Secure performance analysis and pilot spoofing attack detection in cell-free massive MIMO systems with finite-resolution ADCs

Abstract

In this article, the secure communication in cell-free massive multiple-input multiple-output system with low-resolution analog-to-digital converters is investigated in the presence of an active eavesdropper. Specifically, in this article, the deterioration caused by the analog-to-digital converter imperfections on the accuracy of the channel estimation and secure transmission performance is studied. Besides, the additive quantization noise model is utilized to analyze the impacts of the low-resolution analog-to-digital converters. The minimum mean square error channel estimation results show that there is a nonzero floor caused by the coarse analog-to-digital converters. Then, the closed-form expressions for both the legitimate users achievable ergodic rate and the information leakage to the eavesdropper are derived, respectively. Moreover, tight approximated ergodic secrecy rate expression is also presented with respect to analog-to-digital converters quantization bits, number of antennas, pilot power, and so on. To degrade the impacts of the pilot spoofing attack, an active attack detection approach based on random matrix theory is proposed which can only be operated at one access point. Simulation results are provided to corroborate the obtained results and analyze the impacts of various parameters on system secrecy performance. Also, the superiority of the proposed active attacks detection method is confirmed via simulation results.

Keywords

Cell-free massive multiple-input multiple-output physical layer security low-resolution analog-to-digital converters channel estimation spoofing attack active attack detection

Introduction

Massive multiple-input multiple-output (MIMO) is regarded as a promising wireless access technology for 5G and B5G wireless communication which can provide high spectral efficiency and high energy efficiency with simple signal processing.^1,2 Cellular massive MIMO equips the large number of the antennas on a single base station (BS) which has been analyzed widely and deeply on various respects, such as performance analysis, beamforming, power control, secure communication, and so on.^2–4 However, the performance of such cellular system is inevitably limited by the intercell interferences and channel correlation. One practical alternative is to install several antenna sets onto distributed physical locations which is also called distributed massive MIMO.^5,6 As a scalable distributed massive MIMO concept, cell-free massive MIMO has been proved to be a promising wireless network architecture which can provide coherent service by geographically distributed access points (APs) for future wireless communication systems.⁷ Since its proposal, various works on performance evaluations and transmission schemes over cell-free massive MIMO have been investigated.^8–10 Due to the broadcast nature of wireless channels, facilitating secure and reliable wireless transmission is a critical topic for future wireless communication systems.^11–13 Despite the robustness of massive MIMO against passive eavesdropping, the active eavesdropping attacks are more relevant.^14,15

Currently, most related literatures merely focused on the secure transmission in co-located massive MIMO systems,^16–18 while secrecy provisions for cell-free massive MIMO have not been well explored. Hoang et al.¹⁹ discussed the secrecy performance and power allocation for cell-free massive MIMO with active eavesdropper. The effect of hardware impairments over secure cell-free massive MIMO system with active spoofing attack has been investigated in Zhang et al.²⁰ However, all aforementioned works are based on adopting high-resolution analog-to-digital converters (ADCs) in massive MIMO systems. To reduce energy consumption and physical hardware costs, implementing finite-resolution ADCs in massive MIMO systems has been regarded as an effective approach. Several researchers have devoted to the implementation of finite-resolution ADCs in cell-free massive MIMO systems recently.^21–23 Besides, the secure co-located massive MIMO with finite-resolution ADCs has been studied in Teeti.²⁴ Nevertheless, the impact of ADCs quality on secrecy performance in cell-free massive MIMO has not been considered in existing research.

In a time-division duplex (TDD) massive MIMO system, the BS always acquires the channel state information (CSI) of the legitimate users via uplink training based on the reciprocity of the downlink and uplink channels. All legal users are required to send the redesigned and assigned pilot (training) signals to the BS in uplink training phase. Since all pilot signals are repeatedly used and publicly known by the BS and all users, a smart malicious eavesdropper can easily learn the target user’s pilot signals and transmit an identical pilot signal as that of a legitimate target user which is also called spoofing attack.²⁵ Due to the spoofing attack operated by the active eavesdropper, the adversary could manipulate the CSI estimation which is the weighted sum of the target legitimate user and the eavesdropper’s channels. Consequently, the beamforming based on the estimated CSI during the data transmission results in information leakage to the eavesdropper. Some existing literatures show that the massive MIMO is robust against passive eavesdropping while the secrecy performance of the massive MIMO system is dramatically degraded by active attacks.^14,15,26 Thus, detection of the active eavesdropper can be considered as an effective countermeasure to weaken the influence of active spoofing attacks. Kapetanović et al.²⁷ proposed a detection scheme via random training pilots for massive MIMO system. However, some special pilot sequences are required to do the detection in this proposed method. Then, different schemes for active attack detection have been presented in Kapetanović et al.²⁸ which are operated at different locations and based on different system parameters. It is noted that the precoder normalization is crucially important for these active eavesdropper detection schemes. Moreover, a simple detection protocol based on the statistical properties of the channel estimation has been provided in Al-Nahari,¹⁵ which is also determined by the correctness of the channel estimation. Besides, the minimum description length (MDL) source enumeration algorithm has been utilized for active eavesdropper detection in Tugnait,^29,30 which can greatly improve the detection performance using short pilot sequences. According to Kritchman and Nadler³¹ and Tugnait,³² the random matrix theory (RMT) detection approach can achieve more precise results compared with MDL algorithm and has been proved to be highly effective in traditional MIMO system.

