Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Explainable Adversarial Learning Framework on Physical Layer Secret Keys Combating Malicious Reconfigurable Intelligent Surface

Zhuangkun Wei, Wenxiu Hu, Junqing Zhang, Weisi Guo, Julie McCann

TL;DR

This work tackles MITM-RIS eavesdropping in physical-layer secret key generation by introducing an adversarial learning framework that trains Alice and Bob to produce common features in a space inaccessible to a Mallory Eve. The key theoretical anchor is a positive mutual information gap ensuring a safe feature space, coupled with a two-NN legitimate feature generator and an adversarial Mallory NN, optimized via correlation-based losses. To enhance trust and practicality, the authors apply symbolic Meijer G-function metamodelling to extract explicit, interpretable formulas for the feature generators, yielding an explicit-formula-based solution that preserves high SKR even under full Eve knowledge. Extensive simulations demonstrate robust key agreement between legitimate users and strong resistance to NN-based and explicit-form Eve models, supporting secure operation with untrusted reflective devices in future 6G networks.

Abstract

Reconfigurable intelligent surfaces (RIS) can both help and hinder the physical layer secret key generation (PL-SKG) of communications systems. Whilst a legitimate RIS can yield beneficial impacts, including increased channel randomness to enhance PL-SKG, a malicious RIS can poison legitimate channels and crack almost all existing PL-SKGs. In this work, we propose an adversarial learning framework that addresses Man-in-the-middle RIS (MITM-RIS) eavesdropping which can exist between legitimate parties, namely Alice and Bob. First, the theoretical mutual information gap between legitimate pairs and MITM-RIS is deduced. From this, Alice and Bob leverage adversarial learning to learn a common feature space that assures no mutual information overlap with MITM-RIS. Next, to explain the trained legitimate common feature generator, we aid signal processing interpretation of black-box neural networks using a symbolic explainable AI (xAI) representation. These symbolic terms of dominant neurons aid the engineering of feature designs and the validation of the learned common feature space. Simulation results show that our proposed adversarial learning- and symbolic-based PL-SKGs can achieve high key agreement rates between legitimate users, and is further resistant to an MITM-RIS Eve with the full knowledge of legitimate feature generation (NNs or formulas). This therefore paves the way to secure wireless communications with untrusted reflective devices in future 6G.

Explainable Adversarial Learning Framework on Physical Layer Secret Keys Combating Malicious Reconfigurable Intelligent Surface

TL;DR

This work tackles MITM-RIS eavesdropping in physical-layer secret key generation by introducing an adversarial learning framework that trains Alice and Bob to produce common features in a space inaccessible to a Mallory Eve. The key theoretical anchor is a positive mutual information gap ensuring a safe feature space, coupled with a two-NN legitimate feature generator and an adversarial Mallory NN, optimized via correlation-based losses. To enhance trust and practicality, the authors apply symbolic Meijer G-function metamodelling to extract explicit, interpretable formulas for the feature generators, yielding an explicit-formula-based solution that preserves high SKR even under full Eve knowledge. Extensive simulations demonstrate robust key agreement between legitimate users and strong resistance to NN-based and explicit-form Eve models, supporting secure operation with untrusted reflective devices in future 6G networks.

Abstract

Reconfigurable intelligent surfaces (RIS) can both help and hinder the physical layer secret key generation (PL-SKG) of communications systems. Whilst a legitimate RIS can yield beneficial impacts, including increased channel randomness to enhance PL-SKG, a malicious RIS can poison legitimate channels and crack almost all existing PL-SKGs. In this work, we propose an adversarial learning framework that addresses Man-in-the-middle RIS (MITM-RIS) eavesdropping which can exist between legitimate parties, namely Alice and Bob. First, the theoretical mutual information gap between legitimate pairs and MITM-RIS is deduced. From this, Alice and Bob leverage adversarial learning to learn a common feature space that assures no mutual information overlap with MITM-RIS. Next, to explain the trained legitimate common feature generator, we aid signal processing interpretation of black-box neural networks using a symbolic explainable AI (xAI) representation. These symbolic terms of dominant neurons aid the engineering of feature designs and the validation of the learned common feature space. Simulation results show that our proposed adversarial learning- and symbolic-based PL-SKGs can achieve high key agreement rates between legitimate users, and is further resistant to an MITM-RIS Eve with the full knowledge of legitimate feature generation (NNs or formulas). This therefore paves the way to secure wireless communications with untrusted reflective devices in future 6G.
Paper Structure (38 sections, 55 equations, 14 figures, 1 algorithm)

This paper contains 38 sections, 55 equations, 14 figures, 1 algorithm.

Table of Contents

  1. Introduction
  2. Problem Formulation
  3. Channel and Signal Models
  4. MITM-RIS Eve Threats to Existing PL-SKGs
  5. MITM-RIS Eve against CSI-based Common Features
  6. MITM-RIS Eve against Two-Way Cross-Multiplication-based Common Features
  7. Adversarial Learning-based Common Feature Generator Design
  8. Theoretical Positive SKR of Two-way Signals
  9. Structure of Adversarial Learning-based Design
  10. Legitimate Feature Generators of Alice and Bob
  11. Adversarial Network of Mallory
  12. Dataset Construction
  13. Loss Function
  14. Algorithm Flow of Training Process
  15. Computational Complexity Analysis
  16. ...and 23 more sections

Figures (14)

  • Figure 1: Overview of the adversarial learning-based PL-SKG, with MITM-RIS Eve threat.
  • Figure 2: The designed adversarial learning structure to train Alice's and Bob's common feature generators, including common feature generator NNs and adversarial NN (an assumed MITM-RIS Mallory by Alice and Bob).
  • Figure 3: The appearance frequency of the special terms derived from fitted Meijer G functions.
  • Figure 4: Visualization of common features generated by trained Alice and Bob generator NNs: periodic features that are non-learnable by adversarial Mallory, and non-periodic features that are learnable by adversarial Mallory.
  • Figure 5: Convergence of loss functions over training epochs for the adversarial learning-based legitimate common feature generator NNs and the adversarial NN.
  • ...and 9 more figures

Theorems & Definitions (4)

  • Remark 1
  • Remark 2
  • Remark 3
  • Remark 4