Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Reconfigurable Intelligent Surfaces: The New Frontier of Next G Security

Jacek Kibilda, Nurul H. Mahmood, André Gomes, Matti Latva-aho, Luiz A. DaSilva

TL;DR

The key takeaway from the evaluation is that an effective attack requires accurate channel information, a RIS deployed in a favorable location (from the point of view of the attacker), and it disproportionately affects legitimate links that already suffer from reduced path loss.

Abstract

RIS is one of the significant technological advancements that will mark next-generation wireless. RIS technology also opens up the possibility of new security threats, since the reflection of impinging signals can be used for malicious purposes. This article introduces the basic concept for a RIS-assisted attack that re-uses the legitimate signal towards a malicious objective. Specific attacks are identified from this base scenario, and the RIS-assisted signal cancellation attack is selected for evaluation as an attack that inherently exploits RIS capabilities. The key takeaway from the evaluation is that an effective attack requires accurate channel information, a RIS deployed in a favorable location (from the point of view of the attacker), and it disproportionately affects legitimate links that already suffer from reduced path loss. These observations motivate specific security solutions and recommendations for future work.

Reconfigurable Intelligent Surfaces: The New Frontier of Next G Security

TL;DR

The key takeaway from the evaluation is that an effective attack requires accurate channel information, a RIS deployed in a favorable location (from the point of view of the attacker), and it disproportionately affects legitimate links that already suffer from reduced path loss.

Abstract

RIS is one of the significant technological advancements that will mark next-generation wireless. RIS technology also opens up the possibility of new security threats, since the reflection of impinging signals can be used for malicious purposes. This article introduces the basic concept for a RIS-assisted attack that re-uses the legitimate signal towards a malicious objective. Specific attacks are identified from this base scenario, and the RIS-assisted signal cancellation attack is selected for evaluation as an attack that inherently exploits RIS capabilities. The key takeaway from the evaluation is that an effective attack requires accurate channel information, a RIS deployed in a favorable location (from the point of view of the attacker), and it disproportionately affects legitimate links that already suffer from reduced path loss. These observations motivate specific security solutions and recommendations for future work.
Paper Structure (17 sections, 5 figures, 1 table)

This paper contains 17 sections, 5 figures, 1 table.

Table of Contents

  1. Introduction
  2. RIS Characterization
  3. RIS-assisted Attacks and Vulnerabilities
  4. Signal cancellation attack
  5. Attack against pilot sequences
  6. Attack against beam management
  7. Attack against channel equalization
  8. Attack against PKG
  9. Attack against PLA
  10. RIS-aided jamming
  11. RIS-Assisted Signal Cancellation Attack
  12. RIS Design
  13. Relative Location
  14. Channel Estimate Error
  15. Implications to Next G Security and Future Directions
  16. ...and 2 more sections

Figures (5)

  • Figure 1: Illustrative scenario of a communication link under threat from an adversarial RIS.
  • Figure 2: Effectiveness of the attack versus the number of RIS elements in the LoS case.
  • Figure 3: Effectiveness of the attack versus the number of RIS elements in the NLoS case.
  • Figure 4: Effectiveness of the RIS-assisted attack by a RIS moving over a horizontal line connecting the points $(0,y)$ and $(50, y)$, with the transmitter and receiver located at $(0,0)$ and $(50, 0)$, respectively, and the direct link is NLoS. Dashed lines act as reference for each transmitter array size setting, representing SNR for a direct link with "no RIS".
  • Figure 5: Effectiveness of the attack in the presence of channel estimate error.