Motivated by the aforementioned observations, this article presents the first study of the security problem in cell-free massive MIMO system with finite-resolution ADCs against active eavesdropper. Furthermore, the tight asymptotic lower bound of achievable secrecy rate has been provided to enable the effects of ADC resolution, number of APs, each AP’s antenna number, and so on. Also, an active eavesdropping detection algorithm based on RMT is presented. And the proposed detection algorithm can be operated at one AP which only needs a simple procedure. The specific contributions of this article can be summarized as follows:

To capture the aggregate impacts of low-resolution ADCs, the additive quantization noise model (AQNM) is utilized to analyze the performance of the secure cell-free massive MIMO system. Specifically, this article operates the channel estimation via uplink training under minimum mean square error (MMSE) criterion. Moreover, the results show that the low-quality ADCs lead to a nonzero floor on the channel estimation. Also, more pilot power of the eavesdropper would bring larger damnification for channel estimation.

The downlink secrecy communication has been considered with the low-resolution ADCs. Based on the AQNM and the imperfect CSI, the closed-form expression of the secrecy rate has been derived with respect to key system parameters, including the quantization bits of the ADCs, the number of the total antennas, the pilot and data transmission power, and so on. These novel results can provide a effective tool to quantitatively analyze the impacts of system parameters on system secrecy performance.

To weaken the impacts taken by the active eavesdropping, an active attacks detection scheme based on the pilot self-contamination has been proposed which can only be operated at one AP. The detection is employed via determining the signal subspace rank which is estimated by RMT source enumeration approach. Also, the proposed detection approach has been illustrated accurate and effective via simulations.

The outline of the article is organized as follows. Section “System model” introduces the considered secure cell-free massive MIMO system model. Section “Uplink training” details the procedure of the uplink MMSE channel estimation. Section “Secrecy performance analysis” derives the achievable secrecy rate of the considered system. The RMT-based active eavesdropping detection is discussed in section “RMT-based pilot spoofing attack detection.” Simulation results are presented in section “Numerical results.” Finally, the article is concluded in section “Conclusion.”

Notation

Throughout this article, boldface lower case and upper case letters are utilized to represent vectors and matrices, for example, $y$ , $Y$ . The superscript $(\cdot)^{*}$ , $(\cdot)^{T}$ , and $(\cdot)^{H}$ stand for the conjugate, transpose and Hermitian transpose operation, respectively. In addition, the Euclidean norm of a vector $g$ and the absolute value of a scalar $g$ can be denoted as $‖ g ‖$ and $| g |$ , respectively. $E {\cdot}$ , $V ar {\cdot}$ , $r ank {\cdot}$ , and $E ig {\cdot}$ represent operations of expectation, variance, rank, and eigenvalue of a matrix, respectively. $x ~ C N (m, A)$ stands for a complex Gaussian random vector $x$ with mean $m$ and covariance matrix $A$ . $I_{M}$ and $C^{M \times N}$ are $M -$ dimensional identity matrix and $M \times N$ dimensional complex space. Besides, independent and identically distributed is abbreviated as i.i.d. Finally, $[x]^{+} = max {0, x}$ .

System model

As illustrated in Figure 1, the cell-free massive MIMO system comprising $M$ APs, $K$ one-antenna legitimate users, and an active eavesdropper (Eve) is considered in this article. Each AP is equipped with $N$ antennas. All APs are connected to a CPU through backhaul for sharing information. The Eve is equipped with single antenna and intends to contaminate the uplink training by pilot spoofing attack.¹⁹ The system is assumed operated in TDD mode, where the downlink and uplink channels are assumed to be reciprocal. Rayleigh block-fading channels are assumed between the APs and different terminals, where the channels remain constant in one time slot and vary independently afterward. Then, the channels between the $m t h$ AP and $k t h$ user (the Eve) can be denoted by^7–9

g_{mk} = \sqrt{β_{mk}} h_{mk} \in C_{N \times 1}

(1)

g_{mk} = \sqrt{β_{mk}} h_{mk} \in C_{N \times 1}

(2)

where $β_{mk}$ ( $β_{mE}$ ) represents the large-scale fading, $h_{mk}$ ( $h_{mE}$ ) models the small-scale fading vector with elements being independent and identically distributed (i.i.d) $C N (0, 1)$ random variables (RVs).

Figure 1.

The architecture of the considered secure cell-free massive MIMO transmission system.

Since secure downlink transmission is investigated in this article, each time slot consists of uplink training and downlink transmission phases.

Uplink training

Due to the channel reciprocity, the CSI can be only acquired by uplink training. During this phase, all legitimate users send mutually orthogonal pilot sequences of length $τ_{p}$ symbols for channel estimation at the APs, where $τ_{p} \geq K$ . Let $\sqrt{τ_{p} p_{p}} φ_{k} \in C^{τ_{p} \times 1}$ be the pilot vector sending by the $k t h$ user, where $‖ φ_{k} ‖^{2} = 1$ , $p_{p}$ represents the normalized pilot signal power. Since the pilot signals are repeatedly utilized and publicly predesigned, an intelligent eavesdropper can pretend to be a legitimate user by transmitting the identical pilot signals as the target user. No loss of generality, assuming that the Eve aims to eavesdrop the confidential information sending to the $k t h$ user, Eve’s pilot sequence can be denoted by $\sqrt{τ_{p} p_{E}} φ_{E}$ , where $φ_{E} = φ_{k}$ , $p_{E}$ is the normalized transmit power of Eve. The $N \times τ_{p}$ received pilot matrix at the $m t h$ AP is given by

Y_{p, m} = \sqrt{τ_{p} p_{p}} \sum_{k = 1}^{K} g_{mk} φ_{k}^{H} + \sqrt{τ_{p} p_{E}} g_{mE} φ_{E}^{H} + W_{p, m}

(3)

where $W_{p, m} \in C^{N \times τ_{p}}$ denotes the additive white Gaussian noise matrix, whose elements are i.i.d $C N (0, 1)$ RVs. By utilizing the additive quantization noise model (AQNM), the resulting signal after finite-resolution ADCs at $m t h$ AP can be given by^21,22

{\tilde{Y}}_{p, m} = γ_{m} Y_{p, m} + {\tilde{W}}_{p, m}

(4)

where $γ_{m} \leq 1$ is scaling factor with respect to the ADC quantization bits $b_{m}$ , whose accurate values are shown in Table 1.

