Reconfigurable Intelligent Surface Assisted Key Generation Resistant to Signal Injection Attacks
-
摘要: 该文针对智能超表面(RIS)辅助下的密钥生成技术,从攻击与防御双视角开展研究。首先,基于攻击方视角提出了一种改进的联合密钥推测攻击策略,主动窃听者可结合注入信号和信道空间相关性进行联合密钥推测,显著加剧密钥生成过程的安全威胁;其次,从防御方视角提出了一种利用RIS随机化信道的抗注入式攻击密钥生成方案,合法用户通过调控RIS,在每个探测回合中主动随机化信道状态信息,迫使窃听者无法有效实施信号注入式攻击,从而降低密钥泄露风险并抑制密钥推测概率;进一步地;推导了该方案合法信道密钥容量和窃听信道密钥容量的理论表达式,定量分析了信噪比和窃听信道功率占比对合法信道密钥容量和窃听信道密钥容量的影响。仿真结果表明,相比现有方案,所提方案在克服准静态场景信道变化缓慢的基础上,提升了密钥生成系统的安全性。即使窃听者增大注入信号功率,窃听信道的密钥容量也呈现基本不变的趋势,有效抵御了信号注入式攻击的威胁。Abstract:
Objective This study examines the potential threat of signal injection attacks to Physical Layer Key Generation (PLKG) in Reconfigurable Intelligent Surface (RIS)-assisted wireless systems. The threat is especially pronounced in quasi-static channels, where the channel state remains highly correlated across multiple probing rounds. From both attack and defense perspectives, the study clarifies how spatial correlation between RIS reflection channels and eavesdropping channels can be exploited to improve key inference. A channel-randomization mechanism is designed that uses the controllability of RIS to suppress key leakage, reduce the eavesdropper’s key capacity, and improve the security of RIS-assisted PLKG in future 6G scenarios. Quantitative analysis further examines the relationships among injection power, Signal-to-Noise Ratio (SNR), and spatial correlation. These results provide reference guidance for robust RIS configuration and secure system design. Methods A RIS-assisted Time-Division Duplex (TDD) system is considered. Single-antenna Alice and Bob generate symmetric keys from a reciprocal channel, whereas a two-antenna active eavesdropper, Eve, injects signals using previously observed Channel State Information (CSI) (Fig. 1). The links follow quasi-static Rayleigh block fading. CSI for Alice, Bob, and Eve is defined for each time slot within a coherence interval. A conventional injection attack is first modeled. Eve estimates the eavesdropping channel in one slot, precodes an injected waveform, and contaminates the subsequent probing at Alice and Bob, partially steering their key source. A joint key inference strategy is then proposed. This strategy exploits the spatial correlation between RIS reflection channels and eavesdropping channels, as well as the common RIS-induced subchannel shared by legitimate and eavesdropping links (Table 1). As a defense, a channel-randomization PLKG scheme is proposed. Alice randomly reconfigures RIS coefficients at each probing round. Therefore, the effective channels of Alice–Bob, Alice–Eve, and Bob–Eve vary independently across rounds, whereas Alice–Bob reciprocity within a single round is preserved. Injection signals precoded with outdated CSI therefore appear as uncorrelated interference at the legitimate nodes. Mutual-information-based bounds on secret-key capacity are derived to obtain key capacities. The eavesdropper’s Key Recovery Rate (KRR) is defined for performance evaluation. The theoretical results are validated through MATLAB Monte Carlo simulations with 10,000 trials using an information-theoretic estimator toolbox. The simulations examine different SNR levels, injection power values, and spatial correlation conditions (Figs. 2$ \sim $5, Table 2). Results and Discussions Analysis of the conventional injection attack without RIS defense shows that at high SNR, Alice and Bob observe nearly identical reciprocal channels due to channel reciprocity. Eve’s estimate, derived from injected signals, follows a similar trend but shows noticeable mismatch (Fig. 2). Eve can therefore recover some key bits, although errors remain, and the KRR remains moderate. When the proposed joint key inference strategy is applied, Eve’s reconstructed channel more closely matches the legitimate response (Fig. 3). This effect arises because RIS-assisted PLKG causes legitimate and eavesdropping links to share an RIS-induced subchannel. The resulting spatial correlation provides additional exploitable information beyond the known injected signal. Therefore, Eve’s key capacity and KRR increase significantly, which indicates a stronger RIS-specific security threat. At fixed SNR (Fig. 4), Eve’s key capacity without defense increases rapidly with injection power and may approach or exceed the legitimate key capacity. Under RIS randomization, the legitimate capacity decreases slightly, whereas Eve’s capacity remains small and nearly