Pilot Spoofing Attack on the Downlink of Cell-Free Massive MIMO: From the Perspective of Adversaries
Abstract
The channel hardening effect is less pronounced in the cell-free massive multiple-input multiple-output (mMIMO) system compared to its cellular counterpart, making it necessary to estimate the downlink effective channel to ensure decent performance. However, the downlink training inadvertently creates an opportunity for adversarial nodes to launch pilot spoofing attacks (PSAs). First, we demonstrate that adversarial distributed access points (APs) can severely degrade the achievable downlink rate. They achieve this by estimating their channels to users in the uplink training phase and then precoding and sending the same pilot sequences as those used by legitimate APs during the downlink training phase. Then, the impact of the downlink PSA is investigated by rigorously deriving a closed-form expression of the per-user achievable downlink rate. By employing the min-max criterion to optimize the power allocation coefficients, the maximum per-user achievable rate of downlink transmission is minimized from the perspective of adversarial APs. As an alternative to the downlink PSA, adversarial APs may opt to precode random interference during the downlink data transmission in order to disrupt legitimate communications. In this scenario, the achievable downlink rate is derived, and then power optimization algorithms are also developed. We present numerical results to showcase the detrimental impact of the downlink PSA and compare the effects of these two types of attacks.
Index Terms:
Cell-free massive MIMO, pilot spoofing attack, downlink training, achievable rate, power optimizationI Introduction
Cell-free massive multiple-input multiple-output (mMIMO) systems are a distributed network consisting of a large number of randomly located access points (APs) [1]. Compared to its cellular counterpart, the cell-free mMIMO system provides ubiquitous communications with high spectral efficiency thanks to its additional macro-diversity and greater ability of interference suppression. Moreover, cell-free mMIMO is scalable in the sense that the signal processing and fronthaul signaling tasks remain feasible when the number of users in the network increases [2]. Hence, cell-free mMIMO is regarded as a promising physical layer technique for Beyond 5G (B5G) and towards Sixth-Generation (6G) networks.
On the other hand, due to their broadcast nature, wireless communications are vulnerable to adversarial attacks. Traditional methods for security are to implement cryptographic encryption in the application layer. However, this approach is potentially insecure as it is based on the assumption of computational complexity [3]. As an alternative, physical layer security has become one of effective means to realize secure communications [4]. Rather than resorting to high-level cryptographic methods, physical layer security techniques employ information-theoretic security and signal processing techniques. Generally, passive and active attacks are the two major concerns in this context. In particular, cell-free mMIMO can dramatically boost security against passive eavesdropping thanks to its inherited capability from cellular mMIMO to concentrate the transmission energy in the direction of legitimate users [5]. However, when an eavesdropper launches active attacks, the secrecy rate will be dramatically reduced. For example, the channel state information (CSI), which is crucial for exploiting the benefits of cell-free mMIMO, is generally estimated by sending pilots ahead of payload data transmission [6]. Nevertheless, this training phase creates an opportunity for adversarial nodes to launch attacks. By sending the same pilots as legitimate users do, the channel estimates can be contaminated, resulting in severe information leakage on the downlink transmission [7]. Such a mechanism, referred to as pilot spoofing attacks (PSAs), was first documented in [8] and has received a great deal of attention since then.
I-A Related Work
Cell-free mMIMO, like its cellular counterpart, is incredibly susceptible to PSAs. As a result, significant efforts have gone into developing its detection methods and countermeasures, and useful algorithms have been developed. In [6], an energy-based method to detect the presence of PSAs in cell-free mMIMO was proposed, and then path-following algorithms were developed to solve an optimization problem aiming at maximizing the achievable rate of legitimate users. More recently, the authors in [9] presented the first performance analysis of physical layer downlink secure transmission in a scalable cell-free mMIMO system, where stochastic geometry was used to model the node locations. The secrecy energy efficiency optimization problem was studied in multi-user multi-eavesdropper cell-free mMIMO networks, where a confidential and energy-efficient design for transmit power allocation was developed [10]. For the downlink of cell-free mMIMO, reference [11] investigated the threat of passive eavesdropping on downlink cell-free mMIMO systems. Artificial noise was employed to jam the eavesdropper’s signal under the effect of imperfect channel estimation. The angle-domain filtering method was developed in [12] to reduce the eavesdropping and interference from illegal users, thereby improving the secure transmission.
