On User Selective Eavesdropping Attacks in MU-MIMO: CSI Forgery and Countermeasure

Multiuser MIMO (MU-MIMO) empowers access points (APs) with multiple antennas to transmit multiple data streams concurrently to users by exploiting spatial multiplexing. In MU-MIMO, users need to estimate channel state information (CSI) and report it to APs, thus opening a backdoor to attackers who may forge CSI to eavesdrop the content of victims. In this paper, we explore the eavesdropping attack in a novel and practical context in which CSI forgery entangles MU-MIMO user selection in a many-users regime. The attacker hopes to optimize both the eavesdropping opportunity of being selected with the victim and the corresponding decoding quality. We propose new attack and defense mechanisms: (1) USE Attack that enables attackers to achieve near optimal eavesdropping opportunity and high decoding quality through constructing orthogonal CSI against victims followed by stepwise refinements; (2) AngleSec that exploits channel reciprocity for attacker detection without any modification to legacy CSI feedback in which CSI forgery induces a mismatching of downlink and uplink angular spectra at the AP. We implement and evaluate USE Attack and AngleSec in a software defined radio platform WARPv3. Extensive experiments manifest that USE Attack significantly improves the overall eaves-dropping quality compared with state-of-the-art counterparts and AngleSec is able to detect CSI forgery attackers almost for sure.

[1]  Zhe Chen,et al.  BUSH: Empowering large-scale MU-MIMO in WLANs with hybrid beamforming , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[2]  Kang G. Shin,et al.  Vulnerability and Protection of Channel State Information in Multiuser MIMO Networks , 2014, CCS.

[3]  R. O. Schmidt,et al.  Multiple emitter location and signal Parameter estimation , 1986 .

[4]  Jie Xiong,et al.  SecureArray: improving wifi security with fine-grained physical-layer information , 2013, MobiCom.

[5]  Sheng Zhong,et al.  Stemming Downlink Leakage from Training Sequences in Multi-User MIMO Networks , 2016, CCS.

[6]  Sung-Ju Lee,et al.  STROBE: Actively securing wireless communications using Zero-Forcing Beamforming , 2012, 2012 Proceedings IEEE INFOCOM.

[7]  N.D. Sidiropoulos,et al.  On downlink beamforming with greedy user selection: performance analysis and a simple new algorithm , 2005, IEEE Transactions on Signal Processing.

[8]  A. Lee Swindlehurst,et al.  Detecting passive eavesdroppers in the MIMO wiretap channel , 2012, 2012 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[9]  Ashutosh Sabharwal,et al.  Impact of Channel State Misreporting on Multi-user Massive MIMO Scheduling Performance , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[10]  Helmut Bölcskei,et al.  An overview of MIMO communications - a key to gigabit wireless , 2004, Proceedings of the IEEE.

[11]  Ming-Syan Chen,et al.  SIEVE: Scalable user grouping for large MU-MIMO systems , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[12]  Edward W. Knightly,et al.  IEEE 802.11ac: from channelization to multi-user MIMO , 2013, IEEE Communications Magazine.

[13]  R. Michael Buehrer,et al.  The impact of AOA energy distribution on the spatial fading correlation of linear antenna array , 2002, Vehicular Technology Conference. IEEE 55th Vehicular Technology Conference. VTC Spring 2002 (Cat. No.02CH37367).

[14]  Dina Katabi,et al.  Interference alignment and cancellation , 2009, SIGCOMM '09.

[15]  Andrea J. Goldsmith,et al.  On the optimality of multiantenna broadcast scheduling using zero-forcing beamforming , 2006, IEEE Journal on Selected Areas in Communications.

[16]  Jiann-Ching Guey,et al.  Modeling and evaluation of MIMO systems exploiting channel reciprocity in TDD mode , 2004, IEEE 60th Vehicular Technology Conference, 2004. VTC2004-Fall. 2004.

[17]  Xinyu Zhang,et al.  Scalable user selection for MU-MIMO networks , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[18]  Limin Sun,et al.  On eavesdropping attacks and countermeasures for MU-MIMO systems , 2017, MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM).

[19]  Kyu-Han Kim,et al.  Practical MU-MIMO user selection on 802.11ac commodity networks , 2016, MobiCom.