MAPI: Key Generation Scheme for Security in V2V Communication Environment based RSS

Vehicular ad-hoc network is an exciting study that aims to improve driver safety in driving. Vehicle-to-vehicle (V2V) is communications between vehicles that occurs on a VANET using wireless channels. This channel allows vehicles to share personal or safety information with other vehicles. Vehicle communication is potentially vulnerable to adversaries' security attacks that can harm the driver and other legitimate users. Therefore, it requires a high-security system. This research proposes a new scheme, namely the MAPI (Mike-Amang-Prima-Inka), as a modified secret key generation scheme obtained from received signal strength (RSS) values. Our research focuses on obtaining a symmetric key that has a high key formation speed (KFS) with a low-key discrepancy level (KDL), while still thinking about the randomness and ensure safety from passive attackers. In the pre-processing, we use a combination of Kalman Filter and Polynomial Regression by modifying the parameters to produce the best performance. We also modified the grey code in the Modified Multibit (MMB) Quantization method to reduce the quantization bit mismatch. Our approach to the MAPI scheme can assign symmetric keys with better performance than existing schemes, increasing KFS and decreasing KDL up to 100%. Moreover, the scheme can generate a symmetric key that deals with NIST's statistical tests. Keywords— vehicle-to-vehicle; secret key generation scheme; modified pre-processing method; modified quantization method.

A classic cryptographic scheme can be used to meet the security of V2V communication. The scheme depends on the key used by two legitimate parties that will communicate. It can be divided into two; asymmetric cryptographic schemes and symmetric cryptographic schemes [6]. Asymmetric cryptographic schemes use a different personal key and the same universal key, while symmetric cryptographic schemes use the same symmetric key. These classic cryptographic schemes are vulnerable to attacks because it requires symmetric key distribution between legitimate users. Also, asymmetric schemes require an infrastructure of key management to be secured to disseminate universal key, and most algorithms consume much computational time [7]. The main challenge in-vehicle networks are high mobility, so it requires less-complex algorithms for security. Also, key management needs to be explicitly handled because the algorithm used in security depends on the key [8].
The secret key generation (SKG) scheme is the solution to deal with these problems. The SKG used the characteristics of wireless channels that are unpredictable and random [9], 10]. The fundamental of channel reciprocity is used to show the similarity of channel characteristics of the sender and receiver if the measurement is in the coherence time [11]. There are several parameters for obtaining information from a wireless network channel: received signal strength (RSS) [12], [13], channel status information (CSI) [14], and channel impulse response (CIR) [15]. CIS and CIR are parameters provided by multipath wireless channels. These parameters have three main advantages; uniform distribution of the channel phase to increase critical confidentiality, a higher secret key generation rate, and automatic key extraction [15]. However, most wireless devices need modification to display all channel information, requiring a lot of effort and difficulty [16]. Many studies use RSS-based approaches as parameters of wireless channels to produce secret keys in Physical Layer Security (PLS) [17]. We used RSS as a parameter because of not requiring hardware modification. Also, RSS-based schemes are more reliable in synchronization [18]. RSS is obtained from the average of signals strength received by each legitimate user for a certain period.
There are three performance evaluations in the SKG scheme, namely key discrepancy level (KDL), key formation speed (KFS), and randomness. The trade-off that must be dealt with is that increasing KFS will result in high KDL, and a decrease in KDL will be followed by a low in KFS. RSS-based key generation schemes have low key formation speed (KFS). The smaller the KFS value, the more challenging it is to produce symmetric keys because the cryptographic scheme requires a particular key length, such as AES, requiring a minimum key length of 128 bits. Several studies have modified the conventional SKG scheme by adding a signal pre-processing stage to increase wireless channels' reciprocity [16], [21]. Scheme [16], [20] discards the information reconciliation stage for security reasons. There are two methods of quantization, namely lossless quantization and lossy quantization. The lossy quantization method removes some of the bits extracted from the RSS measurement that does not meet the specified threshold. Therefore, it has a low KFS. In comparison, lossless quantization does not discard any bits, so it has a high KFS.
In this paper, we propose the MAPI scheme as an RSSbased secret key generation scheme. The scheme can improve key symmetrical generation performance compared to other existing schemes in the V2V communication environment. This study indicates that the MAPI scheme can increase the correlation of legitimate users up to 0.99. In terms of KFS and KDL, this scheme can also increase KFS significantly more than 100% and reduce KDL up to 100% compared to the existing scheme. Decreasing the KDL can improve the probability of generating a symmetrical key.

