A Novel Pilot Spooﬁng Scheme via Intelligent Reﬂecting Surface Based On Statistical CSI

—Pilot spooﬁng attack brings challenges to the physical layer secure transmission. However, since the inherent characteristics of wireless environment have not changed, active eavesdropping can be detected based on prior information. Intelligent reﬂecting surface (IRS), with the real-time programmable characteristics for wireless environment, provides new possibilities for effective pilot spooﬁng. In this paper, the IRS is deployed near the legitimate users and the control strategy is embeded into the legitimate communication process under time-division duplex (TDD) mode to assist eavesdroppers to implement pilot spooﬁng. By designing different phase shifts at the IRS during the uplink phase and downlink phase, the channel reciprocity between uplink and downlink disappears, and thus secure beamforming vector is biased towards the eavesdropper. Furthermore, in order to obtain more information, the average secrecy rate minimization based on statistical channel state information is established by carefully designing the phase shifts. The formulated problem is non-trivial to solve. By using alternating optimization and Charnes-Cooper transformation technique, the original problem is transformed into convex form and a sub-optimal solution is achieved. Finally, simulation results show that our proposed scheme poses serious secure threat without any energy footprint especially for TDD systems.


I. INTRODUCTION
R ECENTLY, the openness of wireless communication provides high-speed data transmission for our daily lifes, while it also brings the risk of information being eavesdropped. As a complement to conventional cryptographic techniques, physical layer security (PLS) technology, which exploits the channel differences between different users to realize secure communication, has attracted growing attention [1]. Specifically, secure beamforming (SB) technique, which exploits multiple antennas to enhance the signal quality at the legitimate users and degrade the signal quality at the eavesdroppers, is a well-known approach. Moreover, with the application of 5G, massive multiple-input multiple-output technology is proposed, which can provide more spatial degrees of freedom to improve secrecy capacity.
However, there exist some shortcomings for this technology, which may be utilized by malicious users. As we know, accurate channel state information (CSI) is an essential prerequisite in designing SB vectors. Different from passive eavesdropper, which only wiretaps information, active eavesdropper can attack the channel training phase of legitimate links to improve wiretapping performance, which is a serious threat especially for time-division duplex (TDD) systems. In a TDD system, the process of obtaining downlink CSI is briefly descripted as follows: the legitimate receiver (LR) transmits pilot symbols to the legitimate transmitter (LT) during uplink training phase. Then, in order to reduce the interaction overhead, the estimated uplink channel is regarded as the downlink channel by exploiting reciprocity at a coherent time, and SB vector based on this CSI is designed and utilized to transmit the confidential message to the LR. If an eavesdropper attacks the uplink training phase by transmitting the same pre-designed training sequence as the LR, the estimated channel obtained at the LT is a weighted combination of the legitimate channel and the wiretap channel. Based on this faked CSI, the beam formed by the LT will be oriented towards both the LR and the eavesdropper, which results in severe signal leakage. In [2], the authors first propose this active eavesdropping method and name it as pilot spoofing attack (PSA). Then its severe consequences are analyzed. In [3], a PSA approach carried out by multiple eavesdroppers is investigated in a TDD system. And during the uplink channel training phase, multiple Eves collaboratively impair the channel acquisition of the legitimate link, aiming at maximizing the wiretapping signalto-noise ratio in the subsequent downlink data transmission phase. Two different scenarios are investigated: one is that the BS is unaware of the PSA, and the other is that the BS attempts to detect the presence of the PSA. Moreover, the PSA detection scheme is also investigated. In [4], the authors formulats the PSA detection as a binary hypothesis testing problem, and the likelihood ratio based on the energy of the received signal is used as the detection statistic. In [5], under the same pilot allocation protocol, the authors respectively propose a random channel training scheme and a jamming-resistant scheme employing an unused pilot sequence to combat the pilot contamination attack and maintain secure communication. The reasons that these detection methods work rely on a key assumption: the received combination pilot signal contains the channel characteristics of eavesdroppers, which LT can use some methods to distinguish. Further, from the internal reasons, the conventional pilot spoofing attack does not really change the reciprocity of the uplink and downlink channels. To fundamentally avoid being detected by legitimate users, a novel attack method which can reconstruct the wireless communication environment in real time and change the reciprocity characteristics should be considered.
