Exploiting Beamforming for Enforcing Semantic Secrecy in 5G NR mmWave Communications

TL;DR

This work addresses the challenge of securing mmWave 5G NR links against eavesdropping without relying solely on cryptography. It advances a semantically-secure PLS framework built on a seeded modular coding scheme and explicit PLS code construction, integrated into the PBCH of the 5G NR cell-search procedure. By deriving upper and lower bounds on the Distinguishing Error Rate (DER) via an SCL-based approach and validating them experimentally, the study demonstrates that beamforming and channel characteristics can realize practical semantic security under realistic indoor conditions, while also revealing leakage risks due to reflections in NLOS scenarios. The results highlight the feasibility of real-time secrecy assessment and the potential of PLS to complement cryptographic security in future 6G deployments using FR2 mmWave bands.

Abstract

We experimentally investigate the performance of semantically-secure physical layer security (PLS) in 5G new radio (NR) mmWave communications during the initial cell search procedure in the NR band n257 at 27 GHz. A gNB transmits PLS-encoded messages in the presence of an eavesdropper, who intercepts the communication by non-intrusively collecting channel readings in the form of IQ samples. For the message transmission, we use the physical broadcast channel (PBCH) within the synchronization signal block. We analyze different signal-to-noise ratio (SNR) conditions by progressively reducing the transmit power of the subcarriers carrying the PBCH channel, while ensuring optimal conditions for over-the-air frequency and timing synchronization. We measure the secrecy performance of the communication in terms of upper and lower bounds for the distinguishing error rate (DER) metric for different SNR levels and beam angles when performing beamsteering in indoor scenarios, such as office environments and laboratory settings.

Figures (10)

• Figure 1: Seeded modular coding scheme for the wiretap channel $(W_{B},W_{E})$, showing its component secrecy functions ($f_s^{-1}$,$f_s$) and transmission codes.
• Figure 2: 5G NR time-frequency frame structure used for secure message transmission via PBCH within the SSB#0 (zoomed view). The gray region represents random (dummy) data sent with a relative transmit power of 0dB.
• Figure 3: Relative transmit power w.r.t. the absolute transmit power, $P_{\text{Tx}}$, in \ref{['tab:scenarios']} used for the SSB in \ref{['fig:ssb_tf_grid']} (left). The received PSS and PBCH constellation diagrams, for different $P_{\text{PBCH}}$ values in dB for scenario 2 with $\theta=0$° are shown along with their error vector magnitude (EVM) in % (right).
• Figure 4: Modified physical-layer procedure for the PBCH at the transmitter, including a secrecy encoder and the concatenation of multiple codewords.
• Figure 5: Blueprint of the investigated indoor NLOS and LOS indoor scenarios, showing the radiation pattern of the transmit and receive antennas.