2014 globecom key

(1)

Physical-Layer Secret Key Generation

with Untrusted Relays

Chan Dai Truyen Thai, Jemin Lee, Chi Cheng

†

, and Tony Q.S. Quek*

*Singapore University of Technology and Design, Singapore

†

School of Computer Science, China University of Geosciences, Wuhan, China

Email:

{

thai truyen, jemin lee, tonyquek

}

@sutd.edu.sg, [email protected]

Abstract—In this paper, we propose a physical-layer secret key generation scheme for multi-antenna legitimate nodes with the help from multiple untrusted relays with single antenna. The relays’ actions conform to the rules but they passively eavesdrop the information. Different from most previous key generation schemes, where a key is generated based on a channel coefficient, in the proposed scheme, we use the linear combination of channel coefficients to generate a key. Simulation results show that the rate leaked to the untrusted relays is low and the secret key rate is therefore high. We also point out that the relay communication can achieve higher secret key rate than the direct communication in several distance ranges.

Index Terms—Key generation, untrusted relay, physical-layer security, multiple relays, MIMO.

I. INTRODUCTION

Recently, secret data communication based on physical layer has been extensively studied [1]–[5]. Many fruitful results have been proposed to create a secret data transmission without using keys shared among legitimate nodes. However, it is not certain that such schemes can be applied in every scenario. Therefore, secret communications based on physical-layer secret keys shared between legitimate nodes is still necessary. There have been many papers exploiting the randomness and reciprocity of the wireless channels between two nodes to generate a secret key [6]–[8]. In this case, the more diverse the channels are, the higher rate the achieved key is. The diversity here can be obtained when the channels vary with time, space or frequency.

The key generation based on the randomness of a channel was proposed for a direct channel. Since the direct channel between two legitimate nodes can be not good to establish a secret key with high rate in some environments [9]–[11], co-operative or relaying solutions are considered [7], [8], [12]. A three-time-slot key generation scheme for two legitimate nodes with a relay has been proposed in [13]. In [13], transmission schemes described and simulation results are presented using k-nearest neighbor-distance mutual information estimation. In addition, single-antenna legitimate nodes and one trusted relay have been considered, but how to generate a key based on the received signals has not been described. A key generation scheme for two-way relay has been also proposed in [12]. By considering a trusted relay, this presents the secret key rate using thek-nearest neighbor-distance mutual information estimation. In prior work, only trusted relay has been con-sidered for key generation. However, nodes in a network may

have different levels of security clearance. They have different levels of access to information although operating with agreed protocols and serving as relays [14]. Therefore the issue of untrusted relays has been considered for the secrecy data rate [5], [15]. The issue of untrusted relays in key generation is necessary.

In a physical-layer secret-data communication scheme, the current status of the channel between two legitimate nodes should be available beforehand. In a physical-layer secret-key generation scheme, this requirement is not necessary. We only need to determine a certain property which are reciprocal and unique between the two nodes rather than to obtain the full information about the channel.

In this paper, we propose a key generation scheme for multi-antenna legitimate nodes with help from multiple untrusted and single-antenna relays. In the proposed scheme, probing signals are transmitted by relays and legitimate nodes can estimate the channel between the relays and themselves. We do not generate a key based on a channel coefficient as many papers do but we use a function of several channel coefficients which is unique and reciprocal to the two legitimate nodes. Specially, we user a linear combination of coefficients of channels between all antennas of a legitimate and a relay. Simulation results show that the key rate leaked to the relays is low and the secret key rate is high. We also compare the results with an existing key generation scheme for the direct channel and show that a relay scheme is better than a direct one in many cases.

The rest of the paper is organized as follows. Section II describes the system model used in this paper and summarizes key definitions concerning secret key rate. Section III presents the proposed scheme for the relay channel. Section IV shows and analyzes numerical results. Section V concludes the paper.

II. SYSTEMMODEL ANDSECURESECRETKEY

DEFINITIONS

In this section, we first introduce the system model and summarize some important definitions and results on secret key rate.

A. System Model

(2)

h1

h2

hq

…

g1

g2

gq

A _B

RS1

RS2

RSq

Fig. 1. In the system model, A, B, and Relay Stations havem,n, and single antennas, respectively.

want to generate a secret key. The RSs help A and B by amplify-and-forward relaying but they are untrusted. It means that the RSs always follow the rule of the transmission scheme of the system and do not actively attack but they are curious about the key. We also assume colluding RSs, i.e., they can cooperate to get the information about the secret key.

