The Battle of Metasurfaces: Understanding Security in Smart Radio Environments

TL;DR

This work investigates symmetric metasurface battles where attacker and defender possess comparable programmable surfaces to shape wireless propagation. By combining theoretical modeling with real-world experiments, it shows how two metasurfaces interact to optimize or disrupt power, sensing, and privacy tasks, revealing that outcomes depend on timing, placement, algorithmic strategy, and hardware scale. The authors provide an analytical framework for dual-surface channels, validate it across case studies in jamming, PHY security (Protego), and sensing manipulation (IRShield, RISiren), and demonstrate that opposing surfaces can substantially negate each other’s gains. The findings highlight new avenues for designing resilient physical-layer systems in smart radio environments and motivate future work on multiparty battles and electromagnetic cloning concepts.

Abstract

Metasurfaces, or Reconfigurable Intelligent Surfaces (RISs), have emerged as a transformative technology for next-generation wireless systems, enabling digitally controlled manipulation of electromagnetic wave propagation. By turning the traditionally passive radio environment into a smart, programmable medium, metasurfaces promise advances in communication and sensing. However, metasurfaces also present a new security frontier: both attackers and defenders can exploit them to alter wireless propagation for their own advantage. While prior security research has primarily explored unilateral metasurface applications - empowering either attackers or defenders - this work investigates symmetric scenarios, where both sides possess comparable metasurface capabilities. Using both theoretical modeling and real-world experiments, we analyze how competing metasurfaces interact for diverse objectives, including signal power and sensing perception. Thereby, we present the first systematic study of context-agnostic metasurface-to-metasurface interactions and their implications for wireless security. Our results reveal that the outcome of metasurface "battles" depends on an interplay of timing, placement, algorithmic strategy, and hardware scale. Across multiple case studies in Wi-Fi environments, including wireless jamming, channel obfuscation for sensing and communication, and sensing spoofing, we demonstrate that opposing metasurfaces can substantially or fully negate each other's effects. By undermining previously proposed security and privacy schemes, our findings open new opportunities for designing resilient and high-assurance physical-layer systems in smart radio environments.

Figures (16)

• Figure 1: (a) Illustration of metasurface operation principle. (b) One-sided metasurface scenarios studied in prior work. (c) Balanced capability system model studied in this work.
• Figure 2: Wireless channel composition in presence of two metasurfaces.
• Figure 3: Experimental setup including both metasurfaces, antennas, measurement systems and the host computer.
• Figure 4: Case study of a metasurface-battle about wireless jamming. (a) Illustration of the involved parties, (b) Bob's reception rate of packets from Alice over Eve's jamming power gain.
• Figure 5: Evolution of wireless channel magnitudes during metasurface optimization considering three relative battle timings (top). Resulting metasurface configurations (bottom).