Table 1.

Corresponding scaling factors for different ADC quantization bits.

b	1	2	3	4	5
$γ_{m}$	0.6366	0.8825	0.96546	0.990503	0.997501

Also, ${\tilde{W}}_{p, m}$ is the quantization noise matrix with covariance matrix as

R ({\tilde{W}}_{p, m}) = γ_{m} (1 - γ_{m}) d iag (E {Y_{p, m} Y_{p, m}^{H}})

(5)

Then, projecting ${\tilde{Y}}_{p, m}$ onto $φ_{l}$ , the post-processing signal can be rewritten as

\begin{matrix} {\tilde{y}}_{p, m, l} = γ_{m} (\sqrt{τ_{p} p_{p}} g_{ml} + \sqrt{τ_{p} p_{E}} g_{mE} φ_{E}^{H} φ_{l} + w_{p, m}) \\ + {\tilde{w}}_{p, m} \end{matrix}

(6)

where $w_{p, m} = W_{p, m} φ_{l}$ , ${\tilde{w}}_{p, m} = {\tilde{W}}_{p, m} φ_{l}$ .

By utilizing the MMSE estimation, the estimated channels can be written by^16,21

g_{ml} = {\hat{g}}_{ml} + {\tilde{g}}_{ml}

(7)

g_{mE} = {\hat{g}}_{mE} + {\tilde{g}}_{mE}

(8)

where the estimate ${\hat{g}}_{ml}$ ( ${\hat{g}}_{mE}$ ) and estimation error ${\tilde{g}}_{ml}$ ( ${\tilde{g}}_{mE}$ ) are mutually independent, whose elements are zero mean i.i.d. RVs with variances $λ_{ml}$ ( $λ_{mE}$ ) and $β_{ml} - λ_{ml}$ $(β_{ml} - λ_{ml})$ .

Moreover, the channel estimation ${\hat{g}}_{ml}$ can be expressed as

{\hat{g}}_{ml}^{H} = \frac{E {g_{ml}^{H} {\tilde{y}}_{p, m, l}}}{E {{\tilde{y}}_{ml}^{H} {\tilde{y}}_{p, m, l}}} {\tilde{y}}_{p, m, l}^{H}

(9)

Then, one important theorem can be given as follows.

Theorem 1

The variances $λ_{ml}$ and $λ_{mE}$ can de denoted by

λ_{ml} = {\begin{matrix} \frac{γ_{m} τ_{p} p_{p} β_{mk}^{2}}{1 + τ_{p} p_{p} β_{mk} + τ_{p} p_{E} β_{mE}}, l = k \\ \frac{γ_{m} τ_{p} p_{p} β_{ml}^{2}}{1 + τ_{p} p_{p} β_{ml}}, l \neq k \end{matrix}

(10)

λ_{mE} = \frac{γ_{m} τ_{p} p_{E} β_{mE}^{2}}{1 + τ_{p} p_{p} β_{mk} + τ_{p} p_{E} β_{mE}}

(11)

Proof

Please see Appendix 1.

Since the downlink beamformer is based on the estimated CSI via uplink training, the accuracy of the channel estimation is crucially important. Then, the normalized minimum square error (NMSE) of the target user can be used to evaluate the estimation performance which is defined as

N MSE = \frac{\sum_{m = 1}^{M} E {{‖ {\tilde{g}}_{mk} ‖}^{2}}}{\sum_{m = 1}^{M} E {{‖ g_{mk} ‖}^{2}}} = \frac{\sum_{m = 1}^{M} (β_{mk} - λ_{mk})}{\sum_{m = 1}^{M} β_{mk}}

(12)

To achieve some valuable insights, one limit behavior of the NMSE can be considered as follows. As $p_{d} \to + \infty$ , we can get the limit value of $λ_{mk}$ as

\begin{matrix} lim_{p_{d} \to + \infty} λ_{mk} = lim_{p_{d} \to + \infty} \frac{γ_{m} τ_{p} p_{p} β_{mk}^{2}}{1 + τ_{p} p_{p} β_{mk} + τ_{p} p_{E} β_{mE}} \\ = γ_{m} β_{mk} \end{matrix}

(13)

Thus, there is a nonzero floor on the channel estimation error NMSE caused by the ADCs imperfection. Besides, this zero floor cannot be compensated by increasing the pilot power of the legitimate users.

Secrecy performance analysis

In this section, we will focus on the performance analysis as a measure to evaluate the performance of the considered secure communication system.^33–37 All APs perform conjugate beamforming to simultaneously transmit data to all users with the same time-frequency resource. Then, the signal transmitted by the $m t h$ AP can be represented by

x_{m} = \sqrt{p_{d}} \sum_{l = 1}^{K} \sqrt{η_{ml}} {\hat{g}}_{ml}^{*} q_{l}

(14)

where $q_{l}$ denotes the normalized signal intended to the $l t h$ user with $| q_{l} | = 1$ , $η_{ml}$ is the power control coefficient satisfying the power constraint as

\sum_{l = 1}^{K} η_{ml} λ_{ml} \leq p_{d}

(15)

Then, the received signal at the $k t h$ user and the Eve can be denoted by

y_{k} = \sum_{m = 1}^{M} g_{mk}^{T} x_{m} + w_{k}

(16)

y_{E} = \sum_{m = 1}^{M} g_{mE}^{T} x_{m} + w_{E}

(17)

where $w_{k} ~ C N (0, 1)$ and $w_{E} ~ C N (0, 1)$ represent received noise elements at the target user and the Eve, respectively. Operated by the low-resolution ADCs at the users, the output signal can be given by

{\tilde{y}}_{k} = γ_{u} y_{k} + {\tilde{w}}_{k}

(18)

where $γ_{u}$ denotes the scaling factor of the ADCs at the users. Also, ${\tilde{w}}_{k}$ is the quantization noise with the variance as

R_{{\tilde{w}}_{k}} = γ_{u} (1 - γ_{u}) E {{| y_{k} |}^{2}}

(19)

We consider the realistic case that the target user cannot obtain its instantaneous CSI. Hence, the $k t h$ user will detect its desired signal $q_{k}$ by using the statistical CSI. Considering a pessimistic case, we assume that the Eve can obtain the perfect instantaneous CSI and has been equipped with high-quality hardware. Based on these settings, the lower bound on the target user’s achievable rate and the upper bound for the Eve’s ergodic capacity can be achieved. Furthermore, the signals at the $k t h$ user and the Eve can be rewritten as

{\begin{matrix} {\tilde{y}}_{k} = γ_{u} \sqrt{p_{d}} E {\sum_{m = 1}^{M} \sqrt{η_{mk}} g_{mk}^{T} {\hat{g}}_{mk}^{*}} q_{k} + w_{k}^{eff} \\ y_{E} = \sqrt{p_{d}} \sum_{m = 1}^{M} \sqrt{η_{mk}} g_{mE}^{T} {\hat{g}}_{mk}^{*} q_{k} + w_{E}^{eff} \end{matrix}

(20)

where $w_{k}^{eff}$ and $w_{E}^{eff}$ denote the effective noise at the $k t h$ user and the Eve which are given by

\begin{matrix} w_{k}^{eff} = γ_{u} \sqrt{p_{d}} \sum_{m = 1}^{M} \sqrt{η_{mk}} g_{mk}^{T} {\hat{g}}_{mk}^{*} q_{k} \\ - γ_{u} \sqrt{p_{d}} E {\sum_{m = 1}^{M} \sqrt{η_{mk}} g_{mk}^{T} {\hat{g}}_{mk}^{*}} q_{k} \\ + γ_{u} \sqrt{p_{d}} \sum_{l \neq k}^{K} \sum_{m = 1}^{M} \sqrt{η_{ml}} g_{mk}^{T} {\hat{g}}_{ml}^{*} q_{l} + γ_{u} w_{k} + {\tilde{w}}_{k} \end{matrix}

(21)

w_{E}^{eff} = \sqrt{p_{d}} \sum_{l \neq k}^{K} \sum_{m = 1}^{M} \sqrt{η_{ml}} g_{mE}^{T} {\hat{g}}_{ml}^{*} q_{l} + w_{E}

(22)

In this article, the ergodic secrecy rate is chosen to evaluate the secrecy performance of the considered system. By considering the difference of the channel capacities between the target user and the Eve, the ergodic secrecy rate is given by

\begin{matrix} R_{k}^{\sec} = {[R_{k} - R_{k}^{Eve}]}^{+} \\ = {[\log_{2} (1 + ζ_{k}) - \log_{2} (1 + ζ_{k}^{Eve})]}^{+} \end{matrix}

(23)

where $R_{k}$ ( $R_{k}^{Eve}$ ) and $ζ_{k}$ ( $ζ_{k}^{Eve}$ ) denote the achievable ergodic rate and signal-to-interference-noise ratio (SINR) at the $k t h$ user (the Eve). Then, we can get that

ζ_{k} = \frac{γ_{u}^{2} p_{d} {| E {\sum_{m = 1}^{M} \sqrt{η_{mk}} g_{mk}^{T} {\hat{g}}_{mk}^{*}} |}^{2}}{E {{| w_{k}^{eff} |}^{2}}}

(24)

ζ_{k}^{Eve} = \frac{p_{d} E {{| \sum_{m = 1}^{M} \sqrt{η_{mk}} g_{mE}^{T} {\hat{g}}_{mk}^{*} |}^{2}}}{E {{| w_{E}^{eff} |}^{2}}}

(25)

Subsequently, the closed-form expressions of $R_{k}$ and $R_{k}^{Eve}$ can be given in the following theorem.

Theorem 2

In the considered cell-free massive MIMO system, the SINRs at the $k t h$ user and the Eve can be given by equations (26) and (27) shown at the top of the next page

ζ_{k} = \frac{γ_{u} {(\sum_{m = 1}^{M} \sqrt{η_{mk}} λ_{mk})}^{2}}{\frac{1}{N^{2} p_{d}} + \frac{1}{N} \sum_{l = 1}^{K} \sum_{m = 1}^{M} η_{ml} λ_{ml} β_{mk} + (1 - γ_{u}) {(\sum_{m = 1}^{M} \sqrt{η_{mk}} λ_{mk})}^{2}}

(26)

ζ_{k}^{Eve} = \frac{p_{d} \sum_{m = 1}^{M} η_{mk} (\frac{N^{2} p_{E} β_{mE}^{2}}{p_{p} β_{mk}^{2}} λ_{mk}^{2} + N β_{mE} λ_{mk})}{1 + N p_{d} \sum_{l \neq k}^{K} \sum_{m = 1}^{M} η_{ml} λ_{ml} β_{mE}}

(27)

Proof

Please refer to Appendix 2.