The channel vectors from RS i to A and B are denote as hi 2 Cm⇥1 and gi 2 Cn⇥1, respectively. Denote the

channel matrices as H = [h1, h2, ..., hq]T and G = [g1, g2, ..., gq]T. Here the j-th elements of hi and gi

are distributed with variances 2

Aj and 2Bj, respectively. All

channels are independent and assumed to remain in the same state in a period of q+ 2 time slots and change after every

period.1 _{At the beginning of a scheme, not any station knows}

about the channel status, but all stations know that they are given in form of h= f

dl2 wheref is a circularly-symmetric

complex normal random variable, d is the distance between the considered transmitter and receiver, and l is the path-loss exponent.

All training symbols used in schemes are public and known by every station. The total transmit power of A, B and a RS in a time slot are denoted by pA, pB, and pR, respectively.

We assume that all nodes know the distance among the nodes such that the variances of all channel coefficients are known. With the information on the noise power at RSs, the RSs can compute the mean power of the received signals. The RSs amplify the received signal and forward to A and B with the amplification factor, which is determined to make the mean transmit power of the RSs becomepR. Hence, A and B know

the transmit power of the RSs as it only depends on the distances and their transmit power of A and B, where the noise power at the RSs is not known.

B. Definitions

We denote the transpose, conjugate, and conjugate transpose operations of a matrix by(.)T_,₍_.₎⇤_{, and}₍_.₎H_{, respectively. The}

random variable corresponding to a signal symbol is written

1_{When there is one RS, the channel coherence time should be at least 3} time slots as assume in [12], [13].

with the same letter and subscript/superscript but capitalized. Denote noise powers at A, B, and the RS as 2

A, B2 and

2

R, respectively. Denote the noise at A, B in time slot i,

and at RS j as zA[i]⇠CN(0, B2Im),zB[i]⇠CN(0, 2BIn)

andzRj ⇠CN(0, R2), respectively, whereIm is the m⇥m

identity matrix. We denote a column vector withmelements of 1 as 1m. Denote C(x) = log2(1 +x), x+ = max(x,0), and H(X) andI(X;Y) are the entropy of random variable X and the mutual information of two random variablesX and Y, respectively.

Two legitimate nodes A and B and an eavesdropper E observe n realizations Xn _{= (}_X

1, X2, ..., Xn), Yn = (Y1, Y2, ..., Yn), and Zn = (Z1, Z2, ..., Zn), respectively. A

and B compute a common key denoted as KA and KB

respectively. R is an achievable key rate if for every✏>0and

sufficient largenthere exists a scheme such that the following requirements are satisfied [12], [16], [17]

Pr{KA6=KB} < ✏

1

nI(KA;YR) < ✏

1

nH(KA) > R ✏

1

nlog|K| <

1

nH(KA) +✏.

(1)

Moreover, the secret key capacity can be upper and lower bounded as

S(X;Y_kZ) _ min[I(X;Y), I(X;Y_|Z)], S(X;Y_kZ) max[I(X;Y) I(X;Z), I(Y;X) I(Y;Z)].

(2)

III. SECRETKEYGENERATIONSCHEME

In this section, we first introduce the proposed transmission scheme. We then select 2q linear combinations of channel coefficients and use them to generate keys. After that, we describe how A, B and the RSs estimate the combinations. After that, the rate that the RSs learnt about the key is computed while the key rate and secret key rate are lower bounded.

A. Proposed Transmission Scheme

The proposed scheme consists of q+ 2 time slots with 3

phases which requireq, 1 and 1 time slots respectively. • Phase 1: In time slot i, RS i, where i = {1,2, ..., q},

transmits pilot symbol sR = ppR. A and B receive,

respectively,

yA[i] =ppRhi+zA[i], (3)

yB[i] =ppRgi+zB[i]. (4)

Denote Yk = [yk[1], yk[2], ..., yk[q]], k = {A, B}.

The symbol matrix received by A and B in the first q time slots are

YA = ppRHT +ZTA,

YB = ppRGT +ZTB,

(5)

where column vectoriis the received signal in time slot iand

ZA= [zA[1], zA[2], ..., zA[q]]T,

ZB= [zB[1], zB[2], ..., zB[q]]T.

