Man-in-the-middle Pilot Attack for Physical Layer Authentication

Shaoyu WANG; Kaizhi HUANG; Xiaoming XU; Keming MA; Yajun CHEN

doi:10.11999/JEIT200831

Volume 43 Issue 11

Nov. 2021

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2021 > 43(11): 3141-3148

Shaoyu WANG, Kaizhi HUANG, Xiaoming XU, Keming MA, Yajun CHEN. Man-in-the-middle Pilot Attack for Physical Layer Authentication[J]. Journal of Electronics & Information Technology, 2021, 43(11): 3141-3148. doi: 10.11999/JEIT200831

Citation:

Shaoyu WANG, Kaizhi HUANG, Xiaoming XU, Keming MA, Yajun CHEN. Man-in-the-middle Pilot Attack for Physical Layer Authentication[J]. Journal of Electronics & Information Technology, 2021, 43(11): 3141-3148. doi: 10.11999/JEIT200831

Citation:

PDF( 3323 KB)

Man-in-the-middle Pilot Attack for Physical Layer Authentication

doi: 10.11999/JEIT200831

Information Engineering University, Zhengzhou 450001, China

Funds: The National Natural Science Foundation of China (61701538, 61871404, 61521003)

Received Date: 2020-09-25
Rev Recd Date: 2021-10-15

Available Online: 2021-10-20

Publish Date: 2021-11-23

Abstract

Abstract

The existing physical layer authentication mechanism relies on the privacy of the legitimate channel. Once the attacker can manipulate or obtain legitimate channel information, the physical layer authentication mechanism will face the threat of being compromised. To overcome the above-mentioned shortcomings, a Man-In-The-Middle (MITM) pilot attack method is proposed, which attacks the physical layer authentication mechanism by controlling the channel measurement process of the legitimate parties. Firstly, the man-in-the-middle pilot attack system is modeled, and a progressive and non-sense access strategy for MITM pilot attack is given. This strategy allows the attacker to access smoothly legitimate communication. After the attacker accesses successfully, he can launch attacks on two basic physical layer authentication mechanisms: For CSI-based comparative authentication mechanisms, denial of service attacks and counterfeit access attacks can be implemented; For the CSI-based encryption authentication mechanism, the channel information can be stolen, thereby further cracking the authentication vector. This attack method is suitable for general public pilot wireless communication systems, and requires the attacker to be able to synchronize the pilot sending process of the legitimate two parties. Simulation analysis verifies the effectiveness of multiple attack methods such as the progressive and non-sense access strategy, denial of service attack, counterfeit access attack, or cracking authentication vector.
- Physical layer authentication,
- Man-In-The-Middle (MITM) pilot attack,
- Authentication attack

FullText(HTML)

References(16)

References

[1]	WU Yongpeng, KHISTI A, XIAO Chengshan, et al. A survey of physical layer security techniques for 5G wireless networks and challenges ahead[J]. IEEE Journal on Selected Areas in Communications, 2018, 36(4): 679–695. doi: 10.1109/JSAC.2018.2825560
[2]	XIAO Liang, GREENSTEIN L, MANDAYAM N, et al. A physical-layer technique to enhance authentication for mobile terminals[C]. IEEE International Conference on Communications, Beijing, China, 2008: 1520–1524.
[3]	XIAO Liang, GREENSTEIN L, MANDAYAM N, et al. MIMO-assisted channel-based authentication in wireless networks[C]. 2008 42nd Annual Conference on Information Sciences and Systems, Princeton, USA, 2008: 642–646.
[4]	XIAO Liang, GREENSTEIN L J, MANDAYAM N B, et al. Using the physical layer for wireless authentication in time-variant channels[J]. IEEE Transactions on Wireless Communications, 2008, 7(7): 2571–2579. doi: 10.1109/TWC.2008.070194
[5]	SHAN Dan, ZENG Kai, XIANG Weidong, et al. PHY-CRAM: Physical layer challenge-response authentication mechanism for wireless networks[J]. IEEE Journal on Selected Areas in Communications, 2013, 31(9): 1817–1827. doi: 10.1109/JSAC.2013.130914
[6]	WEN H, HO P H, QI C, et al. Physical layer assisted authentication for distributed ad hoc wireless sensor networks[J]. IET Information Security, 2010, 4(4): 390–396. doi: 10.1049/iet-ifs.2009.0197
[7]	YANG Jing, JI Xinsheng, HUANG Kaizhi, et al. Unified and fast handover authentication based on link signatures in 5G SDN-based HetNet[J]. IET Communications, 2019, 13(2): 144–152. doi: 10.1049/iet-com.2018.5405
[8]	季新生, 杨静, 黄开枝, 等. 基于哈希方法的物理层认证机制[J]. 电子与信息学报, 2016, 38(11): 2900–2907. doi: 10.11999/JEIT160007 JI Xinsheng, YANG Jing, HUANG Kaizhi, et al. Physical layer authentication scheme based on hash method[J]. Journal of Electronics &Information Technology, 2016, 38(11): 2900–2907. doi: 10.11999/JEIT160007
[9]	ZHOU Xiangyun, MAHAM B, and HJORUNGNES A. Pilot contamination for active eavesdropping[J]. IEEE Transactions on Wireless Communications, 2012, 11(3): 903–907. doi: 10.1109/TWC.2012.020712.111298
[10]	HUANG Yu, LIANG Jin, WEI Hongquan, et al. Pilot contamination with MITM attack[C]. 2017 IEEE 85th Vehicular Technology Conference (VTC Spring), Sydney, Australia, 2017: 1–7.
[11]	XIONG Qi, LIANG Yingchang, LI K H, et al. An energy-ratio-based approach for detecting pilot spoofing attack in multiple-antenna systems[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(5): 932–940. doi: 10.1109/TIFS.2015.2392564
[12]	TUGNAIT J K. Detection and identification of spoofed pilots in TDD/SDMA systems[J]. IEEE Wireless Communications Letters, 2017, 6(4): 550–553. doi: 10.1109/LWC.2017.2715814
[13]	LIU Xiaoming, LI Bin, CHEN Hongbin, et al. Detecting pilot spoofing attack in MISO systems with trusted user[J]. IEEE Communications Letters, 2019, 23(2): 314–317. doi: 10.1109/LCOMM.2018.2889491
[14]	COVER T M and THOMAS J A. Elements of Information Theory[M]. New York: Wiley-Interscience, 1991: 1–6.
[15]	SZABÓ Z. Information theoretical estimators toolbox[J]. Journal of Machine Learning Research, 2014, 15(9): 283–287.
[16]	HUANG Yu, JIN Liang, WEI Hongquan, et al. Fast secret key generation based on dynamic private pilot from static wireless channels[J]. China Communications, 2018, 15(11): 171–183. doi: 10.1109/CC.2018.8543098