Meanwhile, Intelligent reflecting surface (IRS), which can reconstruct wireless propagation environment, has been viewed as an appealing technology for 6G networks [6]. IRS is a planar array consisting of masssive number of low-cost passive elements and each element can tune the reflection coefficients on the incident signal independently whereby the reflected signal can be enhanced or weakened at given users. Besides, the state switching time at each unit can be low to the order of microsecond (µs) [7], which is much smaller than the typical channel coherence time that is on the order of millisecond (ms), and thus IRS is well suited for mobile applications for time-varying channels. Therefore, IRS has been investigated in various applications such as coverage extension [8], physical layer security [9] [10], energy efficiency improvement [11], and so on. However, few literatures consider reverse application, where IRS is utilized for enhancing eavesdropping. In [12], the IRS is utilized as a jammer to sabotage the legitimate communication system without any energy footprint. While, these works just simply consider deploying the IRS around the LT or the LR, and tune the phase shifts according to instantaneous CSI.
Actually, due to the openness of the communication protocol, the control strategy of the IRS can be seamlessly embedded in the protocol and change the reciprocity of the uplink and downlink channels, which may bring new threat to legal communication. Moreover, with massive low-cost passive reflecting elements, more design parameters brought by IRS can be utilized to moderate link quality and the problem is usually intractable. To the best of our knowledge, by far there is few work that considers IRS-aided pilot spoofing scenario. Motived by above, a novel adverse application of IRS is investigated for enhancing eavesdropping performance. The control protocol of the IRS is designed to make LT misestimate the channel during uplink phase and the eavesdropper overhear signal more clearly during downlink phase. Consequently, this novel active attack can lead to information leakage without leaving any energy footprint, which is very difficult to detect and defend. Our main contributions are summarized as follows: 1) A novel pilot attack scheme in a three-node model with the aid of the IRS is proposed. In this model, the IRS is covertly deployed the LT and remotely controlled by the eavesdropper. During uplink phase and downlink phase, the phase shifts at the IRS are different, and thus the downlink CSI estimated by the LT is different from the actual downlink CSI, the designed SB vector will be shifted from LR. Furthermore, by carefully predesigning the phase shifts, more information can be leaked to the eavesdropper. 2) The average secrecy rate minimization problem based on statistical CSI is formulated and solved. Since instantaneous information is difficult to obtain for eavesdroppers, the average secrecy rate is considered as the performance metric and the optimization problem is established by jointly designing phase shifts at the uplink phase and downlink phase. First, the approximate expression of the problem is derived, then non-convex problem is efficiently solved by exploiting alternating optimization algorithm and Charnes-Cooper transformation method. Moreover, the computational complexity is analyzed. 3) Numerical results show the impact of parameters on system performance, such as the transmit power, the transmit antennas and the Rician factor. Compared with the existing pilot spoofing schemes, our proposed scheme can significantly degrade security performance. As the number of transmit antennas increases, security threat brought by IRS will not be weakened. If the eavesdropper belongs to a malicious user in the system, more serious security threat will be brought due to more accurate CSI. Moreover, when the number of low cost reflecting units increases, the secresecurity performance can be further cut down, which illustrates the advantages of the solution. The remainder of this paper is organized as follows. Section II proposes and analyzes the pilot spoofing attack scheme via IRS. Section III establishes the optimization problem model and solves the optimization problem. Section IV provides the simulation results. Section V gives conclusions and future work.

A. The proposal of the Scheme
As depicted in Fig.1, we consider a three-node pointto-point communication model, where the transmitter Alice communicates with the receiver Bob under TDD mode, and the eavesdropper Eve tries to overhear the signal. Alice is equipped with M a antennas, where M a > 1, while Bob and Eve is equipped with single antenna, respectively. Meanwhile, one IRS is deployed near Alice and is controlled remotely by Eve through a private wireless channel. The IRS is composed of N reflecting units and Φ = diag(e jθ1 , e jθ2 , · · · e jθN ) is denoted as the reflection coefficient matrix at the IRS, where θ n ∈ [0, 2π] denotes the phase shift on the incident signal at its nth element. Suppose that there exist some low-power sensors integrated into the IRS and the reflected CSI can be probed by these sensors [13] [14]. Different from [2], where Eve sends jamming pilot sequence during the uplink pilot phase to induce Alice to obtain the false uplink CSI, in this model, Eve controls the IRS remotely to change its phase shifts several times in a coherent time to conduct pilot spoofing attack. The specific implementation process is shown in Fig.2.
