Fast or Secure, Not Both?

We first show that, contrary to lower band non-angularly dispersive links, THz-scale links with angular dispersion exhibit an unprecedented security conundrum: Namely, with angular dispersion, a larger bandwidth creates a wider beamwidth, suggesting a higher data rate is only achieved at the price of degraded security. Moreover, when Eve is angularly away from Bob, she will receive some frequencies even stronger than Bob will. Our approach, surprisingly, nearly eliminates this security penalty. 

SCADL: Proposed Cross-Channel Coding Strategy

Our key observation is that since different frequencies emit towards slightly different directions for angularly dispersive links, Eve cannot receive all frequency channels simultaneously, and thus Alice and Bob can always use a subset of frequency channels to enable secure transmissions. 

Our approach, termed SCADL (Secure Coding for Angularly Dispersive Links) is a cross-channel coding strategy that exploits the fact that Eve cannot intercept all frequency channels simultaneously. As a baseline, we specify ICB (Independently Coded Baseline), which requires Alice to code independently per frequency channel.

We evaluate the secrecy performance of a secure coding strategy by the resulting insecure region, defined as the spatial region within which the message is leaked, at least partially, to Eve, and is shown as the enclosed region in the figure below. 

We demonstrate, both in model-driven results and experiments, that when Alice employs a cross-frequency coding strategy (SCADL), it provides a surprisingly consistent insecure region despite the widening signal footprint when the bandwidth increases. Thus, higher data rate with little secure penalty can be realized. In comparison, independent coding per channel (termed ICB) results in leakage in a subset of frequency channels in which Eve can better intercept, causing an undesirable expansion in insecure area with higher data rate. 

Our results reveal security properties not observed in conventional directional links for future wideband transmissions and emphasize the importance of a co-design of counter-measure strategy and physical layer properties.

Object Scattering Attack Detection

A sophisticated adversary could exploit the quasi-optical nature of THz beams and employ an object scattering attack in which Eve carefully places an object to reflect signals from Alice to Bob to her location. We showed how Bob can detect even small-scale objects in the middle and estimate their angular location by analyzing the THz-scale spectral fingerprint. The idea is that each location in the spatial domain has a unique frequency signature that can be known a priori based on the antenna’s physics. When Eve places an object that blocks part of the beam, it results in a frequency-selective attenuation at Bob depending on the object’s angular location. By comparing the received spectrum to the known frequency signature without blockage, we demonstrate experimentally that Bob can estimate both the center and the size of the object. Our results show that sensing offers Alice and Bob necessary information for link security.

Massive MIMO (large antenna array) base stations (BS’s) are a key feature of emerging 5G and 6G networks. They are believed to have the potential to thwart passive eavesdropping as they create highly focused transmissions. Indeed, the threat of passive eavesdropping has been shown to be negligible when the transmit antenna size approaches infinity for idealized independent Rayleigh channels. We perform the world’s first experimental study of Massive MIMO eavesdropping. 

Using a 96-element ArgosV2 BS shown above, we identify new vulnerabilities to the eavesdropper (Eve): 

• First, we demonstrate that, not only does the intended receiver Bob’s SNR increases with array size, but unfortunately, contrary to the idealized channel model, Eve’s SNR also increases with array size due to channel correlation in her measurements. 

• We further demonstrate how Eve can gain by optimizing her position, not only by being nomadic and searching for the most favorable position, but also via exploiting predictable line-of-sight (LoS) positional vulnerabilities. Specifically, we discovered Eve’s advantage by simply sharing the elevation angle with Bob in the LoS scenario. 

• Finally, we demonstrate that Eve’s advantage due to channel correlation can increase with more eavesdropping antennas in the worst case when she knows the beamforming vector and her channel from Alice. 

Our experiments demonstrate multiple eavesdropping threats in practical massive MIMO networks, contrary to the widely adopted belief of large antenna arrays being resistant to passive eavesdropping.

Millimeter-wave to THz bands spanning from 100 GHz to 1 THz are a key spectrum frontier for 6G networking and sensing. Highly directional “pencil beams” in such bands are expected to yield Tb/sec data rates and security. Prior works generally consider that Eve’s antenna must be located within the broadcast sector of the transmitting antenna, leading to the conclusion that eavesdropping becomes essentially impossible when the transmitted signal has sufficiently high directionality. We perform the world’s first experimental demonstration of THz eavesdropping and show that the conventional wisdom is unfortunately not true. 

Our experiments consider a strong adversary that places an object within the pencil beam to scatter or reflect radiation towards Eve, who is located outside of the beam’s footprint as shown in the figure above. We realize narrow beams with horn antennas having beamwidth from 1.6° to 7.8° for frequencies from 100 GHz to 400 GHz. We find that eavesdropping becomes increasingly difficult with narrower beam, as the object inevitably blocks a significant portion of radiation to Bob, which raises an alarm for Alice and Bob. Yet, we demonstrate that eavesdropping is still possible without significantly disturbing the main link using a combination of specular reflector, precise off-axis object placement, and receiver alignment as shown in the figure below. Our results demonstrate that a narrow pencil-like beam does not guarantee immunity from eavesdropping considering an agile eavesdropper.