Cooperative Pilot Spoofing in MU-MIMO Systems

In this letter, we consider downlink transmission of a multiuser multiple-input multiple-output (MU-MIMO) system with zero-forcing (ZF) precoders in the presence of multiple attackers. We propose a cooperative pilot spoofing attack (CPSA), where the attackers collaboratively impair the channel estimations in the uplink channel training phase, aiming at deteriorating the downlink throughput of the whole cell. We first evaluate the impacts of CPSA on the channel estimation and the downlink ZF precoding design, and then we derive an analytical expression for the achievable downlink sum-rate. Furthermore, we investigate the optimal attack strategy to minimize the achievable downlink sum-rate. We show that the optimization problem under consideration is a convex one so the global optimum could be obtained conveniently. Numerical results show that the CPSA attack results in a severe performance deterioration with the increase in the attacking power and the number of attackers

Intelligent Reflecting Surface Aided Pilot Contamination Attack and Its Countermeasure

Pilot contamination attack (PCA) in a time division duplex wireless communication system is considered, where an eavesdropper (Eve) attacks the reverse pilot transmission phase in order to wiretap the data transmitted from a transmitter, Alice, to a receiver, Bob. We propose a new PCA scheme for Eve, wherein Eve does not emit any signal by itself but uses an intelligent reflecting surface (IRS) to reflect the pilot sent by Bob to Alice. The proposed new PCA scheme, referred to as IRS-PCA, increases the signal leakage from Alice to the IRS during the data transmission phase, which is then reflected by the IRS to Eve in order to improve the wiretapping capability of Eve. The proposed IRS-PCA scheme disables many existing countermeasures on PCA due to the fact that with IRS-PCA, Eve no longer needs to know the pilot sequence of Bob, and therefore, poses severe threat to the security of the legitimate wireless communication system. In view of this, the problems of 1) IRS-PCA detection and 2) secure transmission under IRSPCA are considered in this paper. For IRS-PCA detection, a generalized cumulative sum (GCUSUM) detection procedure is proposed based on the framework of quickest detection, aiming at detecting the occurrence of IRS-PCA as soon as possible once it occurs. For secure transmission under IRS-PCA, a cooperative channel estimation scheme is proposed to estimate the channel of the IRS, based on which zero-forcing beamforming is designed to reduce signal leakage.Comment: Accepted by IEEE Transactions on wireless communication