Jiandong Xie,Ying-Chang Liang,Jun Fang,Xin Kang

DOI: https://doi.org/10.1109/icc.2017.7996989

2017-01-01

Abstract:In a multi-antenna time-division duplex (TDD) communication system, due to channel reciprocity, the downlink channel state information can be obtained by conducting uplink training. In a wire-tap channel, an active eavesdropper can perform active eavesdropping by pilot spoofing attack. In such an attack, the eavesdropper, during the uplink training phase, transmits the identical pilot sequence as that of the legitimate receiver to the transmitter. As a result, the estimated channel by the transmitter is a weighted sum of the legitimate channel and the eavesdropping channel. Motivated by the seriousness of pilot spoofing attack, in this paper, we propose a two-stage uplink training method for pilot spoofing attack detection and secure transmission. Using the new training method, the legitimate channel and the eavesdropping channel can be correctly estimated separately. Then we propose a pilot spoofing attack detector followed by a beamforming scheme for secure data transmission. Simulation results have shown that our proposed method achieves higher detection probability, and larger secrecy rate than previously proposed anti-pilot spoofing methods.

Qi Xiong,Ying-Chang Liang,Kwok Hung Li,Yi Gong

DOI: https://doi.org/10.1109/icc.2015.7248599

2015-01-01

Abstract:In a time-division duplex (TDD) based multi-input single-output (MISO) system, the channel state information (CSI) can be obtained during the channel estimation phase in which the receiver transmits the pilot symbols to the transmitter. This scheme may suffer from a so-called pilot spoofing attack, i.e., an adversary may send identical pilot signals as those of the legitimate receiver to spoof the transmitter. The resultant channel estimate may then contain the CSI of both legitimate and illegitimate receivers, and if such estimated channel is used for transmit beamforming, the information dedicated for legitimate receiver will leak to the illegitimate receiver. In this paper, we study the detection and defending strategies for such pilot spoofing attack. A two-way training based scheme is proposed. The durations of the training periods are also designed to optimize the secrecy rate. Finally, numerical results are presented to show the performance of our proposed method.

Yang,Yanjiao Chen,Wei Wang,Gang Yang

DOI: https://doi.org/10.1109/twc.2020.2970412

IF: 10.4

2020-01-01

IEEE Transactions on Wireless Communications

Abstract:The potential of multiuser MIMO (MU-MIMO) to increase network capacity has been intensively studied. To enable concurrent transmission in Frequency-Division Duplex (FDD) systems with limited feedback, users have to report the estimated channel state information (CSI) to the base station (BS) for interference elimination, which however has been proven to be vulnerable. In this paper, we reveal how to utilize the CSI feedbacks to launch sniffing attacks in a deterministic way, where the sniffing attack enables the attackers to eavesdrop other users in the same transmission group. We conduct a rigorous theoretical analysis on the construction of the forged CSI. In the proposed sniffing attacks, the malicious users can successfully sniff other users’ messages without knowing their own messages for signal cancellation. To make sniffing attacks more practical, we explore the possibilities of sniffing multiple users by a coalition of malicious users or a single malicious user. To thwart sniffing attacks, we design a novel secure CSI feedback (SCF) protocol based on the random masking technique, which requires simple modifications at the BS and incurs a little additional workload. Extensive theoretical analysis and experimental results are provided to further validate the effectiveness of our proposed sniffing attacks and the corresponding countermeasure.

Hui-Ming Wang,Ke-Wen Huang,Theodoros A. Tsiftsis

DOI: https://doi.org/10.48550/arXiv.1801.04104

2018-01-12

Abstract:Transmitter-side channel state information (CSI) of the legitimate destination plays a critical role in physical layer secure transmissions. However, channel training procedure is vulnerable to the pilot spoofing attack (PSA) or pilot jamming attack (PJA) by an active eavesdropper (Eve), which inevitably results in severe private information leakage. In this paper, we propose a random channel training (RCT) based secure downlink transmission framework for a time division duplex (TDD) multiple antennas base station (BS). In the proposed RCT scheme, multiple orthogonal pilot sequences (PSs) are simultaneously allocated to the legitimate user (LU), and the LU randomly selects one PS from the assigned PS set to transmit. Under either the PSA or PJA, we provide the detailed steps for the BS to identify the PS transmitted by the LU, and to simultaneously estimate channels of the LU and Eve. The probability that the BS makes an incorrect decision on the PS of the LU is analytically investigated. Finally, closed-form secure beamforming (SB) vectors are designed and optimized to enhance the secrecy rates during the downlink transmissions. Numerical results show that the secrecy performance is greatly improved compared to the conventional channel training scheme wherein only one PS is assigned to the LU.

Information Theory

Xiaoming Liu,Bin Li,Hongbin Chen,Zhuo Sun,Ying-Chang Liang,Chenglin Zhao

DOI: https://doi.org/10.1109/lcomm.2018.2889491

IF: 3.5529

2019-01-01

IEEE Communications Letters

Abstract:This letter proposes a novel pilot spoofing attack detection scheme by introducing an auxiliary node as a trusted user, which also participates in the uplink training process and assists to detect pilot spoofing in multiple-input single-output systems. To do so, we design an efficient three-phase uplink training method, with which a malicious user can be reliably detected. In contrast to the existing methods involving two-stage uplink–downlink training, our method relies only on the uplink training stage. Meanwhile, our new scheme detects spoofing attack without altering pilot signals, which is also beyond the competence of the existing methods. Numerical results show that our method improves the detection probability significantly.

Delong Liu,Wei Wang,Yang Huang

DOI: https://doi.org/10.1049/ell2.70074

2024-10-30

Electronics Letters

Abstract:We present a pilot spoofing attack detection scheme by using the difference of two different estimators, that is, the least square estimator and the minimum mean square error estimator, without requiring any priori of eavesdroppers. In addition, we propose a data‐aided channel estimation scheme to eliminate the PSA effect. Pilot spoofing attack (PSA) is an active eavesdropping attack in massive multiple‐input multiple‐output systems, where the eavesdroppers transmit the same pilot sequence as the legitimate user does to the base station to confuse the normal channel estimation during the uplink channel training phase. With the contaminated channel estimations, more information will be leaked to eavesdroppers in the downlink transmission phase. However, it is a challenging issue to detect the PSA attack due to the similarity of the received signals and the variations of the wireless channels. Here, a new PSA detection scheme by using the difference of two different estimators is presented, that is, the least square estimator and the minimum mean square error estimator, without requiring any priori of eavesdroppers. Following that, a new data‐aided channel estimation scheme is proposed to eliminate the PSA effect. Simulation results demonstrate that the proposed PSA detection scheme outperforms the conventional energy detector, and more accurate legitimate channel estimation and higher sum secrecy rates can be obtained with the proposed scheme.

engineering, electrical & electronic

Qi Xiong,Ying-Chang Liang,Kwok Hung Li,Yi Gong

DOI: https://doi.org/10.1109/ICASSP.2015.7178270

2015-01-01

Abstract:We study a spoofing attack happened in the physical layer of a multiple-antenna system, where an adversary tries to spoof the transmitter by sending the identical pilot (training) signal as that of a legitimate receiver in the uplink channel estimation phase. This attack, named as pilot spoofing attack, could lead to a secrecy information leakage to the adversary and information rate decrease at the legitimate receiver. Due to the serious results caused by the pilot spoofing attack, we propose an energy-ratio detector (ERD) to protect the legitimate components. The ERD makes the decision by exploiting the asymmetry of the received signal strength (RSS) between the transmitter and the legitimate receiver when the system is under the pilot spoofing attack. Numerical results are presented to illustrate the effectiveness of our proposed detector.

Fengyi Bai,Pinyi Ren,Qinghe Du,Li Sun

DOI: https://doi.org/10.1109/pimrc.2016.7794707

2016-01-01

Abstract:Pilot spoofing attack can deteriorate the transmission performance of the legitimate system and facilitate eavesdropping concurrently. Some detection methods of pilot attack have been proposed, while we consider the problem of channel estimation under pilot spoofing attack. In this paper, a hybrid channel estimation strategy using random Binary Phase Shift Keying (BPSK) is proposed. Specifically, a random BPSK sequence is transmitted by the legal user once the attack is detected. In this manner, the base station detects the sequence and re-estimates the legal channel with both contaminated pilot and assistant sequence. We evaluate the estimation performance in three cases according to different responses of the malicious user. Simulation results demonstrate that the proposed strategy can effectively estimate the legitimate channel against pilot attack.

Qi Xiong,Ying-Chang Liang,Kwok Hung Li,Yi Gong

DOI: https://doi.org/10.1109/tifs.2015.2392564

IF: 7.231

2015-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The pilot spoofing attack is one kind of active eavesdropping conducted by a malicious user during the channel estimation phase of the legitimate transmission. In this attack, an intelligent adversary spoofs the transmitter on the estimation of channel state information (CSI) by sending the identical pilot signal as the legitimate receiver, in order to obtain a larger information rate in the data transmission phase. The pilot spoofing attack could also drastically weaken the strength of the received signal at the legitimate receiver if the adversary utilizes large enough power. Motivated by the serious problems the pilot spoofing attack could cause, we propose an efficient detector, named energy ratio detector (ERD), by exploring the asymmetry of received signal power levels at the transmitter and the legitimate receiver when there exists a pilot spoofing attack. Our analysis shows that by setting the ratio of received signal power levels at the transmitter and the legitimate receiver as the test statistic, the detecting threshold is derived without using the knowledge of the CSI of the legitimate channel as well as the illegitimate channel. Furthermore, we study the performance of the proposed ERD in various special cases in order to obtain useful insights. Numerical results are presented to further demonstrate the performance of our proposed ERD.

Jiejiao Tian,Ying-Chang Liang,Xin Kang,Gang Yang

DOI: https://doi.org/10.1109/ICCChina.2017.8330342

2017-01-01

Abstract:In this paper, we propose a new type of attack from the perspective of the eavesdropper. The full-duplex eavesdropper acts as a relay in the uplink channel estimation phase forwarding the received pilot signal from legitimate receiver to confound the legitimate transmitter. Compared to pilot spoofing attack, which needs the eavesdropper to know the pilot signal accurately, the pilot relay attack only needs the eavesdropper to know the frame structure of the legitimate transceiver pair. In this paper, we study the optimal amplify-and-forward strategy of the eavesdropper so that its eavesdropping behavior is harder to be detected by maximizing the transmission rate from the legitimate transmitter to the legitimate receiver under the constraint that the eavesdropping rate is larger than the legitimate transmission rate. Furthermore, we analyze the performance of the pilot relay attack when Eve is at different locations, the simulations have shown that different strategies should be adopted at different locations.

Ke-Wen Huang,Hui-Ming Wang,Yongpeng Wu,Robert Schober

DOI: https://doi.org/10.1109/TWC.2018.2859949

IF: 10.4

2018-01-01

IEEE Transactions on Wireless Communications

Abstract:In this paper, we investigate the design of a pilot spoofing attack (PSA) carried out by multiple single-antenna eavesdroppers (Eves) in a downlink time-division duplex system, where a multiple antenna base station (BS) transmits confidential information to a single-antenna legitimate user. During the uplink channel training phase, multiple Eves collaboratively impair the channel acquisition of th...

Shiguo Wang,Qingyong Deng,Xuewen Fu,Peng Li

DOI: https://doi.org/10.1016/j.phycom.2023.102215

IF: 2.379

2023-11-06

Physical Communication

Abstract:For large-scale MIMO systems, upon the investigation of pilot spoofing on system security capacity, a novel detection scheme is proposed and the contaminated channel state information (CSI) is corrected. Specifically, a two-parts pilot sequence is exploited to implement channel estimation. The first one is conventional, and the other is partially randomized on the top of the first one. Leveraging the difference between the statistical characteristic of the estimated CSIs in two parts, a pilot spoofing detector is established based on the principle of the maximum likelihood ratio. Meanwhile, the contaminated CSI is purified with the obtained information in pilot spoofing detection, and thus system security capacity can be improved greatly. Finally, simulation results are presented to evaluate the superior performance of the proposed scheme.

telecommunications,engineering, electrical & electronic

Die Hu,Wei Zhang,Lianghua He,Jun Wu

DOI: https://doi.org/10.1109/lwc.2018.2859329

IF: 6.3

2019-01-01

IEEE Wireless Communications Letters

Abstract:In this letter, we investigate secure transmission for multi-cell multi-user massive multiple-input multiple-output systems with an active eavesdropper. During the uplink (UL) training, the eavesdropper can attack the training phase to cause pilot contamination. To resist such pilot contamination attack (PCA), we propose a secure transmission that does not require statistical information of the channels. In the proposed transmission strategy, we first detect PCA by a simple method. If the PCA is not detected, we then estimate the UL data of the users by a semi-blind method based on an asynchronous protocol. After that, we perform the data-aided channel estimation and design the corresponding precoder. Simulation results demonstrate that the proposed transmission can effectively resist the PCA even when the PCA detection method fails.

Lingyun Chai,Lin Bai,Tong Bai,Jia Shi,Arumugam Nallanathan

DOI: https://doi.org/10.1109/jiot.2023.3264679

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:As for the time-division communications system, the pilot spoofing attack technique is maliciously utilized by active eavesdroppers during the uplink training phase, for contaminating the legitimate channel estimation and thus altering the beamforming design towards the eavesdroppers. Nonorthogonal multiple access (NOMA) has been recognized as the key technology for the envisioned Internet of Things (IoT) networks. In order to prevent the aforementioned information leakage in NOMA-IoT systems, we develop a novel two-way training scheme to detect pilot spoofing attack and a robust secure beamforming design for providing secure transmission, by utilizing the emerging technique of reconfigurable intelligent surface (RIS), which is turned off during the uplink training phase and turned on during the downlink training phase, respectively. Considering that the perfect channel state information related to the eavesdropping channel is typically difficult to obtain, a secrecy outage probability constrained robust secure beamforming design is proposed to maximize the achievable sum secrecy rate of the legitimate users, by alternatively optimizing the active beamforming and RIS passive beamforming, while satisfying the requirements of the NOMA transmission. Elaborate simulation results reveal that the proposed detection method attains a super pilot spoofing attack detection performance and the proposed robust secure beamforming design is capable of efficiently enhancing the achievable sum secrecy rate, compared with various benchmark schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yongpeng Wu,Robert Schober,Derrick Wing Kwan Ng,Chengshan Xiao,Giuseppe Caire

DOI: https://doi.org/10.1109/tit.2016.2569118

IF: 2.5

2016-01-01

IEEE Transactions on Information Theory

Abstract:In this paper, we investigate secure and reliable transmission strategies for multi-cell multi-user massive multiple-input multiple-output systems with a multi-antenna active eavesdropper. We consider a time-division duplex system where uplink training is required and an active eavesdropper can attack the training phase to cause pilot contamination at the transmitter. This forces the precoder used in the subsequent downlink transmission phase to implicitly beamform toward the eavesdropper, thus increasing its received signal power. Assuming matched filter precoding and artificial noise (AN) generation at the transmitter, we derive an asymptotic achievable secrecy rate when the number of transmit antennas approaches infinity. For the case of a single-antenna active eavesdropper, we obtain a closed-form expression for the optimal power allocation policy for the transmit signal and the AN, and find the minimum transmit power required to ensure reliable secure communication. Furthermore, we show that the transmit antenna correlation diversity of the intended users and the eavesdropper can be exploited in order to improve the secrecy rate. In fact, under certain orthogonality conditions of the channel covariance matrices, the secrecy rate loss introduced by the eavesdropper can be completely mitigated.

Yongpeng Wu,Robert Schober,Derrick Wing Kwan Ng,Chengshan Xiao,Giuseppe Caire

DOI: https://doi.org/10.1109/ICC.2015.7248525

2015-01-01

Abstract: In this paper, we investigate secure and reliable transmission strategies for multi-cell multi-user massive multiple-input multiple-output (MIMO) systems in the presence of an active eavesdropper. We consider a time-division duplex system where uplink training is required and an active eavesdropper can attack the training phase to cause pilot contamination at the transmitter. This forces the precoder used in the subsequent downlink transmission phase to implicitly beamform towards the eavesdropper, thus increasing its received signal power. We derive an asymptotic achievable secrecy rate for matched filter precoding and artificial noise (AN) generation at the transmitter when the number of transmit antennas goes to infinity. For the achievability scheme at hand, we obtain the optimal power allocation policy for the transmit signal and the AN in closed form. For the case of correlated fading channels, we show that the impact of the active eavesdropper can be completely removed if the transmit correlation matrices of the users and the eavesdropper are orthogonal. Inspired by this result, we propose a precoder null space design exploiting the low rank property of the transmit correlation matrices of massive MIMO channels, which can significantly degrade the eavesdropping capabilities of the active eavesdropper.

Ning Gao,Zhijin Qin,Xiaojun Jing

DOI: https://doi.org/10.1109/lsp.2019.2913085

2019-01-01

IEEE Signal Processing Letters

Abstract:In the channel training phase, the attacker launches a pilot contamination attack by sending a synchronized and identical pilot signal with the legitimate transmitter. Such an attack can contaminate the channel estimation and alter the legitimate beamformer design. In this letter, first, we propose a pilot contamination attack detection scheme for wireless communications. By considering the prior uncertainty of the attack, we find that the decision-maker will conservatively decide the state of the attack, which is a subjective choice. In this case, we derive the subjective detection probability, the subjective false alarm probability, and the threshold. We analyze the tradeoff problem between ergodic wire-tap channel rate and subjective detection probability. Next, based on the worst case that the attacker adopts the optimal power allocation to launch the optimal attack, we discuss the defense strategy of the optimal attack. Simulations show that the proposed scheme has a better performance than the benchmark method.

Linqing Wan,Guangchi Zhang,Miao Cui,Fan Lin

DOI: https://doi.org/10.1007/s11277-017-5213-0

IF: 2.017

2017-12-29

Wireless Personal Communications

Abstract:Proactive eavesdropping is a new paradigm shift in wireless physical layer security from preventing conventional eavesdropping attacks to legitimate intercepting suspicious communications, which has attracted a lot of attention recently. Pilot contamination is one effective technique in proactive eavesdropping, which spoofs the suspicious transmitter on channel estimation by sending the same pilot signal as the suspicious receiver, and lets it leak information in the direction of the legitimate eavesdropper during its transmission. However, this technique may fail when an anti-pilot-contamination mechanism called “energy ratio detector (ERD)” is applied at the suspicious receiver. To deal with the case that the suspicious receiver is a smart device using ERD, in this paper, we study using pilot contamination along with jamming to improve the legitimate eavesdropping performance. We first derive a closed-form expression for the probability of pilot contamination being detected by the suspicious receiver, and use it to obtain a closed-form expression for the eavesdropping rate. Using this theoretical analysis result, we propose an algorithm to maximize the eavesdropping rate by jointly optimizing the pilot contamination power and jamming power via two-dimensional search. Simulation results show that the proposed eavesdropping rate maximization algorithm can significantly improve eavesdropping rate, as compared to other benchmark schemes.

telecommunications

Yongpeng Wu,Chao-Kai Wen,Wen Chen,Shi Jin,Robert Schober,Giuseppe Caire

DOI: https://doi.org/10.1109/icc.2018.8422338

2018-01-01

Abstract:In this paper, we study the design of secure communication for time division duplexing multi-cell multi-user massive multiple-input multiple-output (MIMO) systems with active eavesdropping. We assume that the eavesdropper actively attacks the uplink pilot transmission and the uplink data transmission before eavesdropping the downlink data transmission phase of the desired users. We exploit both the received pilots and data signals for uplink channel estimation. We show analytically that when the number of transmit antennas and the length of the data vector both tend to infinity, the signals of the desired user and the eavesdropper lie in different eigenspaces of the received signal matrix at the base station if their signal powers are different. This finding reveals that decreasing (instead of increasing) the desire user's signal power might be an effective approach to combat a strong active attack from an eavesdropper. Inspired by this result, we propose a data-aided secure downlink transmission scheme and derive an asymptotic achievable secrecy sum-rate expression for the proposed design. Numerical results indicate that under strong active attacks, the proposed design achieves significant secrecy rate gains compared to the conventional design employing matched filter precoding and artificial noise generation.