1)Silent stage Alice and Bob communicate normally, while Eve keeps silent and only tries to establish synchronization with legitimate users. Although the received signal by Eve is too weak to decode information, timing synchronization is easy to be found by Eve after a long time capture due to the open communication protocol.
2)Eavesdropping stage xBefore Bob begins to send the uplink pilot, Eve turns on the IRS and sets the uplink phase shifts at the IRS. Then during the uplink pilot slot, Bob sends the pilot to Alice, and then Alice estimates the uplink CSI after receiving the pilot.  In this case, the estimated CSI includes the direct path and the reflected path from Alice to Bob, as shown in Fig.1 (a). Then due to the channel reciprocity between the uplink and the downlink, Alice utilizes the uplink probed CSI as the downlink CSI, and designs the SB vector.
yIn the uplink data slot, Bob sends uplink data to Alice. Alice performs channel equalization and information decoding.
At this time, the phase shifts are maintained.
zBefore Alice starts to send downlink data, Eve sets the downlink phase shifts at the IRS. In the downlink phase, Alice performs secure beamforming to send confidential signal, as shown in Fig.1(b), while Eve tries to overhear data.
As can be seen from the above process, if the phase shifts is set differently at the uplink phase and downlink phase, the channel reciprocity disappears. Then the uplink CSI probed by Alice is no longer consistent with the actual downlink CSI. Since the SB vector is designed based on the uplink CSI, the downlink beam cannot be aligned with Bob, resulting in information leakage. At the same time, by carefully designing the phase shifts at different stage, the beam can be adjusted to Eve, and more information is leaked to Eve, thus degrading the security performance.

B. The analysis of the Scheme
The physical layer secure transmission technology constructs endogenous security based on location-based wireless environment differences, while the proposed scheme utilizes the agility characteristics of IRS to reconfigure the wireless environment to combat physical layer security technique. Compared with the existing pilot spoofing methods, our scheme has the following advantages: 1) It is easy to imagine trying to find a similar way to replace IRS to change the wireless environment, for example, deploying controllable mirrors or moving small objects to perform different actions during the uplink or downlink slot. These methods seems theoretically feasible. However, compared with IRS, there exist two problems. Firstly, precise timing control is difficult to realize, especially for high speed transmission. To achieve synchronization, a complex mechanical control structure is required, while for the IRS, only a micro-controller is needed. Secondly, the IRS can change the phase of the incident signal and by designing the optimal reflection coefficients, the difference between uplink and downlink channel can be maximized to satisfy eavesdropping requirement. However, the channels reconstructed by other objects are uncontrollable. There is no guarantee that the transmit beam is deflected towards the eavesdropper, and it may even lead to receiving worse signal for the eavesdropper.
2) For traditional pilot spoofing methods, the pilot sent by the eavesdropper contains statistical CSI based on its location, and some detection methods are developed which can detect such an attack based on these prior information. For our proposed scheme, since the control strategy of the IRS is seamlessly embedded in the legitimate communication process, legitimate users working in TDD mode cannot perceive the difference between uplink channel and downlink channel, and the received pilot signal contains nothing about eavesdropper's location information, which makes existing detection methods invalid.
3) Additional energy consumption is required for sending pilot sequence, which is not conducive to the concealment of eavesdropping. While, due to the passive nature of the IRS, our solution does not require energy consumption except for its own state switching, which further increases the difficulty of detection. Therefore, our scheme provides new opportunities for implementing more effective pilot spoofing. Moreover, it is worth studying to maximizing eavesdropping capability under this scheme, which will be discussed in the following section.

