Codebook Attack and Camouflage Solution in Intelligent Reflective Surface-aided Wireless Communications

LI Runyu; PENG Wei; ZHOU JianLong

doi:10.11999/JEIT240991

Volume 47 Issue 6

Jun. 2025

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2025 > 47(6): 1864-1872

LI Runyu, PENG Wei, ZHOU JianLong. Codebook Attack and Camouflage Solution in Intelligent Reflective Surface-aided Wireless Communications[J]. Journal of Electronics & Information Technology, 2025, 47(6): 1864-1872. doi: 10.11999/JEIT240991

Citation:

LI Runyu, PENG Wei, ZHOU JianLong. Codebook Attack and Camouflage Solution in Intelligent Reflective Surface-aided Wireless Communications[J]. Journal of Electronics & Information Technology, 2025, 47(6): 1864-1872. doi: 10.11999/JEIT240991

Citation:

PDF( 3335 KB)

Codebook Attack and Camouflage Solution in Intelligent Reflective Surface-aided Wireless Communications

doi: 10.11999/JEIT240991 cstr: 32379.14.JEIT240991

1.
School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan 430071, China
2.
School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan 430071, China
3.
China Overseas Property Management Company, Shenzhen 518064, China

Funds: The National Natural Science Foundation of China (62171192), The Collaborative Project of Shenzhen Science and Technology Bureau (GTHz20220913143401002), The Research and Development Project of CSCEC (CSCEC-PT-010)

Received Date: 2024-11-06
Rev Recd Date: 2025-04-10

Available Online: 2025-04-29

Publish Date: 2025-06-30

Abstract

Abstract

Objective Intelligent Reflective Surface (IRS) technology has demonstrated significant potential in enhancing Physical Layer Security (PLS). While the use of IRS to support PLS has been extensively studied, there is limited research addressing the security challenges inherent to the IRS system itself. In particular, when facing an attacker, obtaining the real-time codebook is crucial for mastering the entire IRS cascaded channel. The IRS controller, an IoT device with limited computational resources and security assurances, stores the real-time codebook and serves as the system's Achilles' heel. This paper proposes a new type of attack, the Controller Manipulation Attack (CMA). The CMA can be executed by an attacker who either compromises the IRS controller or infects it with malware, allowing for the malicious manipulation of phase shifts, which can degrade the rate of legitimate communication. Additionally, an attacker can retrieve the codebook information by exploiting the vulnerabilities of the IRS controller. Due to hardware constraints, the controller is a vulnerable, zero-trust device, making it easier for attackers to gain access to the codebook. With knowledge of the IRS geometric structure, operating frequency, codebook, and the location of the Base Station (BS), an attacker can infer the direction of the main lobe beam, thereby enabling more efficient passive eavesdropping. This passive eavesdropping represents a serious threat, especially in high-frequency scenarios with narrow beams, and is more covert than traditional pilot contamination attacks. Methods To address the codebook attack, a lightweight camouflage method is proposed at the physical layer. In this approach, the IRS phase shifts—termed the camouflage codebook—comprise both the real codebook and a fabricated one designed to deceive potential attackers. A subset of IRS elements is configured to produce ostensible phase shifts corresponding to the fake codebook. These elements do not radiate energy, serving solely to mislead attackers. Therefore, even if an attacker compromises the IRS controller and accesses the codebook, the retrieved information remains ineffective. To quantify the level of security provided, the Codebook-Secrecy-Rate (CSR) is defined as the difference in data rates between the real and camouflage codebooks. The optimization of discrete phase shifts for the IRS is formulated as an inner product maximization problem. Leveraging the structural properties of this formulation, a Divide-and-Sort (DaS) algorithm is proposed. This algorithm achieves global optimality with a computational complexity of $ O\left({2}^{B}N\right) $. Based on the DaS solution, the CSR is maximized in the following steps: the optimal codebook for signal enhancement is first derived; subsequently, a subset of IRS elements is phase-shifted by π to act as inactive units providing destructive interference. Finally, a Tabu Search (TS) algorithm is employed to determine the optimal topology of the codebook configuration. Results and Discussions Simulation results confirm the performance of the proposed solution. Experiments are conducted across four IRS configurations. When the number of IRS elements exceeds 1,000 and each unit operates with 1-bit phase resolution, the average CSR reaches approximately 15～20 bit/(s·Hz), as shown in Fig. 5. Monte Carlo simulations evaluate the relationship between the number of active elements $ {N}_{{\mathrm{T}}} $ and $ N $. A linear correlation is observed, as depicted in Fig. 6. The CSR reaches its maximum when approximately half of the IRS units are active. In practical IRS-assisted communication systems, selecting the number of active units within the interval [$ N/2,N $] offers a trade-off between signal enhancement and security. When the size of the real codebook approaches that of the fake codebook, the constructive gain from the real codebook is largely neutralized by the interference from the fake codebook. This configuration corresponds to the maximum achievable CSR for the system. Conclusions This study considers the codebook attack in IRS-aided communication systems and proposes a physical-layer camouflage codebook solution. Owing to the limited computational capacity of the IRS controller, which restricts the implementation of conventional security protocols, the controller remains vulnerable to compromise. An attacker with access to the IRS geometric structure, operating frequency, codebook, and BS location can infer the main lobe beam direction, facilitating efficient passive eavesdropping. In the proposed method, IRS elements are divided into two groups: one group operates normally to enhance legitimate signals, while the other is configured to generate deceptive phase shifts without energy radiation. This arrangement produces a camouflage codebook. Even if attackers gain control of the IRS controller, the obtained codebook includes phase information associated with inactive elements, resulting in a misleading beamforming pattern. To quantify the security level, the CSR is introduced. The optimization of the camouflage codebook is formulated as an inner product maximization problem. A DaS algorithm is used to derive the optimal codebook for signal enhancement, followed by TS to determine the phase shift topology that maximizes CSR. Simulation results support the effectiveness of the proposed approach.
- Intelligent Reflective Surface (IRS),
- Codebook camouflage,
- Divide-and-Sort (DaS),
- Heuristic search

