Security is an important issue in networked control systems, but has not received sufficient attention. The fundamental step for realizing a security protocol for networked control systems is to establish a secret key between the sensor and controller. Traditional approaches for key establishment such as the Public Key Infrastructure (PKI) usually incur significant overhead. In this paper, the common information of the physical system state is exploited for the key establishment between the sensor and the controller. In this scheme, the controller takes an action that causes the system state to change, which can be observed by the sensor. The controller and the sensor will then exchange messages to find the common random bits in the predicted and observed system states, respectively. The secret key will be generated from the common bits. The theoretical bound for the rate of generating common bits is analyzed using information theoretic analysis. This key establishment scheme is implemented on a remote controlled inverted pendulum. Experiments show that the proposed algorithm can generate tens of common bits per second.