Blind Channel Separation in Massive MIMO System under Pilot Spoofing and Jamming Attack

We consider a channel separation approach to counter the pilot attack in a massive MIMO system, where malicious users (MUs) perform pilot spoofing and jamming attack (PSJA) in uplink by sending symbols to the basestation (BS) during the channel estimation (CE) phase of the legitimate users (LUs). More specifically, the PSJA strategies employed by the MUs may include (i) sending the random symbols according to arbitrary stationary or non-stationary distributions that are unknown to the BS; (ii) sending the jamming symbols that are correlative to those of the LUs. We analyze the empirical distribution of the received pilot signals (ED-RPS) at the BS, and prove that its characteristic function (CF) asymptotically approaches to the product of the CFs of the desired signal (DS) and the noise, where the DS is the product of the channel matrix and the signal sequences sent by the LUs/MUs. These observations motivate a novel two-step blind channel separation method, wherein we first estimate the CF of DS from the ED-RPS and then extract the alphabet of the DS to separate the channels. Both analysis and simulation results show that the proposed method achieves good channel separation performance in massive MIMO systems

Intelligent Reflecting Surface Aided Pilot Contamination Attack and Its Countermeasure

Pilot contamination attack (PCA) in a time division duplex wireless communication system is considered, where an eavesdropper (Eve) attacks the reverse pilot transmission phase in order to wiretap the data transmitted from a transmitter, Alice, to a receiver, Bob. We propose a new PCA scheme for Eve, wherein Eve does not emit any signal by itself but uses an intelligent reflecting surface (IRS) to reflect the pilot sent by Bob to Alice. The proposed new PCA scheme, referred to as IRS-PCA, increases the signal leakage from Alice to the IRS during the data transmission phase, which is then reflected by the IRS to Eve in order to improve the wiretapping capability of Eve. The proposed IRS-PCA scheme disables many existing countermeasures on PCA due to the fact that with IRS-PCA, Eve no longer needs to know the pilot sequence of Bob, and therefore, poses severe threat to the security of the legitimate wireless communication system. In view of this, the problems of 1) IRS-PCA detection and 2) secure transmission under IRSPCA are considered in this paper. For IRS-PCA detection, a generalized cumulative sum (GCUSUM) detection procedure is proposed based on the framework of quickest detection, aiming at detecting the occurrence of IRS-PCA as soon as possible once it occurs. For secure transmission under IRS-PCA, a cooperative channel estimation scheme is proposed to estimate the channel of the IRS, based on which zero-forcing beamforming is designed to reduce signal leakage.Comment: Accepted by IEEE Transactions on wireless communication