Sulei Wang,Zhe Chen,Yuedong Xu,Qiben Yan,Chongbin Xu,Xin Wang

DOI: https://doi.org/10.1109/infocom.2019.8737412

2019-01-01

Abstract:Multiuser MIMO (MU-MIMO) empowers access points (APs) with multiple antennas to transmit multiple data streams concurrently to users by exploiting spatial multiplexing. In MU-MIMO, users need to estimate channel state information (CSI) and report it to APs, thus opening a backdoor to attackers who may forge CSI to eavesdrop the content of victims. In this paper, we explore the eavesdropping attack in a novel and practical context in which CSI forgery entangles MU-MIMO user selection in a many-users regime. The attacker hopes to optimize both the eavesdropping opportunity of being selected with the victim and the corresponding decoding quality. We propose new attack and defense mechanisms: (1) USE Attack that enables attackers to achieve near optimal eavesdropping opportunity and high decoding quality through constructing orthogonal CSI against victims followed by stepwise refinements; (2) AngleSec that exploits channel reciprocity for attacker detection without any modification to legacy CSI feedback in which CSI forgery induces a mismatching of downlink and uplink angular spectra at the AP. We implement and evaluate USE Attack and AngleSec in a software defined radio platform WARPv3. Extensive experiments manifest that USE Attack significantly improves the overall eaves-dropping quality compared with state-of-the-art counterparts and AngleSec is able to detect CSI forgery attackers almost for sure.

Yunlong Mao,Yuan Zhang,Sheng Zhong

DOI: https://doi.org/10.1145/2976749.2978412

2016-01-01

Abstract:Multi-User MIMO has attracted much attention due to its significant advantage of increasing the utilization ratio of wireless channels. Recently a serious eavesdropping attack, which exploits the CSI feedback of the FDD system, is discovered in MU-MIMO networks. In this paper, we firstly show a similar eavesdropping attack for the TDD system is also possible by proposing a novel, feasible attack approach. Following it, a malicious user can eavesdrop on other users' downloads by transforming training sequences. To prevent this attack, we propose a secure CSI estimation scheme for instantaneous CSI. Furthermore, we extend this scheme to achieve adaptive security when CSI is relatively statistical. We have implemented our scheme for both uplink and downlink of MU-MIMO and performed a series of experiments. Results show that our secure CSI estimation scheme is highly effective in preventing downlink leakage against malicious users.

Yunlong Mao,Ying He,Yuan Zhang,Jingyu Hua,Sheng Zhong

DOI: https://doi.org/10.1109/tmc.2019.2937081

IF: 6.075

2020-01-01

IEEE Transactions on Mobile Computing

Abstract:Multi-User MIMO (MU-MIMO) has attracted much attention due to its significant advantage of increasing the utilization ratio of wireless channels. However, Frequency-Division Duplex (FDD) systems are vulnerable to eavesdropping, since the explicit CSI feedback can be manipulated. In this paper, we show that Time-Division Duplex (TDD) systems are insecure as well. In particular, we show that it is possible to eavesdrop on other users' downloads by tuning training sequences. In order to defend MU-MIMO against such threats, we propose a secure CSI estimation scheme, which can provide correct estimates of CSI when adversarial users are in presence. We prove that our scheme is secure against training sequence based eavesdropping attack. We have implemented our scheme for TDD MU-MIMO systems and performed a series of experiments. Results demonstrate that our secure CSI estimation scheme is highly effective in protecting TDD MIMO networks against eavesdropping attack. Furthermore, we extend our scheme to support massive MU-MIMO networks, with a carefully redesigned uplink protocol and optimized power allocation to achieve higher spectral efficiency. To be more practical, we also take mismatch channel issue into our consideration. An enhancement scheme is proposed and we show that our scheme with enhancement is secure and correct under mismatch channel.

Xiaoming Chen,Chau Yuen,Zhaoyang Zhang

DOI: https://doi.org/10.1109/glocom.2014.7037045

2014-01-01

Abstract:In this paper, we study the problem of physical layer security in large-scale multiple input multiple output (LS-MIMO) systems. The large number of antenna elements in LS-MIMO system is exploited to enhance transmission security and improve system performance, especially when the eavesdropper is closer to the information source and has more antennas than the legitimate user. However, in practical systems, the problem becomes challenging because the eavesdropper channel state information (CSI) is usually unavailable without cooperation and the legitimate CSI may be imperfect due to channel estimation error. In this paper, we first analyze the performance of physical layer security without eavesdropper CSI and with imperfect legitimate CSI, and then propose an energy-efficient power allocation scheme to meet the demand for wireless security and quality of service (QoS) simultaneously. Finally, numerical results validate the effectiveness of the proposed scheme.

