Eavesdropping via pilot relay attack

In this paper, we propose a new type of attack from the perspective of the eavesdropper. The full-duplex eavesdropper acts as a relay in the uplink channel estimation phase forwarding the received pilot signal from legitimate receiver to confound the legitimate transmitter. Compared to pilot spoofing attack, which needs the eavesdropper to know the pilot signal accurately, the pilot relay attack only needs the eavesdropper to know the frame structure of the legitimate transceiver pair. In this paper, we study the optimal amplify-and-forward strategy of the eavesdropper so that its eavesdropping behavior is harder to be detected by maximizing the transmission rate from the legitimate transmitter to the legitimate receiver under the constraint that the eavesdropping rate is larger than the legitimate transmission rate. Furthermore, we analyze the performance of the pilot relay attack when Eve is at different locations, the simulations have shown that different strategies should be adopted at different locations.

[1]  S. Kay Fundamentals of statistical signal processing: estimation theory , 1993 .

[2]  Erik G. Larsson,et al.  Scaling Up MIMO: Opportunities and Challenges with Very Large Arrays , 2012, IEEE Signal Process. Mag..

[3]  Imre Csiszár,et al.  Broadcast channels with confidential messages , 1978, IEEE Trans. Inf. Theory.

[4]  Qi Xiong,et al.  An Energy-Ratio-Based Approach for Detecting Pilot Spoofing Attack in Multiple-Antenna Systems , 2015, IEEE Transactions on Information Forensics and Security.

[5]  Jitendra K. Tugnait,et al.  Self-Contamination for Detection of Pilot Contamination Attack in Multiple Antenna Systems , 2015, IEEE Wireless Communications Letters.

[6]  Ying-Chang Liang,et al.  Downlink channel covariance matrix (DCCM) estimation and its applications in wireless DS-CDMA systems , 2001, IEEE J. Sel. Areas Commun..

[7]  Steven Kay,et al.  Fundamentals Of Statistical Signal Processing , 2001 .

[8]  Rui Zhang,et al.  Active eavesdropping via spoofing relay attack , 2015, 2016 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[9]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[10]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[11]  Qi Xiong,et al.  Secure Transmission Against Pilot Spoofing Attack: A Two-Way Training-Based Scheme , 2016, IEEE Transactions on Information Forensics and Security.

[12]  Xiangyun Zhou,et al.  Pilot Contamination for Active Eavesdropping , 2012, IEEE Transactions on Wireless Communications.

[13]  Björn E. Ottersten,et al.  Detection of pilot contamination attack using random training and massive MIMO , 2013, 2013 IEEE 24th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC).

[14]  Ying-Chang Liang,et al.  Optimal power allocation for fading channels in cognitive radio networks: Ergodic capacity and outage capacity , 2008, IEEE Transactions on Wireless Communications.

[15]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[16]  Alex B. Gershman,et al.  Training-based MIMO channel estimation: a study of estimator tradeoffs and optimal training signals , 2006, IEEE Transactions on Signal Processing.