More recently, the impact of radio frequency (RF) impairments on the ergodic secrecy rate of cell-free mMIMO systems was evaluated, and compensation algorithms for these nonidealities were proposed in [13]. While the authors of [14] analyzed the potential of the reconfigurable intelligent surface (RIS) in boosting the secrecy capacity of cell-free mMIMO systems under PSAs, where the power coefficients at APs and RIS phase shifts were jointly optimized. Addressing the problem of information leakage in user-centric cell-free mMIMO system, the precoding was optimized via formulating a secrecy rate maximization problem under the minimum rate requirements of users and the power constraints of APs [15]. Besides, it is worth noting that due to the similarities between cellular and cell-free mMIMO systems, some algorithms originally designed for cellular mMIMO are still applicable to cell-free MIMO systems [16].
I-B Motivation and Contributions
We draw attention to the fact that current research focuses on PSAs in uplink training—that is, when uplink pilots are being transmitted. This is because the data detection on the downlink of cellular mMIMO relies on statistical CSI, so the downlink training phase is often unnecessary [17]. This is manifested by the phenomenon called channel hardening, which is observed at the receiver when a signal is transmitted by a large number of antennas [18]. Since the channel hardening effect is not as strong as it is in cellular mMIMO scenarios, this approach is not favored in cell-free mMIMO networks. In order to considerably increase the achievable rate for cell-free mMIMO systems, the concept of downlink training was introduced in [19].
The downlink training, however, brings about a fresh issue. Despite its advantages, it unintentionally gives adversarial nodes a chance to launch PSAs. Our work is primarily driven by the need to comprehend how the PSA affects the achievable downlink rate during the downlink training phase. To the best of our knowledge, this work is the first to examine downlink PSAs in cell-free mMIMO networks. The main contributions are summarized as follows.
-
•
Modeling and analysis are carried out to determine how the downlink PSA will affect the cell-free mMIMO system. With regards to the achievable downlink rate in the presence of PSAs, a closed-form expression is developed. A performance analysis examining how the achievable rate varies with the key system parameters is conducted.
-
•
To minimize the maximum per-user achievable rate of downlink transmission, the power allocation coefficients of adversarial APs are optimized by using the min-max criterion. In particular, the downlink per-user achievable rate provided by the optimized coefficients is compared with that of equal power allocation.
-
•
Furthermore, in lieu of launching downlink PSAs, we propose to let adversarial APs send precoded random interference during the downlink data transmission phase to disrupt legitimate communications. Similarly, the corresponding min-max power allocation problem is investigated. Results show that with a given transmit power budget, attacking the downlink data transmission phase is more effective in terms of reducing the achievable rate.
The remainder of this paper is organized as follows. The considered system model is illustrated in Section II. The description of downlink PSA is detailed in Section III. Section IV presents the achievable downlink rate analysis and optimal power allocation from the perspective of adversarial APs. The achievable rate analysis and power allocation with respect to attacking the downlink data transmission phase are presented in Section V. Numerical simulations are conducted to validate our analysis in Section VI. Finally, concluding remarks are made in Section VII.
: indicates a complex matrix of dimension . Bold variables represent matrices and vectors. Random variable denotes a complex Gaussian distribution with mean and variance . , , , and refer to the transpose, conjugate transpose, complex conjugate, and norm operators, respectively. indicates the element of the -th row and -th column of matrix . Finally, , , and are taken to mean the expectation, variance, and covariance operators, respectively.
II System Model Description
We consider a cell-free mMIMO network with APs and users. All APs and users are equipped with a single antenna and randomly located in a large area. Besides, the APs are connected to a central processing unit (CPU) via a backhaul network. It is assumed that APs simultaneously serve users using the same time-frequency resources. In particular, the channel between the -th AP and the -th user is denoted by
(1) |
where is the small-scale fading coefficient, and indicates the large-scale fading coefficient, which models the path-loss and shadowing effects. Since fluctuates slowly and can be accurately estimated and tracked, it is assumed that the APs and users have perfect knowledge of these coefficients. In addition, all nodes are supposed to be perfectly synchronized and operate in the time-duplex division (TDD) mode. Each TDD coherence interval is divided into four phases: uplink training, uplink data transmission, downlink training, and downlink data transmission.
II-A Uplink Training
First, we provide a quick summary of the uplink training. Denoted by , , the uplink pilot sequence assigned to the -th user, with being the pilot length. It is assumed that the pilot sequences assigned to different users are mutually orthonormal, i.e., , where denotes the Kronecker delta.
After channel propagation, the received pilot vector at the -th AP is given by
(2) |
where the subscript “up” denotes uplink pilots, is the normalized transmit signal-to-noise ratio (SNR) of uplink pilots, and is the additive noise vector with its elements obeying a distribution of . The -th AP then projects onto and estimates the channel coefficient using the minimum mean square error (MMSE) method. The channel estimate of is given by
(3) |
Denoting by the channel estimation error, we have
(4) | ||||
where . Attributed to the property of MMSE estimation, and are mutually uncorrelated.
