16 research outputs found
Active Eavesdropping via Spoofing Relay Attack
This paper studies a new active eavesdropping technique via the so-called
spoofing relay attack, which could be launched by the eavesdropper to
significantly enhance the information leakage rate from the source over
conventional passive eaves-dropping. With this attack, the eavesdropper acts as
a relay to spoof the source to vary transmission rate in favor of its
eavesdropping performance by either enhancing or degrading the effective
channel of the legitimate link. The maxi-mum information leakage rate
achievable by the eavesdropper and the corresponding optimal operation at the
spoofing relay are obtained. It is shown that such a spoofing relay attack
could impose new challenges from a physical-layer security perspective since it
leads to significantly higher information leakage rate than conventional
passive eavesdropping.Comment: submitted for possible conference publicatio
Proactive Eavesdropping via Jamming for Rate Maximization over Rayleigh Fading Channels
Instead of against eavesdropping, this letter proposes a new paradigm in
wireless security by studying how a legitimate monitor (e.g., government
agencies) efficiently eavesdrops a suspicious wireless communication link. The
suspicious transmitter controls its communication rate over Rayleigh fading
channels to maintain a target outage probability at the receiver, and the
legitimate monitor can successfully eavesdrop only when its achievable rate is
no smaller than the suspicious communication rate. We propose a proactive
eavesdropping via jamming approach to maximize the average eavesdropping rate,
where the legitimate monitor sends jamming signals with optimized power control
to moderate the suspicious communication rate.Comment: Submitted for possible publicatio
Uncoordinated Frequency Shifts based Pilot Contamination Attack Detection
Pilot contamination attack is an important kind of active eavesdropping
activity conducted by a malicious user during channel training phase. In this
paper, motivated by the fact that frequency asynchronism could introduce
divergence of the transmitted pilot signals between intended user and attacker,
we propose a new uncoordinated frequency shift (UFS) scheme for detection of
pilot contamination attack in multiple antenna system. An attack detection
algorithm is further developed based on source enumeration method. Both the
asymptotic detection performance analysis and numerical results are provided to
verify the proposed studies. The results demonstrate that the proposed UFS
scheme can achieve comparable detection performance as the existing
superimposed random sequence based scheme, without sacrifice of legitimate
channel estimation performance
Wireless Surveillance of Two-Hop Communications
Wireless surveillance is becoming increasingly important to protect the
public security by legitimately eavesdropping suspicious wireless
communications. This paper studies the wireless surveillance of a two-hop
suspicious communication link by a half-duplex legitimate monitor. By exploring
the suspicious link's two-hop nature, the monitor can adaptively choose among
the following three eavesdropping modes to improve the eavesdropping
performance: (I) \emph{passive eavesdropping} to intercept both hops to decode
the message collectively, (II) \emph{proactive eavesdropping} via {\emph{noise
jamming}} over the first hop, and (III) \emph{proactive eavesdropping} via
{\emph{hybrid jamming}} over the second hop. In both proactive eavesdropping
modes, the (noise/hybrid) jamming over one hop is for the purpose of reducing
the end-to-end communication rate of the suspicious link and accordingly making
the interception more easily over the other hop. Under this setup, we maximize
the eavesdropping rate at the monitor by jointly optimizing the eavesdropping
mode selection as well as the transmit power for noise and hybrid jamming.
Numerical results show that the eavesdropping mode selection significantly
improves the eavesdropping rate as compared to each individual eavesdropping
mode.Comment: Submitted for conference publicatio
Cooperative Pilot Spoofing in MU-MIMO Systems
In this letter, we consider downlink transmission of a multiuser
multiple-input multiple-output (MU-MIMO) system with zero-forcing (ZF)
precoders in the presence of multiple attackers. We propose a cooperative pilot
spoofing attack (CPSA), where the attackers collaboratively impair the channel
estimations in the uplink channel training phase, aiming at deteriorating the
downlink throughput of the whole cell. We first evaluate the impacts of CPSA on
the channel estimation and the downlink ZF precoding design, and then we derive
an analytical expression for the achievable downlink sum-rate. Furthermore, we
investigate the optimal attack strategy to minimize the achievable downlink
sum-rate. We show that the optimization problem under consideration is a convex
one so the global optimum could be obtained conveniently. Numerical results
show that the CPSA attack results in a severe performance deterioration with
the increase in the attacking power and the number of attackers
Data-Aided Secure Massive MIMO Transmission under the Pilot Contamination Attack
In this paper, we study the design of secure communication for time division
duplex multi-cell multi-user massive multiple-input multiple-output (MIMO)
systems with active eavesdropping. We assume that the eavesdropper actively
attacks the uplink pilot transmission and the uplink data transmission before
eavesdropping the downlink data transmission of the users. We exploit both the
received pilots and the received data signals for uplink channel estimation. We
show analytically that when the number of transmit antennas and the length of
the data vector both tend to infinity, the signals of the desired user and the
eavesdropper lie in different eigenspaces of the received signal matrix at the
base station provided that their signal powers are different. This finding
reveals that decreasing (instead of increasing) the desired user's signal power
might be an effective approach to combat a strong active attack from an
eavesdropper. Inspired by this observation, we propose a data-aided secure
downlink transmission scheme and derive an asymptotic achievable secrecy
sum-rate expression for the proposed design. For the special case of a
single-cell single-user system with independent and identically distributed
fading, the obtained expression reveals that the secrecy rate scales
logarithmically with the number of transmit antennas. This is the same scaling
law as for the achievable rate of a single-user massive MIMO system in the