A. Problem Formulation
In this section, we consider exploiting the IRS to construct the difference between the uplink and downlink channels which is beneficial to the eavesdropper. The three node signal model with IRS is firstly analyzed. All the channels are respectively expressed as follows: the channel from Alice to Bob is consist of a direct channel and a reflection channel, where the direct channel is denoted by h H ab ∈ C 1×Ma , and the reflection channel is consist of two parts, the channel from Alice to IRS is denoted by H H ar ∈ C N ×M , the channel from IRS to Bob is denoted by h H rb ∈ C 1×N . Similarly, the channel from Alice to Eve is consist of the reflection channel and the direct channel, where the direct channel is denoted by h H ae ∈ C 1×Ma , and the reflection channel is consist of two parts, the channel from Alice to IRS H H ar , the channel from IRS to Eve is denoted by h H re ∈ C 1×N . In the uplink phase, Eve turns on the IRS and sets the phase shifts as Φ 1 , then the uplink CSI estimated by Alice is expressed as With the probed CSI h H abu , the downlink transmit SB vector is designed based on the MRT criterion and is given by where P t denotes the transmit power at Alice. In the downlink phase, Eve sets the phase shifts as Φ 2 , then the received signal at Bob is expressed as: where n b ∼ CN (0, σ 2 0 ) is the additive Gaussian white noise (AWGN) at Bob. And the actual downlink CSI is given by: Then the signal-to-interference-plus noise ratio (SINR) at Bob can be derived as From (3)-(5), we can see that due to the inconsistency between Φ 1 and Φ 2 , the downlink CSI perceived by Alice is misleading and the SINR obtained by Bob is not the optimal.
Further, the received signal at Eve is expressed as where n e denotes the AWGN at Eve. The corresponding SINR at Eve is derived as: Then the system secrecy rate is written as Therefore, in order to overhear more information, our goal is to minimize the secrecy rate by carefully designing the reflection coefficients Φ 1 and Φ 2 . Hence, the optimization problem can be established as However, directly designing the reflection coefficient matrix based on instantaneous CSI in problem (9) seems impractical. There exist two reasons. One reason is that during the uplink phase, channel estimation has not conducted, and the eavesdropper cannot obtain instantaneous channel information in advance, thus the reflection coefficient matrix Φ 1 and Φ 2 cannot be designed. The other reason is that Eve eavesdrops on the communication channel passively, and it is relatively difficult to obtain the CSI of each channel in the system, especially for the channel from Alice to Bob. The methods to obtain the global instantaneous CSI are depicted in [15] [16], which need excessive ability requirements. While, after long-term observation, it is reasonable that statistical CSI of each channel can be obtained by Eve. Hence, average secrecy rate as a performance metric is considered and the orginal optimization problem can be transformed to minimize average secrecy rate, which is re-expressed as Note that with statistical CSI, the phase shifts of the uplink phase and the downlink phase can be computed in advance, and set at the corresponding stage. And when the statistical characteristics of channels change, the phase shifts need to be updated. In this way, the required channel estimation capability for eavesdropper is relatively low.
Further, it is hard to obtain closed-form solution for problem (10). Fortunately, according to the theorem in [17], an approximate expression can be obtained In this paper, a typical quasi-static Rician fading environment is considered. The channel between node i to node j is modeled as h ij = L 0 d −cij ij g ij , where L 0 denotes the path loss at the reference distance d 0 = 1m, d ij denotes the distance from i to j, and c ij denotes the corresponding path loss exponent. Besides, the small-scale fading component g ij is given by where β ij denotes the Rician factor, g LOS ij and g NLOS ij represent the line-of-sight (LoS) and non-LoS (NLoS) components, respectively.
Therefore, the direct channel from Alice to Eve is reexpressed as h ae =h ae +h ae (13) whereh  (14) and (15).
After strict derivation, the expectation operation can be removed and the orginal problem can be rewritten as (16a) Further, with the monotonicity of logarithmic function, the orginal problem can be rewritten as miñ v1,ṽ2 It is worth noting that due to the non-concave fractional constraints as well as the coupling variables and unit-modulus constraints, problem (18) is non-convex and intractable. In the following section, an efficient algorithm is developed to find a near optimal solution.