Tinghan Yang,Rongqing Zhang,Xiang Cheng,Liuqing Yang

DOI: https://doi.org/10.1109/tifs.2018.2883150

IF: 7.231

2019-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In recent years, physical layer security has been regarded as a promising technique to facilitate secure communications in next generation mobile systems, where theoretically massive MIMO can significantly enhance the system secrecy performance under its advantage in shaping the transmitted signals to null the interference or leakage. However, in practical systems, the achievable secrecy performance under imperfect channel state information (CSI) deserves further investigation. In this paper, we give a detailed analysis about the physical layer security problem in a multi-user massive MIMO system with imperfect CSI. The considered imperfect CSI includes both the outdated CSI due to the transmission and processing delay, and the channel estimation error. We first derive a tight asymptotic lower bound of the ergodic system secrecy capacity under imperfect CSI, and then analyze how imperfect CSI affects the system secrecy performance. Moreover, we propose a channel prediction scheme that can result in more accurate CSI, in order to alleviate the negative effect on the achievable system secrecy capacity caused by imperfect CSI. Simulation results reveal that the imperfect CSI greatly reduces the system secrecy capacity, while our designed channel prediction scheme can effectively mitigate the harmful impact of imperfect CSI and thus improve the system secrecy performance.

Amitav Mukherjee,A. Lee Swindlehurst

DOI: https://doi.org/10.48550/arXiv.1008.3730

2010-08-23

Abstract:Accurate channel state information (CSI) at the transmitter is critical for maximizing spectral efficiency on the downlink of multi-antenna networks. In this work we analyze a novel form of physical layer attacks on such closed-loop wireless networks. Specifically, this paper considers the impact of deliberately inaccurate feedback by malicious users in a multiuser multicast system. Numerical results demonstrate the significant degradation in performance of closed-loop transmission schemes due to intentional feedback of false CSI by adversarial users.

Information Theory

Fei Wang,Wei Xi,Jinsong Han,Kun Zhao,Yuan Gao

DOI: https://doi.org/10.1145/3054977.3057325

2017-01-01

Abstract:Multiple-In-Multiple-Out (MIMO) offers great potential for increasing network capacity by exploiting spatial diversity with multiple antennas. Multiuser MIMO (MU-MIMO) further enables Access Points (APs) with multiple antennas to transmit multiple data streams concurrently to several clients. However, the uplink data transmission (from client to AP) of MU-MIMO is more vulnerable because its wide distribution and diversification. We explore the vulnerability in clients' feedback of estimated CSI to the AP. We then propose two attacks potentially taken by malicious clients and malicious AP respectively: (1) the forging client attack that malicious client report the forged CSI to the AP and (2) forging AP attack that malicious AP transmits wrong training frame to clients. Both of these attacks can lead to incorrect resolving at AP and ruin the whole uplink communication. Correspondingly, we design countermeasures for these attacks, namely CVU and CFU. We evaluate their performance via simulators. Based on our experimental results, we suggest a new CSI feedback scheme to prevent CSI forging, which only requires slight modification at the client side and easy for deployment.

Yongjun Xu,Qinyu Tian,Qianbin Chen,Qingqing Wu,Chongwen Huang,Haijun Zhang,Chau Yuen

DOI: https://doi.org/10.1109/tcomm.2024.3451617

IF: 6.166

2024-01-01

IEEE Transactions on Communications

Abstract:To overcome the impact of information leakage, obstacle blocking, channel uncertainties, and hardware impairments (HWIs) in wireless communication systems, we design a robust secure transmission strategy for a multi-reconfigurable intelligent surface (RIS)-aided communication system with HWIs and channel uncertainties, where a multi-antenna base station (BS) serves multiple wireless users aided by multiple RISs and overcomes information leakage caused by multiple eavesdroppers. Based on bounded channel uncertainties, a total transmit power minimization problem is investigated subject to the secrecy rates of users, the maximum transmit power of the BS, and the phase shifts of RISs. To deal with the formulated non-convex problem with parameter perturbations, it is transformed into a deterministic problem by using the worst-case approach, S-procedure, and successive convex approximation. Then, the problem is decomposed into an active beamforming and artificial noise subproblem and a passive beamforming subproblem. The subproblems are converted into convex ones via the semi-definite relaxation method, singular value decomposition, penalty function, and eigenvalue decomposition approaches. Finally, an iteration-based robust resource allocation algorithm is proposed. Simulation results verify that by deploying more RISs or increasing the number of reflection elements, the impacts of eavesdroppers and HWIs can be effectively decreased even with channel estimation errors.