II-B Downlink Training with Beamforming
During this phase, the downlink pilot sequences are beamformed to users using conjugate beamforming. Similarly, let be the downlink pilot sequence used by the -th user, where . Hence, the downlink pilot vector to be transmitted by the -th AP is given by [20]
(5) |
where the subscript “dp” denotes downlink pilots, is the normalized transmit SNR of the downlink pilots, and is the power coefficient used by the -th AP for transmission to the -th user. Therefore, the downlink pilot vector received by the -th user is
(6) |
where is the noise vector and its element has the same distribution as that of , and . In particular, describes the effective downlink channel and can be estimated by first projecting onto pilot sequence to obtain , and then applying the MMSE channel estimation method. Therefore, the estimation results of is obtained as follows [19]
(7) |
where
(8) | ||||
The channel estimation error is given by , which is uncorrelated with the corresponding channel estimate, just as in the case of uplink training. Despite an increase in the per-user achievable rate, we emphasize that the downlink training phase poses a possible threat to legitimate transmission, as will be demonstrated below.
III PSA in the Downlink Training Phase
Suppose there are adversarial APs distributed in the same region as legitimate APs, as depicted in Fig. 1. In particular, the channel between the -th adversarial AP and the -th user is modeled as
(9) |
where is the small-scale fading factor, whilst is the large-scale fading coefficient and known a priori. In principle, adversarial APs should estimate the channel in the uplink training phase and utilize this information to precode the subsequent downlink pilot sequences in the downlink training phase in order to launch downlink PSAs. In the ensuing sections, we will go through these two steps in further detail.
As the first step, the adversarial APs employ uplink pilot sequences to assess their channel toward users because they are publicly available. Hence, the received pilot vector at the -th adversarial AP is given by
(10) |
Similar to (3), the -th adversarial AP calculates the channel coefficient of the -th user using the MMSE criterion, i.e.,
(11) |
Similar to that in legitimate communications, the uplink channel estimation error, defined as , is uncorrelated with . Moreover, it is derived that and , where .
In the second step, the adversarial APs exploit conjugate beamforming to precode and transmit downlink pilot sequences to users. It should be noted that using beamforming systems other than those used by legitimate APs could significantly complicate our analysis, which is not helpful for obtaining an in-depth understanding of the downlink PSA. As a result, conjugate beamforming is used and the received downlink pilot vector of the -th adversarial AP is given by
(12) |
where is the normalized transmit SNR of the downlink pilot of adversarial APs, and denotes the power allocation factor of the -th adversarial AP for transmitting . Since both the legitimate and adversarial APs send beamformed pilot sequences simultaneously and synchronously, then (6) is rewritten as
(13) |
where
and we use to denote in the presence of PSAs. It is important to note that the second component in (13) represents the interference from the adversarial APs.
The -th user estimates the downlink effective channel using (7), because it is unaware of the existence of the downlink PSA. Detection of the downlink PSA is beyond the scope of this paper. Because the expectations and covariances in (8) depend on known statistics, they can be calculated and stored in advance to facilitate channel estimation. Therefore, the received signal is the only source of uncertainty in (7). In the presence of the downlink PSA, can be rewritten as
(14) | ||||
where , and we use to denote in the presence of PSAs. By replacing with in (7), one can obtain the estimation result as
(15) |
where is the estimate of the effective downlink channel in the presence of the PSA. Comparing (7) with (15) leads to the discovery that except for , the other parameters remain unaltered because users are unaware that the received signals contain pilots sent by adversarial APs. However, this seemingly insignificant difference can have a significant impact on system performance.
Remark 1: Due to the existence of in , the channel estimation result includes not only the desired channel , but also the channel with respect to adversarial APs. We point out that simply boosting the transmit power of legal APs would not eliminate the interference. If users perform data decoding using the contaminated channel estimate, there could be a considerable loss in the achievable downlink rate. Additionally, adversarial APs may act in collusion to optimize the power allocation factor , and thus further reduce the downlink rate. Hence, the downlink PSA poses a severe threat to the security of cell-free mMIMO systems.
Remark 2: In addition to the aforementioned tactic, adversarial APs have a number of potential choices to impact legitimate communications. For example, adversarial APs can decide to just interfere with a subset of users rather than attacking all of them. This is achieved by setting in (12) if user is not targeted. For users who are being targeted, the attack may result in a significant rate loss and even outage. Besides, adversarial APs can attack not only the downlink training phase but also the downlink data transmission phase. By precoding random interference signals and sending them to users, the signal-to-interference-plus-noise ratio (SINR) of legitimate communications would be further degraded, as will be elaborated on in more depth later.