(3)

• Phase 2: In time slot q+ 1, A and B simultaneously transmit sA=pp_mA1m andsB =pp_nB1n, respectively.

All RSs receive the symbol vector, given by

yR=HsA+GsB+zR (7)

in which element i is the received signal at RS i and written as

yRi=hTisA+gTisB+zRi. (8)

• Phase 3: In time slotq+ 2, the RSs amplify and forward what it received in time slot q+ 1. The symbol vector transmitted from the RSs is xR = yR where = diag(p 1, p 2, ..., p q) and i is the amplification

factor of RS i, give by

i=

pR

pA Ai2 +pB 2Bi+ R2

(9)

Note that variances 2

Ai and 2Bidepend on the distances

between RS i and A, B, respectively. A and B finally receive, respectively,

yA[q+ 2] =HT (HsA+GsB+zR) +zA[q+ 2],

yB[q+ 2] =GT (HsA+GsB+zR) +zB[q+ 2].

(10)

B. Key Generation

In this subsection, we present how to generate a key after the transmission of the proposed scheme. We also present the key rate at A and B and the leaked key rate to the RSs. To generate the key at A and B, we exploit the combinations of

ui=hTisA= m X

j=1

r

pA

mhij, (11)

vi=gTi sB = n X

j=1

r

pB

n gij,8i= 1,2, ..., q. (12)

Each of them is a combination of coefficients of the channels from a legitimate node to a RS. Since there are q RSs, there are totally 2q combinations for ui and vi. As a part

of the key-generation process, each legitimate node estimates all combinations. In the meantime, the RSs also try to esti-mate the combinations. We denote u= [u1, u2, ..., uq]T and

v= [v1, v2, ..., vq]T as symbol vectors to be estimated. Thus

u=HsA andv=GsB. In the following, we describe how

A, B and the RSs estimate ui. The estimation of vi can be

carried out by similar procedures and will not presented. 1) Key Generation at A and B: Receiving the sounding pilots from the RSs in the first q time slots, A estimate all channels from itself to the RSs as

h ˆ

hA

1, hˆA2, ..., hˆAq iT

= _p1

pR[yA[1], yA[2], ..., yA[q]]

T

. (13) Denoting_HˆA₌h_h_ˆA

1, hˆA2, ..., hˆAq iT

,ui can be estimated as

ˆ

uAi = 1

p_p

R

yA[j]TsA=ui+p1

pR

zTA[i]sA, (14)

which can be written in vector form byuˆA_{= ˆ}_HA_s

A.

The estimation ofui at B is more complicated and consists

of three steps as follows: • EstimatingGas

⇥ ˆ

gB

1, ˆg2B, ..., ˆgqB ⇤T

= p1_p

R[yB[1], yB[2], ..., yB[q]]

T

. (15) • Cancelling the self-interference signal GT GsB of

yB[q+ 2]in (10) by usingGˆB =⇥gˆB1, ˆgB2, ..., ˆgBq ⇤T

in (15) as

˜

yB[q+ 2] =yB[q+ 2] ( ˆGB)Tˆ( ˆGB)sB. (16)

Since A and B do not know the noise power at the RSs, they cannot know exact but can have the esti-mation ˆ = diag(pˆ1, pˆ2, ..., pˆq) where ˆi =

pR

pA 2Ai+pB 2Bi.

• Zero Forcing (ZF) as

ˆ

uB=Wy˜B[q+ 2] (17)

where

W = ((( ˆGB₎T_ˆ₎H_{( ˆ}_GB₎T_ˆ₎ 1_{(( ˆ}_GB₎T_ˆ₎H = ˆ 1_{(( ˆ}_GB₎⇤_{( ˆ}_GB₎T₎ 1_{( ˆ}_GB₎⇤_.

(18) Note that since we use estimates ofGand is not perfect, the cancellation above is not perfect. The estimation of v at A and B can be done by similar procedure of the estimation of u. Once A and B estimateuandv, they can generate the key by quantizingui andvi, 8i= 1,2, ..., q. The estimate of

ui at A and B can be presented as

ˆ

uiA=ui+ ˆzAU i, uˆBi =ui+ ˆzU iB (19)

whereˆzA

U i=

zT A[i]sA

p_p

R andzˆ

B

U i is the estimation error given by

a complicated expression. Denote ˆ2

A = E

h ˆ

zA

U i zˆU iA

Hi

=

pA A2

pR andˆ

2

B=E

h ˆ

zB

U i zˆU iB

Hi

whereˆ2

B can be calculated

by simulation as ˆ2

B =E

h ˆ

uB

i ui uˆBi ui

Hi

. AszˆB

U i is

neither independent fromui nor Gaussian we have the lower

bound ofI( ˆUA

i ; ˆUBi )as

I( ˆUAi ; ˆUBi ) C 0

@ pA 2Ai ˆ2

A+ ˆ2B+

ˆ2

AˆB2

pA Ai2

1

A. (20)

On the other hand,sA is a known vector and all channels are

independent, so ui are independent. Hence we have the key

rate corresponding toui as

I( ˆUA_{; ˆ}_UB₎

q+ 2 = 1

q+ 2 q X

i=1

I( ˆUA

i; ˆUBi ) (21)

1

q+ 2 q X

i=1

C 0

@ pA Ai2 ˆ2

A+ ˆB2 +

ˆ2

Aˆ

2

B

pA 2Ai

1 A_,KU i

(22) where the denominator of q + 2 is due to q + 2 channel uses. Because ui and vi are independent, the total key rate

(4)

2) Leaked Key to the RSs: We can first re-writeyRi in (8)

as yRi = ui +vi +zRi. As all ui and vi, i = 1,2, ..., q

are independent, the best the RSs can do to get the more information about the key is that each RS estimates ui and

vi from its received signal. Then, RS i quantizes ui treating

vi as noise with achievable rateRiu and quantize vi treating

ui as noise with achievable rateRvi. Here, we have equations

I⇣Uˆki;YRi ⌘

= log2|

WkU i||WRi|

|W_{U Ri|}k (23)

wherek=_{A, B_},_k¯₌_A _if_k₌_B_,_k¯₌_B _if_k₌_A _and

WU ik =E ⇥

uki uki)H ⇤

=pk ki2 + ˆk2,

WRi=E⇥yRi uRi)H ⇤=pk ki2 +p¯k 2¯_ki+ 2R,

Wk

RU i=E

✓

uk i

yRi ◆

uk

i yRi

H

(24)

= (pk 2ki+ ˆk2)(p¯k 2¯ki+

2

R ˆ2k). (25)

Therefore,

I⇣Uˆki;YRi ⌘

= C pk

2

ki+ ˆk2

p¯_k 2_¯_ki+ _R2 ˆ2_k

!

. (26)

Corresponding to component ui, the leaked key rate is

LU i= 1

q+ 2maxk I ⇣

ˆ

Uki;YRi ⌘

. (27)

The leaked key rate corresponding to vi is also given as

LV i in a similar form. The total leaked key rate is L = P

i(LU i+LV i).

C. Achievable Secret Key Rate

All signals that A, B and the RSs observe are{YA, yA[q+ 2]_},{YB, yB[q+ 2]},yR, respectively. Therefore, the rate of

the secret key shared between A and B can be written as S0=S(YA, yA[q+ 2];YB, yB[q+ 2]kYR). (28)

That is the secret key rate A and B can achieve based on all the received signals. However, in this paper, we propose a key generation scheme to generate the key based on signalsuiand

vi, the secret rate of the proposed scheme is

S1=S

⇣ ˆ

UA,VˆA; ˆUB,VˆB_kYR ⌘

. (29)

Certainly, at A, the information aboutuiandviis less than that

of _{YA, yA[q+ 2]}, i.e.,H( ˆUA,VˆA)< H(YA, YA[q+ 2]).

At B, H( ˆUB_,_V_ˆB₎_{< H}₍_Y

B, YB[q+ 2]), therefore S1< S0. The lower bound can be written as S0 S1 K L. In Section IV, we will use this lower bound to show the benefits of the proposed scheme in simulation results.

IV. SIMULATIONRESULTS

In this section, we use Monte Carlo simulation to show the benefits of our proposed scheme. First, we shown the results in case only the relay channel is considered and the distances from A and B to any RS are fixed at 1. Second, we consider a different scenario where the distances are varied and the secret key generation using the relay channel and the direct channel are compared.

0 5 10 15 20 25 30

0 2 4 6 8 10 12 14 16

SNR (dB)

Key rate (bits/channel use)

Key rate, Col Leaked key rate, Col Secret key rate, Col Con, Non−col Con, Col

Fig. 2. Secret key rate with varied SNR when there are 4 RSs and 5 antennas at A and B.

A. Relay Channel

We consider a relay scenario where the channels from the legitimate nodes to the relay node are circularly-symmetric complex normal random variables. We consider the case when A and B are fixed at (0, 0) and (2, 0). The RSs are uniformly distributed in a square with an edge of 2 and center at (1, 0). The channels are given in the form of h

dl2 as introduced

in Section II and path loss exponent l = 3. Fig. 2 shows that, when there are 4 RSs and 5 antennas at A and B, at meidum and high SNR regions, our proposed scheme working with fully-colluding RSs is even better than a conventional scheme (Con) working with non-colluding RSs in [7]. Because that conventional scheme was designed for non-colluding RSs, when the RSs are cooperation (Col), they know all information about the key thus the secret key rate in that case is 0 as shown.

Fig. 3 shows the rates when the number of the RSs, q, is varied when SNR = 20dB and there are 10 antennas at A and B. The more RSs, the more combinations used for key generation, therefore the key rate increases withq. However, the rate q

q+2converges to 1, consequently, the rate will saturate at greatq.

B. Comparison with Direct Scheme

In this subsection, we compare the secret key rates generated by a relay channel and a diret channel. First we describe the model of the direct channel we use. Consider the direct channel betweenm-antenna A andn-antenna B, there aremn channels between A and B as considered in [18]. However, in order to have information about all these channels at both A and B, we need at leastm+ntime slots as follows. In sloti, i_m, antennaiof A transmits a training symbol,mantennas of B receive and estimate all channels hij, j = 1,2, ..., n.

(5)

1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 0

5 10 15

Number of RSs

Key rate (bits/channel use)

Key rate, Col Leaked key rate, Col Secret key rate, Col

Fig. 3. Secret key rate with varied number of RSs when SNR = 20dB and there are 7 antennas at A and B.

For the direct channel, we consider one antenna at A and n antennas from B to generate the secret key. In slot 1, A transmits a training symbolppA and B receives

yB =ppAh+zB. (30)

In slot i, 2 _ i _ n+ 1, antenna i of B transmits training symbol ppB and A receives

yAi=ppBhi+zAi. (31)

Then B estimateshfromyB as

ˆ

hB= _p1

pA

yB =h+ 1

p_p

A

zB (32)

in which ˆ_hB

i is given by

ˆ

hBi = 1

p_p

A

yBi=hi+p1

pA

zBi. (33)

Similarly, A estimates hi fromyAi as

ˆ

hAi = 1

p_p

B

yAi=hi+ 1

p_p

B

zAi. (34)

We have the key rate

Kd= 1

n+ 1 n X

i=1

I(ˆhAi ; ˆhBi ) (35)

= 1

n+ 1 n X

i=1

C 0

@ 2 2

A

pB +

2

B

pA +

2

A B2

2 1

A. (36)

In (35), the first equation is due to independence of the chan-nels. The second one is from a result in [19]. Since all channels are independent, any untrusted node, e.g., eavesdropper, if existing in this case cannot get any information about the key, and the key (35) is also the secret key rate.

In Fig. 4, we compare the secret key rates generated with the relay channel and the direct channel. To compare the secret

10−3 10−2 10−1 100 101 102

0 10 20 30 40 50 60 70 80 90 100

Normalized distance

Rate (bits/channel use)

Leaked, Col Key, Col Secret, Col Con, Non−col Direct

Fig. 4. Secret key rate in direct and relaying scenarios when SNR = 20dB, pathloss exponent is 3 anddo=3₂d.

key rates achieved in 6 time slots, we use one antenna at A and 5 antennas at B for the direct channel case, and use 5 antennas at both A and B and 4 untrusted RS for the relay channel case. We also assume the distance from any RS to both A and B isd and the distance from A to B is 3

2d. The relay scheme achieves a higher secret key rate than the direct scheme in most distance ranges. It shows that although the RSs are untrusted, exploiting RSs can be beneficial for secret key generation.

V. CONCLUSION

We propose a novel key generation scheme for a scenario with two multi-antenna legitimate nodes and multiple single-antennauntrusted relays. A linear combination of coefficients of the channels from the antennas of a legitimate node to a relay is used to generate a key. We derived a lower bound of the secret key rate for the colluding relays. Numerical results showed that a secret key rate of 14 bits/channel use can be achieved at 20-dB SNR.

