The Passive Eavesdropper Affects my Channel: Secret-Key Rates under Real-World Conditions (Extended Version)

Channel-reciprocity based key generation (CRKG) has gained significant importance as it has recently been proposed as a potential lightweight security solution for IoT devices. However, the impact of the attacker's position in close range has only rarely been evaluated in practice, posing an open research problem about the security of real-world realizations. Furthermore, this would further bridge the gap between theoretical channel models and their practice-oriented realizations. For security metrics, we utilize cross-correlation, mutual information, and a lower bound on secret-key capacity. We design a practical setup of three parties such that the channel statistics, although based on joint randomness, are always reproducible. We run experiments to obtain channel states and evaluate the aforementioned metrics for the impact of an attacker depending on his position. It turns out the attacker himself affects the outcome, which has not been adequately regarded yet in standard channel models.