RMT-based pilot spoofing attack detection

According to some existing papers, it is reasonable to operate the pilot spoofing attack detection based on the uplink training. Our proposed detection scheme is to perform source enumeration using RMT algorithm which is based on both the distribution of the signal eigenvalues and noise eigenvalues with the presence of noise. Also, to improve the detection accuracy, the uplink training can be divided into two phases: uplink training and uplink active attack detection. In the detection, it is set that only the legitimate target user send the pilot signal which can be designed that a fraction $0 \leq α \leq 1$ of the pilot power is allocated to a scalar random sequence $φ_{B}$ . The superimposing random sequence $φ_{B}$ is normalized ( $‖ φ_{B} ‖^{2} = 1$ ) and zero-mean whose elements can be chosen from finite alphabet: BPSK or QPSK. Therefore, instead of the pilot signal $\sqrt{τ_{p} p_{p}} φ_{k}$ , the pilot signal used for detection at the target user (the $k t h$ user) is given by

s_{d} = \sqrt{(1 - α) τ_{p} p_{p}} φ_{k} + \sqrt{α τ_{p} p_{p}} φ_{B}

(28)

To keep the detection processing confidential, the random sequence $φ_{B}$ is unknown to the APs and to the Eve in advance as it is designed randomly at the user terminal. The detection problem is in fact a binary statistical hypothesis testing problem framework, where the two hypotheses can be made with the null hypothesis $H_{0}$ denoting no attacks and the alternative hypothesis $H_{1}$ representing existing active eavesdropping. The two hypotheses can be presented as follows

\begin{matrix} H_{0} : Y_{d, m} = γ_{m} g_{mk} s_{d}^{H} + V_{m} \\ H_{1} : Y_{d, m} = γ_{m} g_{mk} s_{d}^{H} + γ_{m} g_{mE} φ_{k}^{H} + V_{m} \end{matrix}

(29)

where $V_{m} \in C^{N \times τ_{p}}$ is the effective noise component including the quantization noise matrix and additive noise matrix.

Obviously, the received signals under these two hypotheses can be modeled as Gaussian variable with different expectation. According to the existing literature,^29–32 the deterministic signals can be used for source enumeration to detect the existing active attacks.

Then, we can define that the correlation matrix of the received signal as

R_{y, i} = τ_{p}^{- 1} E {Y_{d, m} Y_{d, m}^{H} | H_{i}}

(30)

Furthermore, the correlation matrix of the source signals is given by

R_{s, i} = τ_{p}^{- 1} E {(Y_{d, m} - V_{m}) {(Y_{d, m} - V_{m})}^{H} | H_{i}}

(31)

As such, the matrix $R_{s, i}$ under the two hypotheses can be represented as

R_{s, 0} = τ_{p}^{- 1} γ_{m}^{2} g_{mk} E {s_{d}^{H} s_{d}} g_{mk}^{H}

(32)

R_{s, 1} = τ_{p}^{- 1} γ_{m}^{2} G \cdot E {S_{d}^{H} S_{d}} \cdot G^{H}

(33)

where the matrices $G$ and $S_{d}$ are defined as

G = [\sqrt{1 - α} g_{mk} + g_{mE}, \sqrt{α} g_{mk}] \in C^{N \times 2}

(34)

S_{d} = [\sqrt{τ_{p} p_{p}} φ_{k}, \sqrt{τ_{p} p_{p}} φ_{B}] \in C^{τ_{p} \times 2}

(35)

It is noted that $r ank (R_{s, 0}) = 1$ . Due to the fact that $g_{mk} \neq g_{mE}$ , we can derive that $r ank (R_{s, 1}) = 2$ with $α > 0$ .

Moreover, we can derive that

R_{y, i} = R_{s, i} + δ_{v}^{2} I_{τ_{p}}

(36)

where $δ_{v}^{2}$ is the variance of the noise matrix $V_{m}$ . Let $ς_{1, 0} > 0$ and $ς_{1, 1} > ς_{2, 1} > 0$ denote the nonzero eigenvalues of correlation matrix $R_{s, 0}$ and $R_{s, 1}$ . Hence, the eigenvalues of $R_{y, i}$ can be given by

Eig {R_{y, 0}} = (ς_{1, 0} + δ_{v}^{2}, δ_{v}^{2}, \dots, δ_{v}^{2})

(37)

Eig {R_{y, 1}} = (ς_{1, 1} + δ_{v}^{2}, ς_{2, 1} + δ_{v}^{2}, δ_{v}^{2}, \dots, δ_{v}^{2})

(38)

Thus, the two hypotheses can be distinguished by estimating the dimension $d = 1$ or $d = 2$ of the signal subspace which can be operated by the RMT estimator. Thus, the two hypotheses in equation (29) can be reformulated as

\begin{matrix} H_{0} : r ank (R_{s, 0}) = d = 1 \\ H_{1} : r ank (R_{s, 1}) = d > 1 \end{matrix}

(39)

The RMT approach considers distribution of the noise eigenvalues of $R_{y, i}$ with the absence of signals, that is, $Y_{d, m} = V_{m}$ . In particular, the distribution of the largest eigenvalue of a pure noise matrix based on a certain asymptotic limit of the distribution is used for matrix rank judgment. Then, we define the correction matrix as

R_{v} = τ_{p}^{- 1} E {V_{m} V_{m}^{H}}

(40)

