In this paper, we evaluate the ultimate severity of a concurrent spoofing-jamming un-detected attack from a full-duplex (FD) multi-antenna eavesdropper (EV) on a legitimate user equipment (UE) in a massive multiple-input multiple-output (MIMO) system. The FD EV can concurrently exploit its antennas to spoof one UE pilot and to estimate its link to the same UE in the uplink, and then to eavesdrop the UE's data and perform directional jamming in the downlink. From the perspective of the EV, we derive an expression for the ergodic rate difference, which is general for any possible overlap between spoofing and jamming antenna subsets. Residual spoofing and jamming self-interferences and their statistical dependencies are accounted for in the derived expression. The EV optimizes the trade-off between both spoofing-jamming powers, and antenna subsets to minimize the ergodic rate difference. Numerical results show that the EV is capable of destroying the security of the legitimate communication with a small number of antennas and a power budget equal to that of the attacked UE. The severity of the attack depends on the EV's knowledge of the power allocation strategies used at the base station (BS).
Read full abstract