Berk Akgun,O. Ozan Koyluoglu,Marwan Krunz

DOI: https://doi.org/10.1109/TCOMM.2016.2641949

2017-01-10

Abstract:We consider a broadcast channel, in which a multi-antenna transmitter (Alice) sends $K$ confidential information signals to $K$ legitimate users (Bobs) in the presence of $L$ eavesdroppers (Eves). Alice uses MIMO precoding to generate the information signals along with her own (Tx-based) friendly jamming. Interference at each Bob is removed by MIMO zero-forcing. This, however, leaves a "vulnerability region" around each Bob, which can be exploited by a nearby Eve. We address this problem by augmenting Tx-based friendly jamming (TxFJ) with Rx-based friendly jamming (RxFJ), generated by each Bob. Specifically, each Bob uses self-interference suppression (SIS) to transmit a friendly jamming signal while simultaneously receiving an information signal over the same channel. We minimize the powers allocated to the information, TxFJ, and RxFJ signals under given guarantees on the individual secrecy rate for each Bob. The problem is solved for the cases when the eavesdropper's channel state information is known/unknown. Simulations show the effectiveness of the proposed solution. Furthermore, we discuss how to schedule transmissions when the rate requirements need to be satisfied on average rather than instantaneously. Under special cases, a scheduling algorithm that serves only the strongest receivers is shown to outperform the one that schedules all receivers.

Information Theory

Die Hu,Wei Zhang,Lianghua He,Jun Wu

DOI: https://doi.org/10.1109/lwc.2018.2859329

IF: 6.3

2019-01-01

IEEE Wireless Communications Letters

Abstract:In this letter, we investigate secure transmission for multi-cell multi-user massive multiple-input multiple-output systems with an active eavesdropper. During the uplink (UL) training, the eavesdropper can attack the training phase to cause pilot contamination. To resist such pilot contamination attack (PCA), we propose a secure transmission that does not require statistical information of the channels. In the proposed transmission strategy, we first detect PCA by a simple method. If the PCA is not detected, we then estimate the UL data of the users by a semi-blind method based on an asynchronous protocol. After that, we perform the data-aided channel estimation and design the corresponding precoder. Simulation results demonstrate that the proposed transmission can effectively resist the PCA even when the PCA detection method fails.

Gui Zhou,Cunhua Pan,Hong Ren,Kezhi Wang,Kok Keong Chai,Kai-Kit Wong

DOI: https://doi.org/10.48550/arXiv.2006.05347

IF: 4.729

2020-06-09

Signal Processing

Abstract:In this paper, intelligent reflecting surface (IRS) is proposed to enhance the physical layer security in the Rician fading channel where the angular direction of the eavesdropper is aligned with a legitimate user. In this scenario, we consider a two-phase communication system under the active attacks and passive eavesdropping. Particularly, in the first phase, the base station avoids direct transmission to the attacked user. While, in the second phase, other users cooperate to forward signals to the attacked user with the help of IRS and energy harvesting technology. Under the active attacks, we investigate an outage constrained beamforming design problem under the statistical cascaded channel error model, which is solved by using the Bernstein-type inequality. As for the passive eavesdropping, an average secrecy rate maximization problem is formulated, which is addressed by a low complexity algorithm. Numerical results show that the negative effect of the eavesdropper's channel error is greater than that of the legitimate user.