The eigenvalues of $R_{v}$ can be ordered as $l_{1} \geq l_{2} \geq \dots \geq l_{N}$ . As the joint limit $N, τ_{p} \to + \infty$ with $N / τ_{p} \to c \geq 0$ , the largest eigenvalue $l_{1}$ converges to a Tracy-Widom distribution of order 2, that is

\begin{matrix} lim_{N, τ_{p} \to + \infty, N / τ_{p} \to c \geq 0} P {l_{1} < δ_{v}^{2} (μ_{τ_{p}, N} + z δ_{τ_{p}, N})} \\ = F_{TW, 2} (z) \end{matrix}

(41)

where $F_{TW, 2} (z)$ represents the Tracy-Widom probability distribution function of order 2. Besides, $μ_{τ_{p}, N}$ and $δ_{τ_{p}, N}$ denote the centering and scaling parameters which are only determined by $N$ and $τ_{p}$ . Furthermore, the parameters $μ_{τ_{p}, N}$ and $δ_{τ_{p}, N}$ can be denoted by

μ_{τ_{p}, N} = \frac{1}{τ_{p}} {(\sqrt{τ_{p} + 0.5} + \sqrt{N + 0.5})}^{2}

(42)

δ_{τ_{p}, N} = \sqrt{\frac{μ_{τ_{p}, N}}{τ_{p}}} {(\frac{1}{\sqrt{τ_{p} + 0.5}} + \frac{1}{\sqrt{N + 0.5}})}^{1 / 3}

(43)

Then, we should consider the behavior of correlation matrix adding the signals. In this case, the eigenvalue of matrix $R_{y, i}$ also follows a Tracy-Widom distribution. Hence, the signal dimension can be estimated by judging whether the largest eigenvalue is over some deterministic threshold. Motivated by the above analysis, the RMT algorithm for signal subspace rank estimation can be defined by

\begin{matrix} {\hat{d}}_{RMT} = \\ \arg min_{k} {ζ_{k} < {\hat{δ}}_{v, k}^{2} (μ_{τ_{p}, N} + z (P_{fa}) δ_{τ_{p}, N})} - 1 \end{matrix}

(44)

where $k \in {1, 2, \dots, min (N, τ_{p}) - 1}$ , $z (P_{fa})$ satisfies that $F_{TW, 2} (z (P_{fa})) = P_{fa}$ , $P_{fa}$ denotes the false alarm probability. In addition, with the assumption of $K$ signals, the noise variance can be estimated by maximum likelihood estimator as

{\hat{δ}}_{v, k}^{2} = \frac{1}{N - K} \sum_{i = K + 1}^{N} l_{i}

(45)

The above RMT approach can be used for signal subspace rank estimation based on the fact whether ${\hat{d}}_{RMT} = 1$ or ${\hat{d}}_{RMT} > 1$ . Hence, the algorithm can only be performed in small set that is $k \in {1, 2}$ . Furthermore, this detection algorithm can be only operated at one AP. To ensure the detection performance, we can choose the AP which is nearest to the user and the Eve for active attack detection. Therefore, the AP can achieve the largest SNR and can get a larger detection probability.

Numerical results

In the simulations, all APs, users, and the Eve are randomly located over a circle cell of radius 300 m. A simplified path-loss model has been used as $β = (d_{0} / d)^{v}$ , where $d$ , $d_{0}$ , and $v$ represent real geographical distance, reference distance, and loss coefficient, respectively.³⁸ To quantitatively illustrate the results, key system parameters are set that $d_{0} = 50 m$ , $v = 2.4$ , $p_{p} = p_{d} = 10 d BW$ , $τ_{p} = K = 20$ , and $MN = 200$ . Besides, the average power allocation scheme has been used in the simulations. All shown results were averaged over 5000 independent Monte Carlo trials.

Figure 2 depicts the NMSE of the channel estimation versus the SNR of the legitimate user pilot signal as a function of the quantization bits and Eve’s pilot power. It is noted that NMSE is monotonically increasing for decreasing the quantization bits $b$ . As expected, increasing the power of the active eavesdropper has a negative effect on the MMSE channel estimation. The dashed horizontally lines in Figure 2 denote the asymptotic limits of the NMSE in high power regime. The results illustrate that the coarse low-resolution ADCs result in a nonzero floor on NMSE which cannot be compensated by increasing the pilot power. On the contrary, there are no nonzero floors with implementing perfect ADCs at the transceivers which illustrates that equipping perfect ADCs could achieve an error-free channel estimation with larger pilot power.

Figure 2.

The NMSE versus the pilot power of the legitimate users.

Since the derived secrecy rate expression in Theorem 1 is an appropriate tool for secrecy performance measure, the tightness of expression (23) should be verified via numerical results. Figure 3 shows the analytical and numerical results versus the number of the APs $M$ where the results are achieved by averaging over 5000 channel realizations and randomly locations. It is observed that the analytical results can match exactly with the simulated values which can validate the correctness of the obtained analytical expressions. As can be readily noted, deploying more APs yields better secrecy performance which can be explained that both the channel responses and the diversity gains can be improved with deploying more APs. From Figure 1, another interesting observation is that the system suffers a trivial performance loss by low-resolution ADCs of the APs, but cannot tolerate low-quality ADCs at the users.

Figure 3.

Analytical and simulated results of the achievable secrecy rate versus the number of the APs.

Figure 4 shows the achievable ergodic secrecy rate versus different ADC quantization bits with $p_{E} = 0 d BW$ . Obviously, we can observe that the achievable ergodic secrecy rate increases with the ADC quantization bits. It can be explained that low-quality ADCs at APs and users bring larger channel estimation error and more signal quantization noise, which can cause a lower SINR (low achievable rate) at the target users. Besides, with the increase in the bits, the secrecy rate increases and converges to a finite rate limit (the dashed horizontally lines in Figure 4) which can be explained that the quantization distortion factor is very close to 1 when $b \geq 5$ . As expected, the considered cell-free massive MIMO system can obtain more secrecy rate with high-resolution ADCs at the users. Hence, low-resolution ADCs can be widely used at APs instead of the users.