II. MATERIAL AND METHOD
This section describes the implementation, the proposed system design, and the performance parameter of the MAPI scheme. The implementation section describes the measurement scenario in V2V communication and the device's specifications when measuring. The system design shows the stages used to generate the symmetric secret key and the MAPI scheme algorithm. The performance parameters are used to show the success of the system being built.

A. Implementation and Experimental Environment
The proposed secret key generation system is implemented on 3 Raspberry Pi 3 (Model B) with Raspbian as the OS. Raspbian is a Linux version explicitly built for the Raspberry Pi. Two devices become Alice and Bob as legitimate users, and the remaining device becomes a nonlegitimate user, namely Eve. The high-level programming languages used are Python 3.6 for processing data and C language for NIST Test. Channel characteristics measurement in the V2V environment used an 802.11ac wireless USB adapter that operates at a frequency of 5.8 GHz. It is used to send ICMP packets and measure RSS values between Alice and Bob. Fig. 2 and Fig. 3 shows the devices used in this system. Raspberry 1 (Alice) and Raspberry 2 (Bob) are two legitimate vehicles that create an ad-hoc wireless network to communicate peer-to-peer. Raspberry 3 (Eve) is a nonlegitimate vehicle as a passive attacker that intercepts communication between them to get RSS. Therefore, Eve has the potential to generate identical keys with legitimate users. In this scenario, Alice became the initiator, and Bob became the responder. Alice transmits PING with a specific time interval , then Bob collects RSS measurements based on PING by Alice. Bob 3 meters away from Alice sends RESPOND after a delay (τ), then Alice collects RSS measurement based on RESPOND by Bob. The mechanism of RSS measurements is shown in Fig. 4. In this measurement, we collected 2000 RSS data in Suramadu Street, Surabaya, as shown in Fig. 5. In this research, there are two measurement conditions, i.e., quiet and crowded conditions, as shown in Table 1 and Table 2. Quiet conditions are expressed as scenario A1 to scenario F1, and crowded conditions are expressed as scenario A2 to scenario F2. We assume the condition is quiet when the volume of the vehicle is low, so there are no obstacles between Alice and Bob. At the same time, the condition is crowded when the volume of vehicles is high. The speed variations of users are 40 km/h, 50 km/h, and 60 km/h. Each speed has two-timed intervals, above and below the coherence time.

B. Proposed System Design
The MAPI scheme consists of four stages to produce symmetric secret key: channel examining, signal preprocessing, quantization, and the last is privacy amplification. The MHPK (modified hybrid Polynomial Regression and Kalman Filter) method is used at the signal pre-processing stage adopted from a previous study [19]. At the second stage, the method used is Dual-Bit Quantization [17] as modified from MMB Quantization combined with a Sequential Bit Remover Technique [19]. The Universal Hash and SHA-256 functions are used at the privacy amplification stage to increase security and key verification between Alice and Bob, respectively. We explain in detail each stage of the proposed MAPI scheme, as shown in Fig. 6.

1) Channel Examining:
Channel examining is the first stage in the MAPI scheme to collect randomness from wireless channel characteristics reciprocally to get the RSS values. We captured RSS values between legitimate vehicles by utilizing PING commands that use the ICMP protocol at certain time intervals [21]. We used the V2V environment communication scenario between Alice and Bob as a legitimate vehicle and Eve as an eavesdropper vehicle. Alice and Bob perform channel examining to obtain RSS measurement values with varying vehicle speeds and ping intervals. Meanwhile, Eve tries to capture the legitimate user RSS to generate a key that is identical to them. The scenario design in this paper is shown in Figs. 7.