constant. This result indicates that randomization converts structured injection signals into noise. Spatial-correlation analysis in Fig. 5 shows that Eve’s capacity without defense increases rapidly and becomes critical as correlation approaches one. In contrast, under RIS randomization the increase is gradual, and the capacity may remain near zero at moderate correlation levels. Table 2 confirms these trends in terms of KRR. The KRR is about 50% without correlation and injection. It increases to about 62.5% when injection is applied but spatial correlation is zero, whereas the defense keeps the value close to random guessing. When spatial correlation and injection power are higher, the KRR exceeds 80%. The proposed defense reduces this value to approximately 57%–66%. Conclusions This study examines the dual role of RIS in PLKG security. RIS can increase vulnerability but can also serve as an effective defensive mechanism. By exploiting the correlation between RIS reflection channels and eavesdropping channels, a joint key inference attack is developed that increases the eavesdropper’s key capacity and recovery rate compared with conventional injection attacks. This result reveals a new attack vector in RIS-assisted systems. A channel-randomization PLKG scheme is then proposed by exploiting the dynamic controllability of RIS. The scheme shortens the effective coherence time to a single probing round and decorrelates successive channel realizations from the attacker’s perspective. Theoretical analysis and Monte Carlo simulations show that the proposed scheme converts malicious injection signals into uncorrelated interference, reduces the eavesdropping key capacity, and pushes the eavesdropper’s KRR close to random guessing. This property remains effective even under high SNR, strong spatial correlation, and high injection power. The scheme achieves these security improvements with low hardware overhead compared with reconfigurable antenna-based solutions, because RIS devices are expected to serve as infrastructure elements in future 6G networks. The results provide guidance for the secure design of RIS-assisted PLKG systems and suggest that the controllable characteristics of RIS should be used for both performance improvement and security protection. -
表 1 信号注入式攻击时隙分配对比
攻击方案 相干时间 Eve操作 是否进行密钥推测 推测依据 信号注入式攻击 时隙$ t $ 观测窃听信道 否 无 时隙$ t+1 $ 进行信号注入 是 注入信号 本文方案 时隙$ t $ 观测窃听信道 是 窃听信道 时隙$ t+1 $ 进行信号注入 是 窃听信道+注入信号 
下载: 导出CSV
表 2 不同条件下的密钥恢复率
随机密钥推测 经典密钥推测 改进联合推测 RIS抵御联合推测 $ \rho =0 $; $ {P}_{\text{E}}=0 $ 0.4999 0.4995 0.5027 0.4996 $ \rho =0 $; $ {P}_{\text{E}}=1 $ 0.5010 0.6250 0.6256 0.5009 $ \rho =0.4 $; $ {P}_{\text{E}}=5 $ 0.4986 0.6816 0.7462 0.5746 $ \rho =0.8 $; $ {P}_{\text{E}}=10 $ 0.4996 0.7152 0.8485 0.6573
下载: 导出CSV
-
[1] 杨立君, 陈子硕, 陆海涛, 等. RIS辅助通信场景中一种基于展开信道的物理层密钥生成方法[J]. 电子与信息学报, 2025, 47(2): 449–457. doi: 10.11999/JEIT240988.YANG Lijun, CHEN Zishuo, LU Haitao, et al. An unfolded channel-based physical layer key generation method for reconfigurable intelligent surface-assisted communication systems[J]. Journal of Electronics & Information Technology, 2025, 47(2): 449–457. doi: 10.11999/JEIT240988. [2] 杨立君, 孔文杰, 陆海涛, 等. 原子空间稀疏分解驱动的RIS辅助毫米波MIMO系统密钥生成机制[J]. 电子与信息学报, 2025, 47(4): 1066–1075. doi: 10.11999/JEIT240885.YANG Lijun, KONG Wenjie, LU Haitao, et al. A key generation method based on atomic norm minimization for reconfigurable intelligent surface-assisted millimeter wave MIMO communication systems[J]. Journal of Electronics & Information Technology, 2025, 47(4): 1066–1075. doi: 10.11999/JEIT240885. [3] KAPETANOVIC D, ZHENG Gan, and RUSEK F. Physical layer security for massive MIMO: An overview on passive eavesdropping and active attacks[J]. IEEE Communications Magazine, 2015, 53(6): 21–27. doi: 10.1109/MCOM.2015.7120012. [4] JAKES W C and COX D C. Microwave Mobile Communications[M]. New York: Wiley-IEEE Press, 1994: 60–65. [5] LI Guyue, STAAT P, LI Haoyu, et al. RIS-jamming: Breaking key consistency in channel reciprocity-based key generation[J]. IEEE Transactions on Information Forensics and Security, 2024, 19: 5090–5105. doi: 10.1109/TIFS.2024.3389569. [6] LI Guyue, HU Lei, STAAT P, et al. Reconfigurable intelligent surface for physical layer key generation: Constructive or destructive?