CPRO?PKG：一种基于信道极化响应混淆的物理层密钥生成方案

李瑞; 徐锦龙; 魏冬; 张萌

引用本文：

李瑞,徐锦龙,魏冬,张萌.CPRO?PKG：一种基于信道极化响应混淆的物理层密钥生成方案[J].信息安全学报,已采用 [点击复制]
LI Rui,Xu Jinlong,Wei Dong,Zhang Meng.CPRO-PKG: A Physical Layer Key Generation Scheme Based on Channel Polarization Response Obfuscation[J].Journal of Cyber Security,Accept [点击复制]

本文已被：浏览 13次下载 0次
CPRO?PKG：一种基于信道极化响应混淆的物理层密钥生成方案
李瑞^1,2, 徐锦龙^1,2, 魏冬^1,2, 张萌^1,2
0 字体:加大+\|默认\|缩小-
(1.中国科学院大学网络空间安全学院;2.中国科学院信息工程研究所)

摘要:

物理层密钥生成（PKG）利用无线信道的互易性与空间去相关性，使合法通信双方在观测同一时频资源时提取共享随机性，从而生成会话密钥。然而，在静止或缓慢变化的场景中，基于接收信号强度或信道状态信息的传统方法往往面临信息量不足的问题，导致密钥生成速率显著下降，并且容易受到预测信道、位置重放等多种攻击。现有针对慢变信道的策略多通过对CSI引入人工扰动（如天线调度、随机滤波）来增强波动性，但这常伴随额外硬件开销或协议适配限制。本文提出一种名为 CPRO-PKG 的方案，即基于信道极化响应混淆的物理层密钥生成方法。该方案将由去极化效应形成的信道极化响应（CPR）作为新的随机密钥来源。通过双极化天线的虚拟变极化发送能力，CPRO-PKG可在不修改现有协议栈的情况下实现快速混淆。鉴于CPR在上行与下行中涉及极化矩阵转置，从而给互易性提取带来困难，本文设计了三阶段的TDD混淆提取机制，使Alice与Bob无需显式交换混淆因子即可构造互易的一致混淆CPR变量，同时保证各自混淆因子相互独立。面向低信噪比边缘设备，本文进一步引入CPR相干堆叠、两阶段平滑处理，以及由动态危险区驱动的自适应模拟量量化以保留高有效位并动态丢弃风险区间。结合RS码+CRC信息一致性校验与SHA-512隐私放大，构建端到端密钥生成链路。通过软件无线电实验评估，结果表明：相干堆叠显著扩展低SNR可用区域，将全局可用阈值由约17 dB降至0 dB。在SNR为0–30 dB范围内，CPRO-PKG的密钥匹配率稳定在约0.96；在20 dB时密钥生成率达到68.19 Mbps。在30 dB时，基于SHA-512的最终密钥序列能够通过NIST STS随机性测试。在安全性方面，本文形式化给出三类攻击模型：位置重放、可预测操控以及混淆因子推断/分类攻击，并给出可区分性分析：当三轮探测不复用公开导频且每轮负载对窃听者未知时，混淆因子与未知符号比值的耦合使逆向求解在统计上难以区分。进一步的评估曲线显示：在未知负载设置下，窃听者匹配率不超过“最优常数猜测”的偏置上界（约0.59–0.67）。

关键词: 物理层密钥生成双极化天线信道极化响应极化混淆

DOI：

投稿时间：2026-02-28修订日期：2026-05-26

基金项目:国家重点研发计划

CPRO-PKG: A Physical Layer Key Generation Scheme Based on Channel Polarization Response Obfuscation

LI Rui^1,2, Xu Jinlong^1,2, Wei Dong^1,2, Zhang Meng^1,2

(1.School of Cyber Security,University of Chinese Academy of Sciences,Beijing;2.Institute of Information Engineering, Chinese Academy of Sciences)

Abstract:

Physical-layer key generation (PKG) exploits wireless-channel reciprocity and spatial decorrelation so that two legitimate nodes can extract common randomness from shared spatiotemporal observations and derive session keys. In static or slowly varying channels, however, RSS/CSI-based PKG provides limited entropy, yielding low key generation rates and increased susceptibility to channel prediction and position-replay attacks. Prior work for slow fading typically injects artificial perturbations into CSI (e.g., antenna scheduling or random filtering), but such approaches may require extra hardware, constrain protocol design, or disturb CSI-dependent functions. We propose CPRO-PKG, a CPR-Obfuscation PKG scheme that uses the channel polarization response (CPR) induced by depolarization as a fresh randomness source. Using dual-polarized antennas, CPRO-PKG performs rapid virtual polarization switching to scramble CPR without changing the existing protocol stack. Because CPR measurements involve polarization-matrix transposition across uplink and downlink, direct reciprocity extraction is nontrivial. We therefore design a three-stage TDD scrambling–extraction mechanism that lets Alice and Bob obtain mutually consistent scrambled CPR variables without explicitly exchanging scrambling factors, while keeping their scrambling factors independent. To support low-SNR edge devices, CPRO-PKG incorporates CPR coherent stacking, two-stage smoothing, and adaptive analog quantization driven by dynamic danger zones, retaining high-significance bits while dynamically discarding risk intervals. Reed–Solomon coding with CRC-based consistency checking and SHA-512 privacy amplification completes an end-to-end key-generation pipeline. Software-radio experiments show that coherent stacking markedly enlarges the low-SNR operating region, reducing the global usability threshold from about 17 dB to 0 dB. Over SNR = 0–30 dB, CPRO-PKG sustains a key matching rate around 0.96. At 20 dB, it achieves 68.19 Mbps key generation. At 30 dB, the SHA-512-derived keys consistently pass multiple NIST STS randomness tests. We further formalize three adversarial models—position replay, predictable channel manipulation, and obfuscation-factor inference/classification—and provide a distinguishability argument: when three probing rounds use non-public pilot sequences and each round’s payload is unknown to the eavesdropper, the coupling between the obfuscation factor and unknown symbol ratios makes inversion statistically indistinguishable. Under unknown-payload settings, the eavesdropper’s matching rate stays within the “optimal constant guessing” bound (approximately 0.59–0.67) for practical wireless deployments.

Key words: physical layer key generation dual-polarization antenna channel polarization response polarization obfuscation