Bob Alice
Eve To produce a similar RSS between two legitimate users, the calculation of the time interval in the channel examining is based on coherence time . The coherence time is inverse to the maximum Doppler frequency , as shown in Equation (1) [14]. In Equation (2), is the vehicle speeds of Alice and Bob. In Equation (3), c = 3 x 10 8, and f c is the frequency used in V2V communication (5.8 GHz). Therefore, based on the variation in speed, the coherence time values are 4.7 ms, 3.7 ms, and 3.1 ms, respectively.

1
(1) Based on the scenario in Fig. 7, it is assumed that the information channel measured by Alice from Bob is ℎ and that measured by Bob from Alice is ℎ . Eve tapped Alice and Bob's measurements until she obtained an information channel from Alice ℎ and from Bob ℎ . After the channel examining stage, the legitimate and non-legitimate user will get a set of RSS values represented in Equations (4), (5), (6), and (7). The principle of wireless channels reciprocity shows that legitimate users will have a high correlation if the measurements are conducted in coherence time, so ℎ ℎ [16]. Due to the Eve distance is more than of the wavelength (λ/2) from Alice and Bob, so it is hard for Eve to produce an identical key because it does not correlate with Alice and Bob [16].
2) Signal Pre-processing: The purpose of this second stage is to increase the RSS correlation coefficient that has been measured by Alice and Bob. We use MHPK method to improve channels reciprocity. It is assumed that Eve also used the same algorithm as legitimate users. In the Polynomial Regression, RSS data measurements are then divided into N blocks as Equation (8). In this case, we divide the RSS data into 20 data blocks.
Each block contains several & RSS data, where subscript is replaced by ./ for Alice, /. for Bob, /0 and .0 for Eve. In this paper, we model each block of RSS measurement data using the 2nd order polynomial as shown in Equation (9), where ℎ is the RSS data at the time $ with 1 1,2, 3, … , & . Furthermore, the usual equation of Polynomial in the form of a matrix is shown in Equation (10). Finally, RSS data estimation can be obtained based on Equation (9) by obtaining three unknown polynomial coefficients in Equation (10).  [18] RSS estimation from Polynomial Regression is processed using the Kalman Filter method on each data block (the same as Polynomial Regression). Kalman Filter works recursively by using a priori and a posteriori estimates to get RSS prediction values. The initial estimation of RSS is conducted by the time update equation, while the measurement update equation performs the correction of the prediction. Kalman Filter process is described in Fig. 8.
The input of time update equation is a priori estimation $ 34 , a priori covariance error 5 34 , and a covariance noise process 6 . The input of the measurement update is a posteriori estimation $ 7 3 , a posteriori covariance error (5 3 , Kalman gain 8 3 , covariance noise measurement 9), and RSS data from the previous Polynomial Regression process : 3 . Also, A and H are the measurement status at the time of prediction and correction, respectively. We initialize some Kalman Filter parameters, such as A = 0.1, H = 0, R = 0.25, and Q = 0.12. These parameters can provide the best configuration in the proposed scheme.

3) Quantization:
After obtaining RSS data with a high correlation, the data is converted to bit form at this stage. The MAPI scheme used the Dual-Bit Quantization method [17] as a lossless quantization. In this case, RSS data are divided into 20 blocks, then quantized based on the threshold at each level as below: The level is determined based on the average of each block = , the standard deviation of each block @ , and the constant >, which is 5. RSS data are converted into two binary bits until the total of bits is twice as the RSS data because there are no bits removed. Dual-Bit Quantization method can increase the KFS value, but the randomness has not been fulfilled. We use the Sequential Bit Remover Technique to increase bit randomness. We divided the bits into several blocks; there are 3 bits in one block. If three sequential bits in a block are equal, then the block is converted to a bit "1" or "0". Otherwise, if there are different bits in a block, then the block is removed. There are bit indexes exchange which is discarded between Alice and Bob, so this technique can also reduce bit errors. Therefore, the output bit has a low KDL value. However, this exchange process cannot be imitated by eavesdroppers.

4) Privacy Amplification:
The quantization output's initial key bits have not met the NIST Test randomness requirements. The Universal Hash function is used to increase the initial key bits [19]. This stage produces some keys with high entropy. Legitimate users use the key with the highest entropy as the symmetrical secret key. Keys that are approved by legitimate users are verified using SHA-256 function to ensure keys are identical. This verification process requires the exchange of key digest so that the eavesdropper cannot obtain the actual key. If Alice's key digest is the same as Bob's key digest, then the agreed key can be used as a secret key for the cryptosystem. Otherwise, this means there is still a mismatch of the remaining bits.

