Channel Reciprocity-based Key Generation (CRKG) exploits reciprocal channel randomness to establish shared secret keys between wireless terminals. This new security technique is expected to complement existing cryptographic techniques for secret key distribution of future wireless networks. In this paper, we present a new attack, reconfigurable intelligent surface (RIS) jamming, and show that an attacker can prevent legitimate users from agreeing on the same key by deploying a malicious RIS to break channel reciprocity. Specifically, we elaborate on three examples to implement the RIS jamming attack: Using active nonreciprocal circuits, performing time-varying controls, and reducing the signal-to-noise ratio. The attack effect is then studied by formulating the secret key rate with a relationship to the deployment of RIS. To resist such RIS jamming attacks, we propose a countermeasure that exploits wideband signals for multipath separation. The malicious RIS path is distinguished from all separated channel paths, and thus the countermeasure is referred to as contaminated path removal-based CRKG (CRP-CRKG). We present simulation results, showing that legitimate users under RIS jamming are still able to generate secret keys from the remaining paths. We also experimentally demonstrate the RIS jamming attack by using commodity Wi-Fi devices in conjunction with a fabricated RIS prototype. In our experiments, we were able to increase the average bit disagreement ratio (BDR) of raw secret keys by 20%. Further, we successfully demonstrate the proposed CRP-CRKG countermeasure to tackle RIS jamming in wideband systems as long as the source of randomness and the RIS propagation paths are separable.
Wireless radio channels are known to contain information about the surrounding propagation environment, which can be extracted using established wireless sensing methods. Thus, today's ubiquitous wireless devices are attractive targets for passive eavesdroppers to launch reconnaissance attacks. In particular, by overhearing standard communication signals, eavesdroppers obtain estimations of wireless channels which can give away sensitive information about indoor environments. For instance, by applying simple statistical methods, adversaries can infer human motion from wireless channel observations, allowing to remotely monitor premises of victims. In this work, building on the advent of intelligent reflecting surfaces (IRSs), we propose IRShield as a novel countermeasure against adversarial wireless sensing. IRShield is designed as a plug-and-play privacypreserving extension to existing wireless networks. At the core of IRShield, we design an IRS configuration algorithm to obfuscate wireless channels. We validate the effectiveness with extensive experimental evaluations. In a state-of-the-art human motion detection attack using off-the-shelf Wi-Fi devices, IRShield lowered detection rates to 5 % or less.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.