[J]. IEEE Wireless Communications, 2022, 29(4): 146–153. doi: 10.1109/MWC.007.2100545. [7] WEI Zhuangkun, HU Wenxiu, ZHANG Junqing, et al. Explainable adversarial learning framework on physical layer key generation combating malicious reconfigurable intelligent surface[J]. IEEE Transactions on Wireless Communications, 2025, 24(4): 3529–3545. doi: 10.1109/TWC.2025.3531799. [8] PHAM T M, MITEV M, CHORTI A, et al. Pilot randomization to protect MIMO secret key generation systems against injection attacks[J]. IEEE Wireless Communications Letters, 2023, 12(7): 1234–1238. doi: 10.1109/LWC.2023.3268714. [9] XIA Enjun, HU Binjie, and SHEN Qiaoqiao. Secret key generation with intelligent reflecting surface under the pilot contamination attack[J]. IEEE Wireless Communications Letters, 2024, 13(1): 213–217. doi: 10.1109/LWC.2023.3325361. [10] TAN Haijun, LI Zhuoyuan, XIE Ning, et al. Detection of jamming attacks for the physical-layer authentication[J]. IEEE Transactions on Wireless Communications, 2023, 22(12): 9579–9594. doi: 10.1109/TWC.2023.3272337. [11] EBERZ S, STROHMEIER M, WILHELM M, et al. A practical man-in-the-middle attack on signal-based key generation protocols[C]. 17th European Symposium on Research in Computer Security, Pisa, Italy, 2012: 235–252. doi: 10.1007/978-3-642-33167-1_14. [12] JIN Rong and ZENG Kai. Physical layer key agreement under signal injection attacks[C]. 2015 IEEE Conference on Communications and Network Security (CNS), Florence, Italy, 2015: 254–262. doi: 10.1109/CNS.2015.7346835. [13] MITEV M, CHORTI A, BELMEGA E V, et al. Man-in-the-middle and denial of service attacks in wireless secret key generation[C]. 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, USA, 2019: 1–6. doi: 10.1109/GLOBECOM38437.2019.9013816. [14] MITEV M, CHORTI A, BELMEGA E V, et al. Protecting physical layer secret key generation from active attacks[J]. Entropy, 2021, 23(8): 960. doi: 10.3390/e23080960. [15] PAN Yanjun, XU Ziqi, LI Ming, et al. Man-in-the-middle attack resistant secret key generation via channel randomization[C]. The 22nd International Symposium on Theory, Algorithmic Foundations, and Protocol Design for Mobile Networks and Mobile Computing, Shanghai, China, 2021: 231–240. doi: 10.1145/3466772.3467052. [16] 唐杰, 文红, 宋欢欢, 等. 基于智能反射表面辅助的MIMO无线通信密钥快速生成[J]. 电子与信息学报, 2022, 44(7): 2264–2272. doi: 10.11999/JEIT210442.TANG Jie, WEN Hong, SONG Huanhuan, et al. MIMO fast wireless secret key generation based on intelligent reflecting surface[J]. Journal of Electronics & Information Technology, 2022, 44(7): 2264–2272. doi: 10.11999/JEIT210442. [17] YANG Lijun, ZHU Tiancheng, CHEN Zishuo, et al. Secret key generation assisted by reconfigurable intelligent surfaces for quasi-static channel[C]. 2023 IEEE Globecom Workshops (GC Wkshps), Kuala Lumpur, Malaysia, 2023: 1856–1861. doi: 10.1109/GCWkshps58843.2023.10464734. [18] 马向进, 韩家奇, 乐舒瑶, 等. 可重构智能超表面设计及其无线通信系统应用[J]. 无线电通信技术, 2022, 48(2): 258–268. doi: 10.3969/j.issn.1003-3114.2022.02.008.MA Xiangjin, HAN Jiaqi, YUE Shuyao, et al. Reconfigurable intelligent metasurface design and applications in wireless communication systems[J]. Radio Communications Technology, 2022, 48(2): 258–268. doi: 10.3969/j.issn.1003-3114.2022.02.008. [19] LI Guyue, SUN Chen, XU Wei, et al. On maximizing the sum secret key rate for reconfigurable intelligent surface-assisted multiuser systems[J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 211–225. doi: 10.1109/TIFS.2021.3138612. [20] MATHUR S, TRAPPE W, MANDAYAM N, et al. Radio-telepathy: Extracting a secret key from an unauthenticated wireless channel[C]. The 14th ACM International Conference on Mobile Computing and Networking, San Francisco, USA, 2008: 128–139. doi: 10.1145/1409944.1409960. [21] THAI B N, TIEN T N, MINH K D, et al. Reconfigurable intelligent surfaces: A hardware-centric review of structures, implementation, evaluation, and integration with UAV and machine learning[J]. IEEE Access, 2025, 13: 96564–96588. doi: 10.1109/ACCESS.2025.3575583. [22] MAURER U M. Secret key agreement by public discussion from common information[J]. IEEE Transactions on Information Theory, 1993, 39(3): 733–742. doi: 10.1109/18.256484. [23] ROTTENBERG F, NGUYEN T H, DRICOT J M, et al. CSI-based versus RSS-based secret-key generation under correlated eavesdropping[J]. IEEE Transactions on Communications, 2021, 69(3): 1868–1881. doi: 10.1109/TCOMM.2020.3040434. [24] SZABÓ Z. Information theoretical estimators toolbox[J]. The Journal of Machine Learning Research, 2014, 15(1): 283–287. -
图(5) / 表(2)
计量
- 文章访问数: 79
- HTML全文浏览量: 65
- PDF下载量: 5
- 被引次数: 0
下载:
