A Practical Man-in-theMiddle Attack on Signal-Based Key Generation Protocols

Generating secret keys using physical properties of the wireless channel has recently become a popular research area. The main security assumption of these protocols is that a sufficiently distant adversary is unable to guess a generated secret due to the unpredictable behavior of multipath signal propagation. In this paper, the authors introduce a practical and efficient man-in-the-middle attack against such protocols. Using this attack, they demonstrate: intentional sabotaging of key generation schemes, which leads to a high key disagreement rate, and a key recovery that reveals up to 47% of the generated secret bits. They analyze statistical countermeasures (often proposed in related work) and show that attempting to detect such attacks results in a high false positive rate, questioning the overall benefit of such schemes.