absence of eavesdroppers. Numerical results indicate that the proposed scheme
achieves significant secrecy rate gains compared to alternative approaches
based on matched filter precoding with artificial noise generation and null
space transmission.Comment: To appear in IEEE Transactions on Communications. arXiv admin note:
substantial text overlap with arXiv:1801.0707
Blind Channel Separation in Massive MIMO System under Pilot Spoofing and Jamming Attack
We consider a channel separation approach to counter the pilot attack in a
massive MIMO system, where malicious users (MUs) perform pilot spoofing and
jamming attack (PSJA) in uplink by sending symbols to the basestation (BS)
during the channel estimation (CE) phase of the legitimate users (LUs). More
specifically, the PSJA strategies employed by the MUs may include (i) sending
the random symbols according to arbitrary stationary or non-stationary
distributions that are unknown to the BS; (ii) sending the jamming symbols that
are correlative to those of the LUs. We analyze the empirical distribution of
the received pilot signals (ED-RPS) at the BS, and prove that its
characteristic function (CF) asymptotically approaches to the product of the
CFs of the desired signal (DS) and the noise, where the DS is the product of
the channel matrix and the signal sequences sent by the LUs/MUs. These
observations motivate a novel two-step blind channel separation method, wherein
we first estimate the CF of DS from the ED-RPS and then extract the alphabet of
the DS to separate the channels. Both analysis and simulation results show that
the proposed method achieves good channel separation performance in massive
MIMO systems
Jamming-assisted Eavesdropping over Parallel Fading Channels
This paper advances the proactive eavesdropping research by considering a
practical half-duplex mode for the legitimate monitor and dealing with the
challenging case that the suspicious link opportunistically communicates over
parallel fading channels. To increase eavesdropping success probability, we
propose cognitive jamming for the monitor to change the suspicious link's
long-term belief on the parallel channels' distributions, and thereby induce it
to transmit more likely over a smaller subset of unjammed channels with a lower
transmission rate. As the half-duplex monitor cannot eavesdrop the channel that
it is simultaneously jamming to, our jamming design should also control the
probability of such "own goal" that occurs when the suspicious link chooses one
of the jammed (uneavesdroppable) channels to transmit. We formulate the optimal
jamming design problem as a mixed integer nonlinear programming and show that
it is non-convex. Nevertheless, we prove that the monitor should optimally use
the maximum jamming power if it decides to jam, for maximally reducing
suspicious link's communication rate and driving the suspicious link out of the
jammed channels. Then we manage to simplify the MINLP to integer programming
and reveal a fundamental trade-off in deciding the number of jammed channels:
jamming more channels helps reduce the suspicious link's communication rate for
overhearing more clearly, but increases own goal probability and thus decreases
eavesdropping success probability. Finally, we extend our study to the two-way
suspicious communication scenario, and show there is another interesting
trade-off in deciding the common jammed channels for balancing bidirectional
eavesdropping performances. Numerical results show that our optimized
jamming-assisted eavesdropping scheme greatly increase eavesdropping success
probability as compared with the conventional passive eavesdropping
Jamming-Aided Secure Communication in Massive MIMO Rician Channels
In this paper, we investigate the artificial noise-aided jamming design for a
transmitter equipped with large antenna array in Rician fading channels. We
figure out that when the number of transmit antennas tends to infinity, whether
the secrecy outage happens in a Rician channel depends on the geometric
locations of eavesdroppers. In this light, we first define and analytically
describe the secrecy outage region (SOR), indicating all possible locations of
an eavesdropper that can cause secrecy outage. After that, the secrecy outage
probability (SOP) is derived, and a jamming-beneficial range, i.e., the
distance range of eavesdroppers which enables uniform jamming to reduce the
SOP, is determined. Then, the optimal power allocation between messages and
artificial noise is investigated for different scenarios. Furthermore, to use
the jamming power more efficiently and further reduce the SOP, we propose
directional jamming that generates jamming signals at selected beams (mapped to
physical angles) only, and power allocation algorithms are proposed for the
cases with and without the information of the suspicious area, i.e., possible
locations of eavesdroppers. We further extend the discussions to multiuser and
multi-cell scenarios. At last, numerical results validate our conclusions and
show the effectiveness of our proposed jamming power allocation schemes
Pilot Spoofing Attack by Multiple Eavesdroppers
In this paper, we investigate the design of a pilot spoofing attack (PSA)
carried out by multiple single-antenna eavesdroppers (Eves) in a downlink
time-division duplex (TDD) system, where a multiple antenna base station (BS)
transmits confidential information to a single-antenna legitimate user (LU).
During the uplink channel training phase, multiple Eves collaboratively impair
the channel acquisition of the legitimate link, aiming at maximizing the
wiretapping signal-to-noise ratio (SNR) in the subsequent downlink data
transmission phase. Two different scenarios are investigated: (1) the BS is
unaware of the PSA, and (2) the BS attempts to detect the presence of the PSA.
For both scenarios, we formulate wiretapping SNR maximization problems. For the
second scenario, we also investigate the probability of successful detection
and constrain it to remain below a pre-designed threshold. The two resulting
optimization problems can be unified into a more general non-convex
optimization problem, and we propose an efficient algorithm based on the
minorization-maximization (MM) method and the alternating direction method of
multipliers (ADMM) to solve it. The proposed MM-ADMM algorithm is shown to
converge to a stationary point of the general problem. In addition, we propose
a semidefinite relaxation (SDR) method as a benchmark to evaluate the
efficiency of the MM-ADMM algorithm. Numerical results show that the MM-ADMM
algorithm achieves near-optimal performance and is computationally more
efficient than the SDRbased method.Comment: Accepted by IEEE Transaction on Wireless Communication