Massive MIMO is a key technology for 5G wireless. Research has proven that many antennas at an access point can substantially increase network throughput. But with just a single antenna, a malicious node such as a cell phone can take the whole system down. ECE graduate student Xu Zhang and his faculty advisor Dr. Edward Knightly have demonstrated how such an attack can be launched, and come up with a way to combat this attack – with MACE.
MACE, which stands for MAssive MIMO Carrier frequency offset Estimate, is a counter-measure that can detect these malicious jamming antennas with no startup cost, no additional overhead, and no coordination between the access point and the client. Their paper on this research, “Massive MIMO Pilot Distortion Attack and Zero-Startup-Cost Detection: Analysis and Experiments” won a Best Paper Award at the IEEE Conference on Communications and Network Security this October.
“Gains of a massive MIMO network depend critically on whether the access point has accurate Channel State Information of different clients. Pilot Distortion Attack smartly jams the channel sounding process, during which Channel State Information is measured. It is a highly efficient but devastating attack, and can lead to network-wide denial-of-service by targeting even just a single client,” Zhang explained.
Zhang built a testbed with the Rice Argos massive MIMO access point (AP), and demonstrated that a single-antenna adversary, jamming no more than 1/60 of the time and having no more transmit power than any other client, can cause over 26% reduction of network throughput.
“As a counter mechanism, we employ the many antennas at the access point to detect such an attack,” Zhang said. “We designed a detector, MACE, that can immediately raise an alarm whenever there is Pilot Distortion Attack and enable the access point to reduce its impact.”
Various techniques before MACE have been proposed to detect jamming, but they introduce exorbitantly high startup costs and network overhead when applied during the channel sounding process.
“With MACE, there is no startup cost due to the use of the many antennas
,” Zhang noted. “MACE requires no additional network overhead – it uses the same signal setup for channel sounding. It also requires no coordination between the access point and the client – no communication is needed.”
MACE is compatible with current WiFi and LTE standards, and can detect Pilot Distortion Attack, as well as general malicious jamming with 97% true positive at 1% false positive.
“CNS is one of the top conferences for communication and network security,” Zhang said. “It was an honor to win a Best Paper Award.”