Visible to the public On the RIS Manipulating Attack and Its Countermeasures in Physical-Layer Key Generation

TitleOn the RIS Manipulating Attack and Its Countermeasures in Physical-Layer Key Generation
Publication TypeConference Paper
Year of Publication2021
AuthorsHu, Lei, Li, Guyue, Luo, Hongyi, Hu, Aiqun
Conference Name2021 IEEE 94th Vehicular Technology Conference (VTC2021-Fall)
Keywordsactive attack, attack surface, Metrics, OFDM, physical layer security, pubcrawl, Quantization (signal), reconfigurable intelligent surface, reconfigurable intelligent surfaces, reflection coefficient, resilience, Resiliency, Scalability, secret key generation, simulation, Vehicular and wireless technologies, Wireless communication
AbstractReconfigurable Intelligent Surface (RIS) is a new paradigm that enables the reconfiguration of the wireless environment. Based on this feature, RIS can be employed to facilitate Physical-layer Key Generation (PKG). However, this technique could also be exploited by the attacker to destroy the key generation process via manipulating the channel features at the legitimate user side. Specifically, this paper proposes a new RIS-assisted Manipulating attack (RISM) that reduces the wireless channel reciprocity by rapidly changing the RIS reflection coefficient in the uplink and downlink channel probing step in orthogonal frequency division multiplexing (OFDM) systems. The vulnerability of traditional key generation technology based on channel frequency response (CFR) under this attack is analyzed. Then, we propose a slewing rate detection method based on path separation. The attacked path is removed from the time domain and a flexible quantization method is employed to maximize the Key Generation Rate (KGR). The simulation results show that under RISM attack, when the ratio of the attack path variance to the total path variance is 0.17, the Bit Disagreement Rate (BDR) of the CFR-based method is greater than 0.25, and the KGR is close to zero. In addition, the proposed detection method can successfully detect the attacked path for SNR above 0 dB in the case of 16 rounds of probing and the KGR is 35 bits/channel use at 23.04MHz bandwidth.
Citation Keyhu_ris_2021