FullText(HTML)

References(28)

References

[1]	WU Qingqing, ZHANG Shuowen, ZHENG Beixiong, et al. Intelligent reflecting surface-aided wireless communications: A tutorial[J]. IEEE Transactions on Communications, 2021, 69(5): 3313–3351. doi: 10.1109/TCOMM.2021.3051897.
[2]	JIANG Hao, XIONG Baiping, ZHANG Hongming, et al. Physics-based 3D end-to-end modeling for double-RIS assisted non-stationary UAV-to-ground communication channels[J]. IEEE Transactions on Communications, 2023, 71(7): 4247–4261. doi: 10.1109/TCOMM.2023.3266832.
[3]	张在琛, 江浩. 智能超表面使能无人机高能效通信信道建模与传输机理分析[J]. 电子学报, 2023, 51(10): 2623–2634. doi: 10.12263/DZXB.20221352. ZHANG Zaichen and JIANG Hao. Channel modeling and characteristics analysis for high energy-efficient RIS-assisted UAV communications[J]. Acta Electronica Sinica, 2023, 51(10): 2623–2634. doi: 10.12263/DZXB.20221352.
[4]	JIANG Hao, XIONG Baiping, ZHANG Hongming, et al. Hybrid far- and near-field modeling for reconfigurable intelligent surface assisted V2V channels: A sub-array partition based approach[J]. IEEE Transactions on Wireless Communications, 2023, 22(11): 8290–8303. doi: 10.1109/TWC.2023.3262063.
[5]	NAEEM F, ALI M, KADDOUM G, et al. Security and privacy for reconfigurable intelligent surface in 6G: A review of prospective applications and challenges[J]. IEEE Open Journal of the Communications Society, 2023, 4: 1196–1217. doi: 10.1109/OJCOMS.2023.3273507.
[6]	齐本胜, 饶星楠, 邓志祥, 等. 智能反射表面辅助的全双工通信系统的物理层安全设计[J]. 电子与信息学报, 2023, 45(6): 1990–1998. doi: 10.11999/JEIT220547. QI Bensheng, RAO Xingnan, DENG Zhixiang, et al. Physical layer security for intelligent reflecting surface assisted full-duplex communication[J]. Journal of Electronics & Information Technology, 2023, 45(6): 1990–1998. doi: 10.11999/JEIT220547.
[7]	CHEN Jie, LIANG Yingchang, PEI Yiyang, et al. Intelligent reflecting surface: A programmable wireless environment for physical layer security[J]. IEEE Access, 2019, 7: 82599–82612. doi: 10.1109/ACCESS.2019.2924034.
[8]	杨杰, 季新生, 王飞虎, 等. 窃听者随机分布下智能反射面辅助的MISO系统物理层安全性能分析[J]. 电子与信息学报, 2022, 44(5): 1809–1818. doi: 10.11999/JEIT210209. YANG Jie, JI Xinsheng, WANG Feihu, et al. Performance analysis of physical layer security for IRS-aided MISO system with randomly distributed eavesdropping nodes[J]. Journal of Electronics & Information Technology, 2022, 44(5): 1809–1818. doi: 10.11999/JEIT210209.
[9]	雷维嘉, 翟泽旭, 雷宏江, 等. 不准确CSI下智能反射表面辅助的多用户系统物理层安全方案设计[J]. 电子与信息学报, 2022, 44(7): 2299–2308. doi: 10.11999/JEIT220405. LEI Weijia, ZHAI Zexu, LEI Hongjiang, et al. Design of physical layer security scheme for intelligent reflecting surface assisted multi-user system with imperfect CSI[J]. Journal of Electronics & Information Technology, 2022, 44(7): 2299–2308. doi: 10.11999/JEIT220405.
[10]	YANG Helin, XIONG Zehui, ZHAO Jun, et al. Deep reinforcement learning-based intelligent reflecting surface for secure wireless communications[J]. IEEE Transactions on Wireless Communications, 2021, 20(1): 375–388. doi: 10.1109/TWC.2020.3024860.
[11]	CHEN Xinying, AN Jianping, XIONG Zehui, et al. Covert communications: A comprehensive survey[J]. IEEE Communications Surveys & Tutorials, 2023, 25(2): 1173–1198. doi: 10.1109/COMST.2023.3263921.
[12]	WANG Chao, LI Zan, SHI Jia, et al. Intelligent reflecting surface-assisted multi-antenna covert communications: Joint active and passive beamforming optimization[J]. IEEE Transactions on Communications, 2021, 69(6): 3984–4000. doi: 10.1109/TCOMM.2021.3062376.
[13]	WANG Yazheng, LU Hancheng, ZHAO Dan, et al. Wireless communication in the presence of illegal reconfigurable intelligent surface: Signal leakage and interference attack[J]. IEEE Wireless Communications, 2022, 29(3): 131–138. doi: 10.1109/MWC.008.2100560.
