Intelligent Reflecting Surface Aided Pilot Contamination Attack and Its Countermeasure

Pilot contamination attack (PCA) in a time division duplex wireless communication system is considered, where an eavesdropper (Eve) attacks the reverse pilot transmission phase in order to wiretap the data transmitted from a transmitter, Alice, to a receiver, Bob. We propose a new PCA scheme for Eve, wherein Eve does not emit any signal by itself but uses an intelligent reflecting surface (IRS) to reflect the pilot sent by Bob to Alice. The proposed new PCA scheme, referred to as IRS-PCA, increases the signal leakage from Alice to the IRS during the data transmission phase, which is then reflected by the IRS to Eve in order to improve the wiretapping capability of Eve. The proposed IRS-PCA scheme disables many existing countermeasures on PCA due to the fact that with IRS-PCA, Eve no longer needs to know the pilot sequence of Bob, and therefore, poses severe threat to the security of the legitimate wireless communication system. In view of this, the problems of 1) IRS-PCA detection and 2) secure transmission under IRS-PCA are considered in this paper. For IRS-PCA detection, a generalized cumulative sum (GCUSUM) detection procedure is proposed based on the framework of quickest detection, aiming at detecting the occurrence of IRS-PCA as soon as possible once it occurs. For secure transmission under IRS-PCA, a cooperative channel estimation scheme is proposed to estimate the channel of the IRS, based on which zero-forcing beamforming is designed to reduce signal leakage.