Pilot spoofing attack brings challenges to the physical layer secure transmission. However, since the inherent characteristics of wireless environment have not changed, active eavesdropping can be detected based on prior information. Intelligent reflecting surface (IRS), with the real-time programmable characteristics for wireless environment, provides new possibilities for effective pilot spoofing. In this paper, the IRS is deployed near the legitimate users and the control strategy is embeded into the legitimate communication process under time-division duplex (TDD) mode to assist eavesdroppers to implement pilot spoofing. By designing different phase shifts at the IRS during the uplink phase and downlink phase, the channel reciprocity between uplink and downlink disappears, and thus the secure beamforming vector is biased towards the eavesdropper. Furthermore, in order to obtain more information, the average secrecy rate based on the statistical channel state information is established by carefully designing the phase shifts. The formulated problem is non-trivial to solve. By using alternating optimization and Charnes-Cooper transformation technique, the original problem is transformed into convex form and a sub-optimal solution is achieved. Finally, simulation results show that our proposed scheme poses serious secure threat for TDD systems.
Secrecy Rate Maximization for Intelligent Reflecting Surface Assisted Multi-Antenna Communications