Yong Chen,Tao Zhang,Xiaoqiang Qiao,Hao Wu,Jiang Zhang

DOI: https://doi.org/10.1109/access.2020.3048158

IF: 3.9

2021-01-01

IEEE Access

Abstract:This paper investigates a secure transmission in the multiple-input multiple-output (MIMO) cognitive wiretap networks, where a secondary transmitter (Alice) sends data to a secondary receiver (Bob) in the presence of an eavesdropper (Eve). In order to solve the problems of inter channel interference and inter antenna synchronization encountered by traditional MIMO technologies, the antenna transmission scheme is adopted at the transmitter. As a comparison, we design two different antenna transmission schemes, namely transmit antenna selection maximal-ratio combining (TAS-MRC) scheme and differential spatial modulation maximal-ratio combining (DSM-MRC) scheme, respectively. Moreover, due to outdated channel state information (CSI) of the interference link from Alice to the primary user (PU), we propose power control mechanism to protect the quality of service (QoS) of PU. Furthermore, the closed-form for the secrecy outage probability and the secrecy throughput with TAS-MRC and DSM-MRC schemes are derived to evaluate the secrecy performance, respectively. What's more, we explore the security diversity gain and coding gain based on the asymptotic secrecy outage probability. As the results, it demonstrates that DSM-MRC requires less CSI and is convenient for modulation and demodulation, but sacrifices some secrecy performance gains between two proposed schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Bui Minh Tuan,Diep N. Nguyen,Nguyen Linh Trung,Van-Dinh Nguyen,Nguyen Van Huynh,Dinh Thai Hoang,Marwan Krunz,Eryk Dutkiewicz

2024-10-28

Abstract:Wireless communications are particularly vulnerable to eavesdropping attacks due to their broadcast nature. To effectively deal with eavesdroppers, existing security techniques usually require accurate channel state information (CSI), e.g., for friendly jamming (FJ), and/or additional computing resources at transceivers, e.g., cryptography-based solutions, which unfortunately may not be feasible in practice. This challenge is even more acute in low-end IoT devices. We thus introduce a novel deep learning-based FJ framework that can effectively defeat eavesdropping attacks with imperfect CSI and even without CSI of legitimate channels. In particular, we first develop an autoencoder-based communication architecture with FJ, namely AEFJ, to jointly maximize the secrecy rate and minimize the block error rate at the receiver without requiring perfect CSI of the legitimate channels. In addition, to deal with the case without CSI, we leverage the mutual information neural estimation (MINE) concept and design a MINE-based FJ scheme that can achieve comparable security performance to the conventional FJ methods that require perfect CSI. Extensive simulations in a multiple-input multiple-output (MIMO) system demonstrate that our proposed solution can effectively deal with eavesdropping attacks in various settings. Moreover, the proposed framework can seamlessly integrate MIMO security and detection tasks into a unified end-to-end learning process. This integrated approach can significantly maximize the throughput and minimize the block error rate, offering a good solution for enhancing communication security in wireless communication systems.

Information Theory,Signal Processing

Xiaoming Chen,Hsiao-Hwa Chen

DOI: https://doi.org/10.1109/tsp.2014.2362890

IF: 4.875

2014-01-01

IEEE Transactions on Signal Processing

Abstract:In this paper, we consider a multi-cell MISO downlink, where a multi-antenna base station (BS) sends messages to its intended user, while a passive eavesdropper tries to intercept the information in each cell. Physical layer security is employed in order to guarantee information security. Due to incomplete channel state information (CSI) at BSs, residue inter-cell interference exists even with coordinated beamforming, which exerts a great impact on the secrecy performance. In this paper, we conduct a unified performance analysis for physical layer security with incomplete CSI, and derives closed-form expressions of ergodic secrecy rate, secrecy outage probability, and interception probability, considering CSI estimation accuracy, transmit signal to noise ratio (SNR), and channel condition. We reveal some insights on the secrecy performance through asymptotic analysis. Furthermore, based on the derived theoretical results, we propose a CSI exchange amount allocation scheme. Finally, the simulations validate our theoretical claims.

Yuanhang Cai,Wei Xi,Zhi Wang,Kun Zhao,Jinsong Han,Chen Qian,Han Ding,Jizhong Zhao

DOI: https://doi.org/10.1145/2973750.2985281

2016-01-01

Abstract:Multi-user MIMO (MU-MIMO) is proposed in 802.11ac to achieve more than 3x faster than 802.11n. In the real world no-one gets close to theoretical speeds. The primary reason for this anomaly are the various overheads of channel access and channel state information (CSI) feedback. In order to achieve concurrent data transmission,CSI feedback from users is required. However, this overhead can easily overwhelm the actual channel time spent on data transmission in large-scale network. Moreover, due to spontaneous uplink traffic, which makes the problem even more challenging.In this paper, we propose a smart CSI feedback protocol called Gabriel. Firstly, Gabriel achieves alterable CSI feedback by evaluating its validity period to eliminate the unnecessary CSI feedback operation. Secondly, we introduce a new concept named 'large time slice' to solve fairness problem. Software-radio based implementation and testbed experimentation show that Gabriel significantly outperforms state-of-the-art CSI feedback reduction methods under various traffic patterns and node mobility.

