Man-in-the-middle Pilot Attack for Physical Layer Authentication

The existing physical layer authentication mechanism relies on the privacy of the legitimate channel. Once the attacker can manipulate or obtain legitimate channel information, the physical layer authentication mechanism will face the threat of being compromised. To overcome the above-mentioned shortcomings, a Man-In-The-Middle (MITM) pilot attack method is proposed, which attacks the physical layer authentication mechanism by controlling the channel measurement process of the legitimate parties. Firstly, the man-in-the-middle pilot attack system is modeled, and a progressive and non-sense access strategy for MITM pilot attack is given. This strategy allows the attacker to access smoothly legitimate communication. After the attacker accesses successfully, he can launch attacks on two basic physical layer authentication mechanisms: For CSIbased comparative authentication mechanisms, denial of service attacks and counterfeit access attacks can be implemented; For the CSI-based encryption authentication mechanism, the channel information can be stolen, thereby further cracking the authentication vector. This attack method is suitable for general public pilot wireless communication systems, and requires the attacker to be able to synchronize the pilot sending process of the legitimate two parties. Simulation analysis verifies the effectiveness of multiple attack methods such as the progressive and non-sense access strategy, denial of service attack, counterfeit access attack, or cracking authentication vector.