B. Problem Solved
In this section, firstly, alternating optimization is utilized to separate the orginal problem into two sub-problems. Then, for each sub-problem, the Charnes-Cooper transformation [16] and SDR techniques are utilized to solve each sub-problem respectively.
1) Optimizingṽ 1 for givenṽ 2 : H 2 , then we have Rank(Ṽ 1 ) = 1, Rank(Ṽ 2 ) = 1, and with the properties of matrix trace, (16b) and (16d) can be rewritten as Since the objective function (18a) is non-convex, Charnes-Cooper transformation is utilized to transform the fractional operation. First, we introduce an auxiliary variable s 1 > 0 and define a new matrixÊ 1 = s 1V1 . Then we introduce new functions g 3 Ê 1 ,V 2 , f 3 Ê 1 ,V 2 , which are expressed as (18) is equivalently transformed as: Note that problem (23) is non-convex due to the constraint (23d). Then, the Rank-1 constraint is firstly discarded and problem (23) is transformed to a convex semidefinite programming problem with linear constraints and can be efficiently solved via the CVX solver. Since the constraint of Rank-1 is relaxed in problem (23), it is necessary to verify whether the rank of the obtained solution satisfies Rank-1. If the obtained solution is not Rank-1, gaussian randomization is applied for recovering vector approximately [9].
3) Overall Algorithm: To summarize, the outline of solving problem (18) is given in Algorithm 1, where L denotes the maximum iteration number. ) is the feasible solution of problem (26). Then, we have where inequality (a) holds due to the fact that problem (23) is solved optimally in step 3, equality (b) holds due to step 4. This indicates that the object value given in the (l + 1)th iteration is not larger than that in the lth iteration. That is to say, after each iteration, the object value is non-increasing. Furthermore, along with the QoS constraint, the secrecy rate is lower bounded and thus it must converge after some iterations.
Complexity Analysis: The main complexity of Algorithm 2 lies on the Step 3, 4. For Step 3, the complexity for solving (23) using the interior-point method, which is denoted as O 1 , is determined by the number and size of variables (design variables and slack variables) and constraints (PSD constraints and slack constraints), which is summarized in Table I. Due to the same form between (23) and (26), the complexity of Step 4 is equal to that of Step 3. Furthermore, the major complexity of Algorithm 2 is given by 2I ao × O 1 , where I ao denotes the alternating iteration numbers. Step3 IV. NUMERICAL RESULTS

Fig. 3: Simulation Setup
In this section, we present numerical results to validate the performance of the proposed scheme. Simulation setups are shown in Fig. 2, where Alice, Bob, IRS, Eve are located at (0,0), (100,0), (0,3), (100,50) in meter (m), respectively. Considering that IRS is deployed vertically high [18], a less scattering environment is expected and thus we set β ar = ∞, c ar = 2.5, c re = c rb = 3, β rb = 10, β re = 5. The rest parameters are listed as follows: c ae = c ab = 3, β ab = 10, The iterative threshold ε = 0.001, and the maximum iteration number L=15. The following simulation results are achieved by averaging over 500 randomly channel realizations. Fig. 4 shows the convergence behavior of our proposed algorithm under different number of of reflecting elements N IRS and transmitting antennas M a , respectively. We can observe that with the increase of iteration numbers, the system secrecy rate gradually decreases. After about 8 iterations, the object values all reach stable values, which validates the convergence analysis given in Section III.C.
In order to evaluate the advantage brought by the IRS, we compare our proposed scheme (Active IRS) with the following three benchmark schemes: Scheme 1: Without IRS. In this case, Eve passively wiretap information without the aid of the IRS.
Scheme 2: Jamming assisted pilot spoofing scheme (Pilot Jam). In this case, Eve sends jamming pilot when Bob sends the uplink pilot to Alice as shown in [2]. The jamming pilot power is set to 0.01 of the transmit power by Alice.
