a mixed-strategy equilibrium exists and can be calculated.
Through extensive simulation and a numerical example, we have verified the correctness of the theoretical results of the secret-sharing game.We have also shown that with the increase in the number of packets exchanged between Alice and Bob, the probability of Eve receiving all of the packets and thus extracting the secret decreases exponentially.Future work includes comparing our approach with PLKG methods in various application scenarios.

Lemma 4 .
If P A (d) > P B (d), and P B ( ) ≤ P A (D − ), then strategy profile (S B,0 , L B ) is a pure strategy Nash equilibrium.

1 0Figure 1 .
Figure 1.Symmetric case: logarithm of the probability of Eve receiving all of the exchanged packets between Alice and Bob vs. the number of packets.

1 0Figure 2 .
Figure 2. Asymmetric case: logarithm of the probability of Eve receiving all of the exchanged packets between Alice and Bob vs. the number of packets.

Table 1 .
Summary of symbols and their definitions.
P A (d), P B (d)

Table 2 .
Utility matrix of the symmetric game.

Probability of Eve receiving both packets vs. Number of runs
EquilibriumEve has equal chance to appear at the three locations Eve is more likely to be close to Alice Eve is more likely to be close to Bob Eve is more likely to be in the middle The Probability of Eve receiving both packets vs. the number of runs.