5) Symmetric Cryptography:
After Alice and Bob successfully verify the agreed key, then the symmetric key is used to send a secure important message. We use AES-256 in this stage as symmetrical cryptography, which requires one symmetrical secret key between legitimate users. Besides that, the SHA-256 function is used again to send ciphertext from Alice to Bob, so it is not misused by third parties [18].

C. Performance Parameter
The MAPI scheme is designed to create symmetric secret keys for encryption and decryption. Thus, the scheme can be evaluated in 3 essential parameters: key disagreement rate (KDL), key generation rate (KFS), and randomness. The explanation of these parameters is as follows.

1) KDL:
In this experiment, we evaluated two types of KDL parameters, namely KDL M and KDL L . KDL M shows the discrepancy bit between two users to the total of bits generated after Dual-Bit Quantization process. KDL L shows the discrepancy bit between two users to the total number of bits generated after Sequential Bit Remover process. The KDL parameters of all users are expressed as a percentage. If the KDL value is getting lower, then the legitimate users are easier to create an identical secret key.
2) KFS: KFS is the number of bits generated per second. In general, KFS parameters are evaluated after the quantization process. However, in this experiment, we evaluated KFS after the Sequential Bit Remover process because Dual-Bit Quantization is a lossless quantization that produces the same total number of bits. Therefore, it cannot be compared. The KFS parameter between Alice-Bob, Eve-Alice, and Eve-Bob are expressed as bit per second (bps).

3) Randomness:
The NIST Test used the p-value as a key randomness level reference. The secret key is entirely random if the p-value is equal to 1. The p-value parameter ranges from 0.001 until 0.1. The p-value chosen is 0.01 for cryptographic applications. If p-value > 0.01, the secret key bit passes the randomness requirement.

III. RESULTS AND DISCUSSION
We conduct tests in the V2V environment to find out the performance of the MAPI scheme and analyze it with another existing scheme.

A. Channel Examining
We collect the RSS values between two legitimate users in this stage. The initial correlation coefficients for each scenario in two different traffic conditions can be seen in Table 3 and Table 4.  In this research, Alice and Bob's coefficient correlation value is higher than the value between Eve and legitimate users. These results make eavesdropper challenging to generate an identical key. The highest correlation coefficient value between legitimate users in quiet and crowded conditions is scenario A1 and scenario A2. The measurement results show that the RSS data between Alice and Bob in quiet conditions is more similar than in crowded conditions; consequently, the correlation coefficient value in scenario A1 is higher than scenario A2. This result is because the volume of vehicles in crowded conditions is higher than in quiet conditions, causing a response delay at the time of measurement.
Analysis of Alice and Bob's correlation value is obtained by dividing the RSS data into 20 blocks. The test results show that in scenario A2, there are nine blocks with negative correlation values, and there is one block with correlation values of more than 0.5. In scenario A1 there are five blocks with negative correlation values, and there are two blocks with correlation values of more than 0.5. Measurement scenarios with time intervals below coherence time have a higher correlation than time intervals above coherence time. However, this causes a low randomness level because of the RSS similarity is very high.

B. Improved Correlation using MHPK Method
We use MHPK method to increase reciprocity between legitimate users. Table 5 and Table 6 show the correlation coefficients of the MHPK method performance in two conditions. This method can significantly enhance the correlation of legitimate users up to 0.99 in all scenarios. However, it does not significantly increase the correlation of Eve with legitimate users. Thus, our pre-processing method can maintain the security factor by ensuring that nonlegitimate users cannot generate secret keys identical to legitimate users. The average correlation coefficient in quiet conditions does not significantly differ with crowded conditions because each RSS data block has a high correlation after the pre-processing stage.