IV Downlink Achievable Rate Analysis and Power Allocation
IV-A Downlink Achievable Rate Analysis
In this section, we derive the per-user achievable downlink rate in the presence of downlink PSAs. During the downlink data transmission phase, each legitimate AP employs its estimated CSI to precode the payload data symbols. On the contrary, adversarial APs remain silent in this interval. With conjugate beamforming, the signal transmitted by the -th AP to all users is
(16) |
where is the normalized transmit SNR, denotes the transmit symbol for the -th user and we assume that . After channel propagation, the -th user receives a linear combination of signals transmitted by all legitimate APs, i.e.,
(17) | ||||
In what follows, the mutual information between the received signal and the transmitted symbol is exploited to derive the per-user achievable downlink rate.
Denoted by the estimation error of the effective channel in the presence of downlink PSAs. Then, can be written as
(18) |
As the linear MMSE method is adopted, the estimated channel and estimation error are uncorrelated. However, they are not independent because they are not Gaussian distributed. To derive the achievable downlink rate, the signal seen by the -th user in (17) is first rewritten as
(19) |
where denotes the effective noise. Since is of zero mean and unit variance, it follows that [19]
(20) | ||||
Then according to [21], the achievable downlink rate of user is computed by
(21) |
where
represents the received SINR of the -th user.
(26) |
The derivation of (21) is quite lengthy due to the complex form of shown in (15). As a result, we use approximations to simplify the derivation process. In particular, we note that is the sum of independent distributed random variables. Hence, it can be approximated as Gaussian variables as according to the Cramér central limit theorem, i.e.,
(22) | ||||
where , and denotes the convergence in distribution. A tight match between the empirical and Gaussian distributions was verified even for small in [19], supporting the validity of approximations in (22). Additionally, the imaginary part of is significantly smaller than its real counterpart and thus can be disregarded, that is, .
Given that follows a Gaussian distribution, we arrive that and are mutually independent. The same method can be used to demonstrate that any linear combination of and is asymptotically Gaussian-distributed (for large values of ). Thus, and are asymptotically joint Gaussian distributions. Therefore, the achievable downlink rate in (21) can be approximated to
(23) |
where
To obtain a closed-form expression of , we further approximate (23) by using the following relationship [22]
(24) |
where and are both non-negative random variables, but they are not required to be mutually independent. By applying (24) to (23), we obtain the following approximation
(25) |
After deriving the expectations in (25), the achievable downlink rate of the -th user in the presence of downlink PSAs can be obtained, which is shown in (26) on the top of this page, where
and indicates the SINR of user . The derivation of (26) is detailed in Appendix A.
Remark 3: For the achievable downlink rate, it is observed that the transmit SNR for payload symbols only exists in . As increases, the term quickly becomes negligible, proving that is independent of in this situation. Increasing the downlink transmit power, therefore, does not help mitigate the effect of the downlink PSA. The observation that users use , which has already been tainted by the downlink PSAs, to decode the payload symbols can be used to explain this result.
Remark 4: and are two key parameters relating to legitimate APs and adversarial APs, respectively. The intuition behind is that the larger is, the greater will be. This can be confirmed by noting that the numerator of in (26) is proportional to , while its denominator is proportional to . On the other hand, (26) can be transformed into
(27) |
Since and are independent of , is proportional to and is proportional to , thus (27) shows that increasing can reduce the achievable downlink rate. Also can be observed from (27), when is sufficiently large, it holds that , where the expectation is taken with respect to . Since is proportional to , then the achievable downlink rate is a decreasing function of . The rationale is straightforward, the greater the number of adversarial APs is, the lower the achievable downlink rate will be.
IV-B Power Allocation from the Perspective of Adversarial APs
The downlink PSA’s ability to dramatically lower the achievable downlink rate has been proven. Additionally, adversarial APs can collude to lower the system’s maximum achievable downlink rate by optimizing the power allocation parameters during the downlink training phase.
Since minimizing the maximum of is equivalent to minimizing the maximum of , we utilize (26) to construct the min-max optimization problem, i.e.,
(28) | ||||
Let’s define , then OP1 can be transformed into
(29) | ||||
As OP1.1 is quasiconcave, the bisection method can be used to resolve this problem. Towards this end, we first formulate the following equivalent problem by introducing an auxiliary variable , i.e.,
(30) | ||||
where