ACKNOWLEDGEMENT

This work was partly supported by the Temasek Research Fellowship, the SRG ISTD 2012037, SUTD-MIT International Design Centre under Grant IDSF1200106OH, the A*STAR SERC Grant 1224104048 and by the National Natural Science Foundation of China under grant no. 61301166 and 61363069.

REFERENCES

[1] J. Lee, A. Conti, A. Rabbachin, and M. Win, “Distributed network secrecy,”IEEE Journal on Sel. Areas in Commun., vol. 31, pp. 1889– 1900, Sep. 2013.

[2] M. Z. Win, A. Rabbachin, J. Lee, and A. Conti, “Cognitive network secrecy with interference engineering,”IEEE Netw., 2014.

(6)

[4] V. N. Q. Bao, N. Linh-Trung, and M. Debbah, “Relay selection schemes for dual-hop networks under security constraints with multiple eaves-droppers,”IEEE Transactions on Wireless Commun., vol. 12, pp. 6076– 6085, Dec. 2013.

[5] L. Wang, M. Elkashlan, J. Huang, N. H. Tran, and T. Q. Duong, “Secure transmission with optimal power allocation in untrusted relay networks,” IEEE Wireless Commun. Lett., vol. 3, pp. 289–292, Jun. 2014. [6] K. Ren, H. Su, and Q. Wang, “Secret key generation exploiting channel

characteristics in wireless communications,”IEEE Wireless Commun., vol. 18, pp. 6–12, Aug. 2011.

[7] L. Lai, Y. Liang, and W. Du, “Cooperative key generation in wireless networks,”IEEE Journal on Sel. Areas in Commun., vol. 30, pp. 1578– 1588, Sep. 2012.

[8] Q. Wang, K. Xu, and K. Ren, “Cooperative secret key generation from phase estimation in narrowband fading channels,”IEEE Journal on Sel. Areas in Commun., vol. 30, pp. 1666–1674, Oct. 2012.

[9] F. Sun and E. de Carvalho, “Degrees of freedom of asymmetrical multi-way relay networks,” inProc. IEEE Int. Workshop on Signal Process. Advances in Wireless Commun., pp. 531–535, June 2011.

[10] F. Sun, T. Kim, A. Paulraj, E. de Carvalho, and P. Popovski, “Cell-edge multi-user relaying with overhearing,” IEEE Commun. Lett., vol. 17, no. 6, pp. 1160–1163, Jun. 2013.

[11] L. Lu, F. Sun, M. Xiao, and L. Rasmussen, “Relay-aided multi-cell broadcasting with random network coding,” in IEEE Int. Symp. on Inform. Theory and its Applications, pp. 957–962, Oct. 2010. [12] H. Zhou, L. Huie, and L. Lai, “Secret key generation in the two-way

relay channel with active attackers,”IEEE Trans. on Inform. Forensics and Security,, vol. 9, pp. 476–488, Mar. 2014.

[13] T. Shimizu, H. Iwai, and H. Sasaoka, “Physical-layer secret key agree-ment in two-way wireless relaying systems,”IEEE Trans. on Inform. Forensics and Security, vol. 6, pp. 650–660, Sep. 2011.

[14] X. He and A. Yener, “Cooperation with an untrusted relay: A se-crecy perspective,”Information Theory, IEEE Transactions on, vol. 56, pp. 3807–3827, Aug. 2010.

[15] X. He and A. Yener, “Strong secrecy and reliable byzantine detection in the presence of an untrusted relay,”IEEE Trans. on Inform. Theory, vol. 59, pp. 177–192, Jan. 2013.

[16] R. Ahlswede and I. Csiszar, “Common randomness in information theory and cryptography. i. secret sharing,”IEEE Trans. on Inform. Theory, vol. 39, pp. 1121–1132, Jul. 1993.

[17] T. Shimizu, H. Iwai, and H. Sasaoka, “Physical-layer secret key agree-ment in two-way wireless relaying systems,”IEEE Trans. on Inform. Forensics and Security,, vol. 6, pp. 650–660, Sep. 2011.

[18] K. Zeng, D. Wu, A. Chan, and P. Mohapatra, “Exploiting multiple-antenna diversity for shared secret key generation in wireless networks,” inProc. IEEE Conf. on Computer Commun. (INFOCOM), pp. 1–9, Mar. 2010.