C. Quantization Measurement
RSS data that has been pre-processed is quantized using the proposed Dual-Bit Quantization. The quantization process converts RSS data into two bits without discarding any bits, so this process produces 4000 bits. Therefore, the KFS parameters cannot be compared after the quantization process. The evaluation parameter that can be compared is bit mismatch (KDL M ) between the users, as shown in Table  7 and Table 8.  Table 7 shows that the average KDL M of legitimate users in the quiet condition is 0.3%. The non-legitimate user average is 24.73% and 24.44% for Eve with Alice and Eve with Bob, respectively. The results show that the KDL M Eve value is very high compared to legitimate users because the RSS correlation is very low even after the pre-processing stage. A high KDL M value indicates many error bits between the bits produced by Eve and legitimate users, making it difficult for Eve to get identical vital bits. Table 8 shows that the average KDL M of legitimate users in the crowded condition is 0.16%. In comparison, the non-legitimate user has a higher average KDL M , which is 24.44% for Eve with Alice and Eve with Bob. These results are the same as the quiet condition where Eve is challenging to produce the same key as legitimate users because it has a high KDL M value.
The lowest KDL M between Alice and Bob in quiet conditions is 0% (scenario B1). Whereas in crowded conditions, scenarios D2 and E2 have the lowest KDL M with a value of 0.05%. There are several scenarios where the KDL M of legitimate users in quiet conditions is higher than crowded conditions at the same speed and interval. This result shows that the quiet condition does not guarantee to have a lower bit mismatch than the crowded condition due to the pre-processing stage before quantization.
The bits produced from the quantization process have low randomness. Sequential Bit Remover Technique is used to increase the randomness of key bits between legitimate users. This algorithm can reduce the KDL L of Alice and Bob's to 0% in all scenarios, both quiet and crowded conditions. This case means there are no bit errors, so there is a high probability of generating the same secret key. The block index removed by Alice will also be removed by Bob, and vice versa. It is assumed that Eve knows the indexes being exchanged, and Eve will discard them too. However, Eve did not send the index block that was discarded to Alice or Bob. Thus, the number of bits from Eve after the Sequential Bit Remover process is different from the legitimate user. Therefore, in this paper, the KDLL of Eve was not analyzed.
The highest KFS between Alice and Bob in quiet conditions is 43.64 bps (scenario E1). Whereas in crowded conditions is 44.02 bps (scenario E2). It can be seen that the highest KFS of Alice and Bob has the same speed and time interval in quiet and crowded conditions. The higher the vehicle speed, the higher the KFS. Scenarios with time intervals above coherence time have smaller KFS values than those below coherence time. Based on Table 9 and Table 10, the KFS value of Eve is much smaller than the KFS of Alice and Bob. In almost all scenarios, Eve has a KFS value of 0 bps, which means all bits are discarded in the Level Crossing process. In this paper, the required secret key size is 256 bits for the symmetric cryptography process, which is AES-256. So, Eve cannot generate a secret key because the resulting key bits are insufficient. Therefore, the MAPI scheme can generate secure secret keys.  Some comparison schemes to evaluate the performance of the MAPI scheme [17], [19]- [21]. All of the comparison schemes use the pre-process before the quantization stage and are implemented on devices that support IoT technology.
It is assumed that all comparison schemes use the Level Crossing algorithm to improve randomness and use the same privacy amplification function as the MAPI scheme. Thus, the difference between the comparison scheme with the MAPI scheme is the pre-process and quantization methods used. In this case, the parameters being compared are KDL M , KDL L , and KFS of legitimate users. Scheme [19] used the HPK method in the signal preprocessing stage and MMB Quantization at the quantization stage. This scheme does not divide the RSS data into several blocks before the pre-processing stage. Scheme [20] used Kalman Filter, and Adaptive Quantization at the pre-process and the quantization stages. Before the first stage, RSS data are divided into several blocks, each containing 50 data. Similar to MMB Quantization, the type of quantization used in the scheme [20] is multibit quantization with different quantization levels thresholds. Scheme [17] used Kalman Filter, and MMB Quantization at the pre-process and quantization stages. Before the first stage, RSS data is divided into several blocks, each containing 20 data. Unlike other schemes, scheme [21] usedthe single-bit quantization method, Mathur Quantization. The quantization method converts RSS data into 1 bit and discards some data that does not meet the upper and lower threshold. At the preprocessing stage, this scheme used the Kalman Filter method.  Table 11 and Table 12 show that the MAPI scheme has a smaller KDLM value in most of the scenarios than the other schemes. The smaller the KDL M value, the higher the possibility to generate a symmetric secret key. The measurement results show that the MAPI scheme can reduce KDL M values up to 100% compared to the existing schemes in almost all scenarios. The average value of KDL M in the quiet condition of the scheme [19] is 0.42%, in the scheme [20] is 0.275%, in the scheme [17] is 3.06%, and in the scheme [21] is 18%. For all measurement scenarios, the proposed MAPI scheme has the smallest average KDL M value compared to other comparison schemes. The MAPI scheme can significantly reduce the KDL M values in quiet condition up to 28.57%, 9.09%, 90.20%, and 98.33% from the schemes [19], [20], [17], and [21], respectively.
All the comparison schemes above have a KDL L value of 0% after Level Crossing process. The results will affect the KFS value of the key bits generated because this algorithm discards 3 bits if the three are not the same and if the converted bits between legitimate users are not equal. Therefore, if the quantization method is single-bit, the KFS value is low because Level Crossing can cause the number of bits to decrease. Fig. 9 and Fig.10 show KFS's comparison from legitimate users between MAPI schemes and other existing schemes in quiet conditions and crowded conditions. In all scenarios, the MAPI scheme has the highest KFS value compared to other schemes. Meanwhile, in almost all scenarios, the scheme [21] has the smallest KFS value caused by using the single-bit quantization method so that there is a bit removal during the quantization process. Therefore, the scheme [21] is less efficient when applied to V2V communication systems.
In a quiet condition, the MAPI scheme can increase the KFS value between legitimate users up to 42.88%, 47.5%, 80.20%, and more than 100% from the schemes [19], [20], [17] and [21], respectively. Whereas in crowded conditions, MAPI scheme can increase the KFS value of legitimate users up to 43.57% of the scheme [19], 45.21% of the scheme [20], 69.89% of the scheme [17], and more than 100% of the scheme [21]. In general, the average value of KFS in quiet conditions is higher than in crowded conditions.