Figure 4.

The achievable secrecy rates versus ADC quantization bits.

Figure 5 depicts the achievable secrecy rate as a function of the pilot power ratio between the Eve and the legitimate user, where $b_{m}$ and $b_{u}$ denote the quantization bits of low-resolution ADCs at APs and users, $+ \infty$ represents perfect high-resolution ADC. Interestingly, the results in Figure 2 further confirm the conclusions in Figure 1. Besides, Figure 5 illustrates that the antenna configuration at APs brings a significant impact on system performance. With the fixed total number of antennas, more APs can provide better quality of service, which is consistent with the results in Hu et al.²¹ Also, Figure 5 shows that the Eve can overhear information to one target user with a less power budget when the system exploits low-resolution ADCs. Hence, a trade-off between costs and performance is required in practical system design.

Figure 5.

The achievable secrecy rates versus pilot power difference.

In Figure 6, the active attacks detection probability versus the pilot power of the Eve with various parameters are depicted when $p_{p} = 10 d BW$ and $α = 0.5$ , where the results are obtained by 10,000 independent runs. The curves in Figure 6 illustrate that the detection performance improves with the increasing ADCs quantization bits and the antenna number of each AP. Moreover, it can be observed that the proposed RMT detector can detect active attacks at relative low power level. Also, we can note that the detection probability is over $95 %$ when $p_{E} - p_{p} = - 5 d B$ for all parameter choices shown in Figure 6. Specifically, with more antennas at each AP ( $N \geq 10$ ), the detection probability can reach to 1 when the Eve’s pilot power is about $6 d B$ lower than that of the legitimate user.

Figure 6.

Probability of the active attack detection versus the pilot power of the Eve.

Figure 7 shows the detection probability of the proposed RMT-based approach versus the power allocation factor $α$ with fixed total power $p_{p} = 10 d BW$ and $p_{E} = 5 d BW$ . At first, the results in Figure 7 indicate that the detection probability increases with the increasing $α$ . This can be explained that the correlation between the two column vectors of matrix $G$ defined in equation (47) decreases with increasing $α$ which can lead to one relatively larger eigenvalue $ς_{2, 1}$ . It is propitious for promoting the RMT-based detection probability. The used pilot signal is publicly known and predesigned, while the detection signal is designed with adding a random sequence. Besides, a smart eavesdropper will wiretap and transmit the spoof pilot sequence. Thus, to make the detection procedure confidential and imperceptible, the power allocation factor should be as small as possible. For comparison, Figure 7 shows the detection performance under different $N$ and ADCs quantization bits $b_{m}$ , which illustrates that the required allocation power for random sequence decreases with increasing $N$ or $b_{m}$ with the fixed detection probability. These results are valuable and significant for practical detection algorithm design and application.

Figure 7.

Probability of the active attack detection versus the pilot power allocation ratio $α$ .

Conclusion

This article adopted the well-established distortion model (AQNM) to reveal the secure performance of cell-free massive MIMO system with low-resolution ADCs. Uplink MMSE channel estimation has been operated in the presence of active eavesdropping attack which shows that there was a nonzero floor on the channel estimation error brought by the ADC impairments. Based on the imperfect CSI, conjugate beamforming has been performed for downlink transmission. Then, we derived the closed-form expression of the achievable ergodic secrecy rate. To weaken the influence of the active attacks, any effective resisting measure was to detect the presence of the active eavesdropper. This article exploited the RMT-based detection approach to detect the dimension of the signals embedded in noise space. Finally, numerical results have been presented to verify derived results and the effectiveness of the active attack detection scheme.

Footnotes

Appendix 1

Appendix 2

Handling Editor: Yanjiao Chen

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work was supported in part by China Postdoctoral Science Foundation under Grant 2021MD703980, in part by the National Natural Science Foundation of China under Grant 61901502.

ORCID iD

Xianyu Zhang

References

Marzetta

. Massive MIMO: an introduction. Bell Labs Tech J 2015; 20: 11–22.

Larsson

Edfors

Tufvesson

, et al. Massive MIMO for next generation wireless systems. IEEE Commun Mag 2014; 52(2): 186–195.

Björnson

Larsson

Marzetta

. Massive MIMO: ten myths and one critical question. IEEE Commun Mag 2016; 54(2): 114–123.

Zhu

Schober

Bhargava

. Secure transmission in multicell massive MIMO systems. IEEE Trans Wirel Commun 2014; 13(9): 4766–4781.

Zhang

Wen

Jin

, et al. On capacity of large-scale MIMO multiple access channels with distributed sets of correlated antennas. IEEE J Select Area Commun 2013; 31(2): 133–148.

Guo

Ascheid

. Security-constrained power allocation in MU-massive-MIMO with distributed antennas. IEEE Trans Wirel Commun 2016; 15(12): 8139–8153.

Ngo

Ashikhmin

Yang

, et al. Cell-free massive MIMO versus small cells. IEEE Trans Wirel Commun 2017; 16(3): 1834–1850.

Ngo

Tran

Duong

, et al. On the total energy efficiency of cell-free massive MIMO. IEEE Trans Green Commun Netw 2018; 2(1): 25–39.

Mai

Ngo

Duong

. Downlink spectral efficiency of cell-free massive MIMO systems with multi-antenna users. IEEE Trans Commun 2020; 68(8): 4803–4815.

10.

