skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Non-Diagonal RIS Empowered Channel Reciprocity Attacks on TDD-Based Wireless Systems
Reconfigurable intelligent surface (RIS) technology can enhance the performance of wireless systems, but an ad-versary can use such technology to deteriorate communication links. This paper explores an RIS-based attack on multi-user wireless systems that require channel reciprocity for time-division duplexing (TDD). We demonstrate that deploying an RIS with a non-diagonal phase shift matrix can compromise channel reciprocity and lead to poor TDD performance. The attack can be achieved without transmission of signal energy, without channel state information (CSI), and without synchronization with the legitimate system, and thus it is difficult to detect and counteract. We provide an extensive set of simulation studies on the impact of such an attack on the achievable sum rate of the legitimate system, and we design a heuristic algorithm for optimizing the attack in cases where some partial knowledge of the CSI is available. Our results demonstrate that this channel reciprocity attack can significantly degrade the performance of the legitimate system.  more » « less
Award ID(s):
2107182 2030029
PAR ID:
10598706
Author(s) / Creator(s):
; ;
Publisher / Repository:
IEEE
Date Published:
ISBN:
978-1-7281-9054-9
Page Range / eLocation ID:
127 to 132
Format(s):
Medium: X
Location:
Denver, CO, USA
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, IEEE)
    While reconfigurable intelligent surface (RIS) technology shows great promise for wireless communication, an adversary using such technology can threaten wireless performance. This paper explores an RIS-based attack on time-division duplex (TDD) based wireless systems that use channel reciprocity for physical layer key generation (PLKG). We demonstrate that deploying a non-reciprocal RIS with a non-symmetric "beyond diagonal" (BD) phase shift matrix can compromise channel reciprocity and thus break key consistency. The attack can be achieved without transmission of signal energy, channel state information (CSI), and synchronization with the legitimate system, and thus it is difficult to detect and counteract. We propose a physically consistent BD-RIS model and verify the impact of its attack on the secret key rate (SKR) of the legitimate system via simulations. Moreover, we provide a heuristic approach for optimizing the BD-RIS configuration to realize a more severe attack in cases where some partial knowledge of the channel state information is available. Our results demonstrate that such channel reciprocity attacks can significantly decrease the SKR of the legitimate system. 
    more » « less
  2. (, 2017 IEEE 85th Vehicular Technology Conference: VTC2017-Spring)
    We consider detection of spoofing relay attack in time-division duplex (TDD) multiple antenna systems where an adversary operating in a full-duplex mode, amplifies and forwards the training signal of the legitimate receiver. In TDD systems, the channel state information (CSI) can be acquired using reverse training. The spoofing relay attack contaminates the channel estimation phase. Consequently the beamformer designed using the contaminated channel estimate can lead to a significant information leakage to the attacking adversary. A recent approach proposed using the minimum description length (MDL) criterion to detect spoofing relay attack. In this paper we augment this approach with joint channel estimation and secure beamforming to mitigate the effects of pilot contamination by spoofing relay. The proposed mitigation approach is illustrated via simulations. 
    more » « less
  3. (, IEEE Wireless Communications Letters)
    In a time-division duplex (TDD) multiple antenna system, the channel state information (CSI) can be estimated using reverse training. A pilot spoofing attack occurs when during the training phase, an adversary (spoofer) also sends identical training (pilot) signal as that of the legitimate receiver. This contaminates channel estimation and alters the legitimate precoder design, facilitating eavesdropping. A recent approach proposed superimposing a random sequence on the training sequence at the legitimate receivers, and then using the minimum description length (MDL) criterion to detect pilot spoofing attack via source enumeration. In this letter, we extend this approach by exploiting temporal subspace properties of the pilot signals in conjunction with the MDL criterion, to determine which pilots are contaminated by a spoofer, and which ones are free of spoofing attack. The identification performance is illustrated via simulations. 
    more » « less
  4. (, 2017 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP))
    In a time-division duplex (TDD) multiple antenna system, the channel state information (CSI) can be estimated using reverse training. A pilot contamination (spoofing) attack occurs when during the training phase, an adversary also sends identical training (pilot) signal as that of the legitimate receiver. This contaminates channel estimation and alters the legitimate beamformimg design, facilitating eavesdropping. A recent approach proposed superimposing a random sequence on the training sequence at the legitimate receiver and then using the minimum description length (MDL) criterion to detect pilot contamination attack. In this paper we augment this approach with joint estimation of both legitimate receiver and eavesdropper channels, and secure beamforming, to mitigate the effects of pilot spoofing. The proposed mitigation approach is illustrated via simulations. 
    more » « less
  5. (, 2018 52nd Asilomar Conference on Signals, Systems, and Computers)
    In a time-division duplex (TDD) multiple antenna system, the channel state information (CSI) can be estimated using reverse training. A pilot contamination (spoofing) attack occurs when during the training phase, an adversary also sends identical training (pilot) signal as that of the legitimate receiver. This contaminates channel estimation and alters the legitimate beamforming design, facilitating eavesdropping. Most of past approaches to pilot spoofing detection are limited to flat fading channels. A recent approach proposed superimposing a random sequence on the training sequence at the legitimate receiver for detection of pilot spoofing attack over frequency selective channels, with unknown channels and channel lengths, except that an upper bound on the number of channel taps is assumed to be known. In this paper we augment this approach with joint estimation of both legitimate receiver and eavesdropper channels, and secure time-reversal precoding, to mitigate the effects of pilot spoofing. The proposed mitigation approach is illustrated via simulations. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email