E. NIST-Test Measurement
In the NIST Test, there are seven tests conducted to ensure the randomness level of the secret key, such as:  The MAPI scheme produces two keys that can be used for cryptography. Table 13 and Table 14 shows the results of the NIST Test. The secret key obtained meets the randomness for all types of tests (A exceeds 0.01). Scenario A2 produces a key with the highest level of randomness because it has the highest entropy value. The frequency test (mono bit) shows the proportion of bits 1 and 0. If the test results are equal to one, then the distribution of bits 1 and 0 is the same, as in scenario A1 and scenario D2. Scenario E1 produces a key with a proportion of bit 1 that is close to half a block because it has the highest frequency test within a block. Cumulative sums (forward) tests change 0 to -1, and cumulative sums (reverse) tests change 1 to +1 compared to the number of cumulative keys produced with the expected. Scenario F1 has the highest run test results that show the key oscillations faster than other scenarios. The longest-run-of-ones in a block test show that the key in scenario B2 has a length of 1 that is more invariant length than the expected length.

IV. CONCLUSION
This paper proposes a modified secret key generation scheme, i.e. the MAPI scheme. The resulting key is extracted from RSS in V2V communication in two conditions, quiet and crowded. The results show that the MHPK method can enhance the correlation coefficient between legitimate users until 0.99. Furthermore, the combination of Dual-Bit Quantization and Sequential Bit Remover Technique can eliminate the information reconciliation stage because it can remove all bit errors (KDL L = 0%) while still producing a high KFS of up to 33 bps in both quiet and crowded conditions. The test results also showed that Eve could not generate an identical key at the final stage even though she used the same method. Moreover, the symmetric secret-key generated passes the randomness test on the NIST Test. The MAPI scheme has a better performance than other existing schemes that also adopt the pre-processing stage in terms of KDL and KFS values.
Further study is recommended to include improving secret key generation schemes' performance by proposing non-hybrid pre-processing methods and new multi-bit quantization methods. The combination of both is expected to eliminate the function of the Sequential Bit remover Technique. Thus, keys can be generated without requiring a long computing time.