物理层认证的中间人导频攻击分析

现有物理层认证机制依赖合法信道状态信息(CSI)的私有性，一旦攻击者能够操控或窃取合法信道，物理层认证机制就会面临被攻破的威胁。针对上述缺陷，该文提出一种中间人导频攻击方法(MITM)，通过控制合法双方的信道测量过程对物理层认证机制进行攻击。首先对中间人导频攻击系统进行建模，并给出一种中间人导频攻击的渐进无感接入策略，该策略允许攻击者能够顺利接入合法通信双方；在攻击者顺利接入后，可对两种基本的物理层认证机制发起攻击:针对基于CSI的比较认证机制，可以实施拒绝服务攻击和仿冒接入攻击；针对基于CSI的加密认证机制，可以实现对信道信息的窃取，从而进一步破解认证向量。该攻击方法适用于一般的公开导频无线通信系统，要求攻击者能够对合法双方的导频发送过程进行同步。仿真分析验证了渐进无感接入策略、拒绝服务攻击、仿冒接入攻击、窃取信道信息并破解认证向量等多种攻击方式的有效性。

Man-in-the-middle Pilot Attack for Physical Layer Authentication

The existing physical layer authentication mechanism relies on the privacy of the legitimate channel. Once the attacker can manipulate or obtain legitimate channel information, the physical layer authentication mechanism will face the threat of being compromised. To overcome the above-mentioned shortcomings, a Man-In-The-Middle (MITM) pilot attack method is proposed, which attacks the physical layer authentication mechanism by controlling the channel measurement process of the legitimate parties. Firstly, the man-in-the-middle pilot attack system is modeled, and a progressive and non-sense access strategy for MITM pilot attack is given. This strategy allows the attacker to access smoothly legitimate communication. After the attacker accesses successfully, he can launch attacks on two basic physical layer authentication mechanisms: For CSI-based comparative authentication mechanisms, denial of service attacks and counterfeit access attacks can be implemented; For the CSI-based encryption authentication mechanism, the channel information can be stolen, thereby further cracking the authentication vector. This attack method is suitable for general public pilot wireless communication systems, and requires the attacker to be able to synchronize the pilot sending process of the legitimate two parties. Simulation analysis verifies the effectiveness of multiple attack methods such as the progressive and non-sense access strategy, denial of service attack, counterfeit access attack, or cracking authentication vector.