• Experimental analysis of passive eavesdropping in Massive MIMO (Slides)

    Massive MIMO has the potential to thwart passive eavesdropping as the signals transmitted by a large antenna array become highly focused. Indeed, the impact of passive eavesdropping has been shown to be negligible when the number of base station (BS) antennas approaches infinity for independent Rayleigh channels. In this paper, we experimentally explore eavesdropping in Massive MIMO incorporating real-world factors including (i) a limited BS antenna array size, (ii) potential correlation in over-the-air channels, and (iii) adaptation of modulating and coding schemes (MCS) over a discrete and finite set.

    Specifically, we found

    1. The link secrecy improves slower in practical massive MIMO systems compared to the theory prediction due to channel correlation.
    2. The eavesdropper can benefit from location searching due to high variation among different locations.
    3. Transmit power adaptation is important to fully utilize the better channel at
      Bob compared to Eve due to limited MCS levels.

[1] Yeh, Chia-Yi, and Edward W. Knightly. “Feasibility of passive eavesdropping in massive MIMO: an experimental approach.” In 2018 IEEE Conference on Communications and Network Security (CNS), pp. 1-9. IEEE, 2018.


  • Physical layer security of highly-directional sub-THz communication (Slides)

With the inevitable shift to higher carrier frequencies in the millimeter-wave range, one of the key considerations is the increased directionality of transmitted signals. This presents a more challenging environment for eavesdroppers as compared to the wide-area broadcasts used at lower frequencies. This idea is even more compelling in the terahertz range (above 100 GHz). And yet, despite the widespread assumption of improved security for high-frequency data links, there has been no effort to characterize the possibility of terahertz eavesdropping experimentally. Specifically, we study the object scattering attack as direct eavesdropping inevitably blocks the narrow beam and triggers an alarm at Alice and Bob.

We demonstrate that

    1. Contrary to this oft-stated expectation, an agile eavesdropper can intercept signals in line-of-sight links, even at very high frequencies with narrow beams.
    2. Nonetheless, the eavesdropper faces increasing challenges as the transmit frequency increases and the beam becomes more directional, limiting Eve’s strategy set.

[2] Ma, Jianjun, Rabi Shrestha, Jacob Adelberg, Chia-Yi Yeh, Zahed Hossain, Edward Knightly, Josep Miquel Jornet, and Daniel M. Mittleman. “Security and eavesdropping in terahertz wireless links.” Nature 563, no. 7729 (2018): 89.


  • Energy efficient cross-layer jamming attack against TCP in 802.11 WLAN (Slides)