Björnson

Sanguinetti

. Making cell-free massive MIMO competitive with MMSE processing and centralized implementation. IEEE Trans Wirel Commun 2020; 19(1): 77–90.

11.

Yang

Wang

Geraci

, et al. Safeguarding 5G wireless communication networks using physical layer security. IEEE Commun Mag 2015; 53(4): 20–27.

12.

Guo

Zhang

, et al. Physical layer security for multiuser satellite communication systems with threshold-based scheduling scheme. IEEE Trans Veh Technol 2020; 69(5): 5129–5141.

13.

Guo

Zhou

, et al. On the secrecy performance of NOMA-based integrated satellite multiple-terrestrial relay networks with hardware impairments. IEEE Trans Veh Technol 2021; 70(4): 3661–3676.

14.

Kapetanović

Zheng

Rusek

. Physical layer security for massive MIMO: an overview on passive eavesdropping and active attacks. IEEE Commun Mag 2015; 53(6): 21–27.

15.

Al-Nahari

. Physical layer security using massive multiple-input and multiple-output: passive and active eavesdroppers. IET Commun 2016; 10(1): 50–56.

16.

Zhu

Schober

Bhargava

. Linear precoding of data and artificial noise in secure massive MIMO systems. IEEE Trans Wirel Commun 2016; 15(3): 2245–2261.

17.

Zhang

Guo

. Secure performance analysis for multi-pair AF relaying massive MIMO systems in Ricean channels. IEEE Access 2018; 6: 57708–57720.

18.

Wen

Chen

, et al. Data-aided secure massive MIMO transmission under the pilot contamination attack. IEEE Trans Commun 2019; 67(7): 4765–4781.

19.

Hoang

Ngo

Duong

, et al. Cell-free massive MIMO networks: optimal power control against active eavesdropping. IEEE Trans Commun 2018; 66(10): 4724–4737.

20.

Zhang

Guo

, et al. Secure communications over cell-free massive MIMO networks with hardware impairments. IEEE Syst J 2020; 14(2): 1909–1920.

21.

Zhong

Chen

, et al. Cell-free massive MIMO systems with low resolution ADCs. IEEE Trans Commun 2019; 67(10): 6844–6857.

22.

Zhang

Zhou

Qiao

, et al. On the performance of cell-free massive MIMO with low-resolution ADCs. IEEE Access 2019; 7: 117968–117977.

23.

Zhang

Zhou

Cao

, et al. On the performance of cell-free massive MIMO with mixed-ADC under Rician fading channels. IEEE Commun Lett 2020; 24(1): 43–47.

24.

Teeti

. Downlink secrecy rate of one-bit massive MIMO system with active eavesdropping. IEEE Access 2020; 8: 37821–37842.

25.

Xiong

Liang

, et al. Secure transmission against pilot spoofing attack: a two-way training-based scheme. IEEE Trans Inform Foren Sec 2016; 11(5): 1017–1026.

26.

Zhang

Guo

, et al. Secure performance analysis and detection of pilot attack in massive multiple-input multiple-output system. Int J Distrib Sens Netw 2018; 14(5): 1–12.

27.

Kapetanović

Zheng

Wong

, et al. Detection of pilot contamination attack using random training and massive MIMO. In: Proceedings of the 2013 IEEE 24th annual international symposium on personal, indoor, and mobile radio communications (PIMRC), London, 8–11 September 2013, pp.13–18. New York: IEEE.

28.

Kapetanović

Al-Nahari

Stojanovic

, et al. Detection of active eavesdroppers in massive MIMO. In: Proceedings of the 2014 IEEE 25th annual international symposium on personal, indoor, and mobile radio communication (PIMRC), Washington, DC, 2–5 September 2014, pp.585–589. New York: IEEE.

29.

Tugnait

. Self-contamination for detection of pilot contamination attack in multiple antenna systems. IEEE Wirel Commun Lett 2015; 4(5): 525–528.

30.

Tugnait

. Detection and identification of spoofed pilots in TDD/SDMA systems. IEEE Wirel Commun Lett 2017; 6(4): 550–553.

31.

Kritchman

Nadler

. Non-parametric detection of the number of signals: hypothesis testing and random matrix theory. IEEE Trans Signal Process 2009; 57(10): 3930–3941.

32.

Tugnait

. Pilot spoofing attack detection and countermeasure. IEEE Trans Commun 2018; 66(5): 2093–2106.

33.

Guo

Lin

Zhang

, et al. On the performance of LMS communication with hardware impairments and interference. IEEE Trans Commun 2019; 67(2): 1490–1505.

34.

Guo

Lin

Zhang

, et al. Performance analysis of hybrid satellite-terrestrial cooperative networks with relay selection. IEEE Trans Veh Technol 2020; 69(8): 9053–9067.

35.

Guo

Zhang

, et al. On the performance of the uplink satellite multiterrestrial relay networks with hardware impairments and interference. IEEE Syst J 2019; 13(5): 2297–2308.

36.

Zhou

Chu

Sun

, et al. Artificial noise aided secure cognitive beamforming for cooperative MISO-NOMA using SWIPT. IEEE J Select Area Commun 2018; 36(4): 918–931.

37.

Zhou

Cheng

, et al. Robust AN-aided beamforming and power splitting design for secure MISO cognitive radio with SWIPT. IEEE Trans Wirel Commun 2017; 16(4): 2450–2464.

38.

Timilsina

Kudathanthirige

Amarasuriya

. Physical layer security in cell-free massive MIMO. In: Proceedings of the 2018 IEEE global communications conference (GLOBECOM), Abu Dhabi, United Arab Emirates, 9–13 December 2018, pp.1–7. New York: IEEE.