A Product Channel Attack to Wireless Physical Layer Security

TL;DR

This work proposes a novel attack that compromises the physical layer security in wireless systems with eavesdropper’s channel state information at the transmitter side and shows that the use of multiple antennas at the BS may partially alleviate but not immunize against these type of attacks.

Abstract

We propose a novel attack that compromises the physical layer security of downlink (DL) communications in wireless systems. This technique is based on the transmission of a slowly-varying random symbol by the eavesdropper during its uplink transmission, so that the equivalent fading channel observed at the base station (BS) has a larger variance. Then, the BS designs the secure DL transmission under the assumption that the eavesdropper's channel experiences a larger fading severity than in reality. We show that this approach can lead the BS to transmit to Bob at a rate larger than the secrecy capacity, thus compromising the system secure operation. Our analytical results, corroborated by simulations, show that the use of multiple antennas at the BS may partially alleviate but not immunize against these type of attacks.

Figures (4)

• Figure 1: CSI availability at the BS (Alice) for the system model under consideration. For simplicity, only the users of interest are represented.
• Figure 2: Average secrecy capacity $(\overline C_{\rm S})$ vs. average compromised rate $(\overline R_{\rm S})$ as a function of $\overline \gamma_{\rm 0}$, with $\overline \gamma_{\rm E}=5\;$dB and $M=1,2,4,8$. Markers correspond to MC simulations.
• Figure 3: Average secrecy capacity $(\overline C_{\rm S})$ vs. average compromised rate $(\overline R_{\rm S})$ as a function of $\overline \gamma_{\rm 0}$, with $M=4$ and $\overline \gamma_{\rm E}=\{5,10,15\}\;$dB. Markers correspond to MC simulations.
• Figure 4: Excess secrecy rate $\mathcal{D}$ as a function of $\overline \gamma_{\rm B}$, for different numbers of antennas and different distributions for the synthetic symbol $\theta_{\rm E}$; $\overline \gamma_{\rm E}=15\,$dB for $M=1$ and then reduced by $10\log_{10}M\,$(dB).