[14]	ZHOU Xiangyun, MAHAM B, and HJORUNGNES A. Pilot contamination for active eavesdropping[J]. IEEE Transactions on Wireless Communications, 2012, 11(3): 903–907. doi: 10.1109/TWC.2012.020712.111298.
[15]	HUANG Kewen and WANG Huiming. Intelligent reflecting surface aided pilot contamination attack and its countermeasure[J]. IEEE Transactions on Wireless Communications, 2021, 20(1): 345–359. doi: 10.1109/TWC.2020.3024808.
[16]	ALAKOCA H, NAMDAR M, ALDIRMAZ-COLAK S, et al. Metasurface manipulation attacks: Potential security threats of RIS-aided 6G communications[J]. IEEE Communications Magazine, 2023, 61(1): 24–30. doi: 10.1109/MCOM.005.2200162.
[17]	ACHARJEE S S and CHATTOPADHYAY A. Design and detection of controller manipulation attack on RIS assisted communication[J]. IEEE Journal on Selected Areas in Communications, 2024, 42(6): 1626–1641. doi: 10.1109/JSAC.2024.3389119.
[18]	TANG Wankai, CHEN Mingzheng, CHEN Xiangyu, et al. Wireless communications with reconfigurable intelligent surface: Path loss modeling and experimental measurement[J]. IEEE Transactions on Wireless Communications, 2021, 20(1): 421–439. doi: 10.1109/TWC.2020.3024887.
[19]	CHEN Zhen, GUO Yeyong, ZHANG Peichang, et al. Physical layer security improvement for hybrid RIS-assisted MIMO communications[J]. IEEE Communications Letters, 2024, 28(11): 2493–2497. doi: 10.1109/LCOMM.2024.3427010.
[20]	LI Dong. Ergodic capacity of intelligent reflecting surface-assisted communication systems with phase errors[J]. IEEE Communications Letters, 2020, 24(8): 1646–1650. doi: 10.1109/LCOMM.2020.2997027.
[21]	LI Dong. How many reflecting elements are needed for energy- and spectral-efficient intelligent reflecting surface-assisted communication[J]. IEEE Transactions on Communications, 2022, 70(2): 1320–1331. doi: 10.1109/TCOMM.2021.3128544.
[22]	YU Xianhua and LI Dong. Phase shift compression for control signaling reduction in IRS-aided wireless systems: Global attention and lightweight design[J]. IEEE Transactions on Wireless Communications, 2024, 23(8): 8528–8541. doi: 10.1109/TWC.2024.3351755.
[23]	ZHANG Hongliang, DI Boya, SONG Lingyang, et al. Reconfigurable intelligent surfaces assisted communications with limited phase shifts: How many phase shifts are enough?[J]. IEEE Transactions on Vehicular Technology, 2020, 69(4): 4498–4502. doi: 10.1109/TVT.2020.2973073.
[24]	WU Qingqing and ZHANG Rui. Intelligent reflecting surface enhanced wireless network via joint active and passive beamforming[J]. IEEE Transactions on Wireless Communications, 2019, 18(11): 5394–5409. doi: 10.1109/TWC.2019.2936025.
[25]	XIONG Rujing, DONG Xuehui, MI Tiebin, et al. Optimal discrete beamforming of RIS-aided wireless communications: An inner product maximization approach[EB/OL]. https://arxiv.org/html/2211.04167v7, 2022.
[26]	ZHANG Yaowen, SHEN Kaiming, REN Shuyi, et al. Configuring intelligent reflecting surface with performance guarantees: Optimal beamforming[J]. IEEE Journal of Selected Topics in Signal Processing, 2022, 16(5): 967–979. doi: 10.1109/JSTSP.2022.3176479.
[27]	KARYSTINOS G N and PADOS D A. Rank-2-optimal adaptive design of binary spreading codes[J]. IEEE Transactions on Information Theory, 2007, 53(9): 3075–3080. doi: 10.1109/TIT.2007.903130.
[28]	SU Ruochen, DAI Linglong, TAN Jingbo, et al. Capacity enhancement for irregular reconfigurable intelligent surface-aided wireless communications[C]. GLOBECOM 2020 - 2020 IEEE Global Communications Conference, Taipei, China, 2020: 1–6. doi: 10.1109/GLOBECOM42002.2020.9348273.