Scheme 3: Passive IRS. In this case, the phase shifts at the IRS keep constanst during the uplink phase and downlink phase. And the phase shifts is designed cooperating with Eve to minimize the secrecy rate. However, in this scheme, the probed CSI for Alice is not misleaded by the IRS, and it is the only selected attack strategy for FDD system.  5 shows the system secrecy rate verus different transmit power sent by Alice. As the transmit power increases, the secrecy rate increases gradually. Meanwhile, we can observe that, under the same condition, the proposed scheme is almost equal to Scheme 2 with Jamming and significantly outperforms the other two benchmark schemes. The reason that the scheme is superior to the scheme 1 and 3 can be concluded from problem (17). By carefully designing reflection coefficients, the misleaded beam sent by Alice can be intendly aligned to Eve during the uplink phase, and during the downlink phase, the received signal by Eve can be intendly enhanced. Moreover, compared with Scheme 2, no additional power is consumed by Eve. The performance gain verus the number of transmit antennas at Alice is plotted in Fig.6. It can be seen that as the number of transmit antennas increases, the system secrecy rate increases gradually. The reason is that with more transmit antennas, the beam can focus on legitimate users more accurately. Besides, we can observe that with the increase of the number of transmit antennas, the security rate difference between Scheme 3 and Scheme 1 under different reflecting elements decreases, which means that increasing transmitting antenna can reduce the security threat brought by Scheme 3. While, for our proposed scheme, the security rate difference under different reflecting elements keeps nearly unchanged, and for Scheme 2, the security rate difference becomes stronger, which means that due to pilot spoofing, more beam leakage although multiple antennas are utilized. In Fig.7, we shows the secrecy rate decrease ratio verus Rician factor β ae , where the secrecy rate decrease ratio is defined as ∆R = (R noirs − R active )/R noirs , and R noirs and R active denote the secrecy rate of Scheme 1 and proposed scheme under the same condition. It can be seen that as Rician factor β ae increases, the secrecy rate decrease ratio ∆R of Scheme 3 and proposed scheme both increase gradually. The reason is that as Rician factor β ae increases, LoS component becomes gradually dominant and statistical CSI is approximate to instantaneous CSI, then Eve can wiretap more information. Moreover, if Eve is a malicious internal user in the network, the Rician factor β ae is strong and more damage to legitimate commnunication is brought by IRS. Besides, if Eve is an outside user in the network, less damage is brought and deploying multiple IRSs and tring to obtain more precise CSI may be potential solutions.
In Fig.8, we further show the performance gains verus the number of reflecting elements. It can be seen that as the number of reflection elements increases, the system secrecy rates of Scheme 3 and proposed scheme both decrease, and our proposed scheme decreases more quickly than Scheme 3. The reason is that IRS with larger elements can provide more adjustable dimension for inequality (18a). Moreover, from Fig.  5-8, we can observe that the secrecy rate of Scheme 3 is significantly less than that of our proposed scheme, which indicates that our proposed scheme poses more damage to TDD system than FDD system and more attention should be paid to this attack. In fact, the number of reflecting elements can reach 100 or more at a low cost [19], which could bring more secure damage with less power. 10

V. CONCLUSION AND FUTURE WORK
In this paper, we have presented an investigation of IRSassisted pilot spoofing scheme. Firstly, the control strategy of the IRS is proposed. By changing the phase shifts during uplink phase and downlink phase, the reciprocity between uplink and downlink disappears and the secure beamforming shifts, which leads to signal leakage. Then, the minimum average secrecy rate problem based on statistical CSI is established by carefully designing the phase shifts. With alternating optimization algorithm and Charnes-Cooper transformation technique, a near optimal solution is proposed. Finally, simulation results show that our scheme can seriously affect the security performance of the TDD systems without energy consumption. If the IRS is not utilized by the internal users properly, it will bring serious threat. Therefore, it is worth paying attention to studying the effective countermeasures against pilot spoofing attack in future study. APPENDIX A PROOF OF PROPOSITION 1 In this appendix, the transformation of expected operation is proved here. Due to the similar form of the denominator E(g 1 (Φ 1 , Φ 2 )) and the numerator E(f 1 (Φ 1 , Φ 2 )) in (11), the denominator E(g 1 (Φ 1 , Φ 2 )) in (11) is firstly transformed.
Since the form of the numerator is similar to that of denominator in (11), the expectation expression of the denominator can be derived as Thus, the proof is completed.