Zhiping Jiang,Jizhong Zhao,Xiang-Yang Li,Jinsong Han,Wei Xi

DOI: https://doi.org/10.1109/INFCOM.2013.6567061

2013-01-01

Abstract:Comparing to well protected data frames, Wi-Fi management frames (MFs) are extremely vulnerable to various attacks. Since MFs are transmitted without encryption or authentication, attackers can easily launch various attacks by forging the MFs. In a collaborative environment with many Wi-Fi sniffers, such attacks can be easily detected by sensing the anomaly RSS changes. However, it is quite difficult to identify these spoofing attacks without assistance from other nodes. By exploiting some unique characteristics (e.g., rapid spatial decorrelation, independence of Txpower, and much richer dimensions) of 802.11n Channel State Information (CSI), we design and implement CSITE, a prototype system to authenticate the Wi-Fi management frames on PHY layer merely by one station. Our system CSITE, built upon off-the-shelf hardware, achieves precise spoofing detection without collaboration and in-advance fingerprint. Several novel techniques are designed to address the challenges caused by user mobility and channel dynamics. To verify the performances of our solution, we conduct extensive evaluations in various scenarios. Our test results show that our design significantly outperforms the RSS-based method. We observe about 8 times improvement by CSITE over RSS-based method on the falsely accepted attacking frames.

Hui-Ming Wang,Ke-Wen Huang,Theodoros A. Tsiftsis

DOI: https://doi.org/10.48550/arXiv.1801.04104

2018-01-12

Abstract:Transmitter-side channel state information (CSI) of the legitimate destination plays a critical role in physical layer secure transmissions. However, channel training procedure is vulnerable to the pilot spoofing attack (PSA) or pilot jamming attack (PJA) by an active eavesdropper (Eve), which inevitably results in severe private information leakage. In this paper, we propose a random channel training (RCT) based secure downlink transmission framework for a time division duplex (TDD) multiple antennas base station (BS). In the proposed RCT scheme, multiple orthogonal pilot sequences (PSs) are simultaneously allocated to the legitimate user (LU), and the LU randomly selects one PS from the assigned PS set to transmit. Under either the PSA or PJA, we provide the detailed steps for the BS to identify the PS transmitted by the LU, and to simultaneously estimate channels of the LU and Eve. The probability that the BS makes an incorrect decision on the PS of the LU is analytically investigated. Finally, closed-form secure beamforming (SB) vectors are designed and optimized to enhance the secrecy rates during the downlink transmissions. Numerical results show that the secrecy performance is greatly improved compared to the conventional channel training scheme wherein only one PS is assigned to the LU.

Information Theory

Xiaoming Chen,Rui Yin

DOI: https://doi.org/10.1109/wcl.2013.061913.130344

IF: 6.3

2013-01-01

IEEE Wireless Communications Letters

Abstract:Channel state information (CSI) at the transmitter is of importance to the performance of physical layer security based on multi-antenna networks. Specifically, CSI is not only beneficial to improve the capacity of the legitimate channel, but also can be used to degrade the performance of the eavesdropper channel. Thus, the secrecy rate increases accordingly. This letter focuses on the quantitative analysis of the ergodic secrecy sum-rate in terms of feedback amount of the CSI from the legitimate users in multiuser multi-antenna downlink networks. Furthermore, the asymptotic characteristics of the ergodic secrecy sum-rate in two extreme cases is investigated in some detail. Finally, our theoretical claims are confirmed by the numerical results.

Tinghan Yang,Rongqing Zhang,Xiang Cheng,Liuqing Yang

DOI: https://doi.org/10.1109/ICC.2018.8422836

2018-01-01

Abstract:In recent years, physical layer security has been regarded as a promising concept to provide secure communications in next generation mobile systems, where theoretically massive MIMO can significantly enhance the system secrecy performance due to its advantage in shaping the transmitted signals to null the interference or leakage. However, in practical systems, the channel state information is often imperfect due to the outdated channel effect and the channel estimation error. In this paper, we investigate the physical layer security problem in a multi-user massive MIMO system under imperfect CSI. We first derive a tight asymptotic lower bound of the ergodic system secrecy capacity under imperfect CSI, and then analyze how imperfect CSI affects the system secrecy performance. Simulation results reveal the negative impact of the imperfect CSI on the secrecy performance of massive MIMO systems and the accuracy of our theoretical derivations and analysis.