Downlink Eavesdropping and Power/MCS Defense: Scaling the AP’s array size

Downlink transmissions are expected to be more resilient to passive eavesdropping as the AP increases its array size and forms narrower beams to the clients. Therefore, transmissions in higher bands, in which narrower beams are employed thanks to the smaller form factor of antenna elements, are viewed as more secure than transmissions in lower bands. While this secure property is assumed to be true for transmissions in terahertz (THz) regime, eavesdropper’s strategy of intercepting such narrow beam is rarely discussed, not to mention the experimental verification of the secure property. The key activity over the past year was to study the eavesdropping resilience from 100GHz to 400GHz with narrowing beams against object scattering attack, as well as the potential countermeasure of detecting such attack.

This project targeted to experimentally study the security resilience improvement with narrower beams as the transmission band goes toward the terahertz (THz) regime, as well as the detection of the potential eavesdropping. Instead of assuming the eavesdropper (Eve) to be passive and static, we envision an agile Eve that can purposely change the environment (i.e. by placing objects at specific locations) and place herself to a favorable eavesdropping position.

Specifically, we consider the scenario in which the AP (Alice) transmits to a client (Bob) in line-of-sight with a narrow beam in the sub-THz regime. While Eve aims to intercept Bob’s signal with a high signal strength, she also needs to avoid blockage on Bob as it can reveal Eve’s existence. Since the receiver needs to collect, demodulate and amplify terahertz signals is large (always larger than the aperture of the detector) and bulky, blockage would always be a concern if Eve tries to position herself in the narrow beam. To overcome this constraint, Eve can instead purposely put a small reflector to scatter the signal toward Eve located somewhere else. This object scattering attack has been shown effective in 60GHz transmissions. However, with increasingly narrow beams at higher frequencies, we expect better resilience against the object scattering attack.

From Eve’s perspective, the narrower beam introduces some challenges. As the beam becomes narrower, the scattering object once blocks only a partial of the beam can block the whole beam and trigger an alarm at Bob. Also, placing the object into the narrower beam requires higher precision. In addition to narrower beam, higher frequency band also introduce another set of challenges for Eve. As the transmission frequency increases, the property of absorption and reflection for specific materials changes. As a result, the material once was used to scatter signals in the lower band might not be a good option in the sub-THz band anymore. Increase in transmission frequency also introduces higher propagation loss, and therefore requires scattering object that can better focus the scattering signal to Eve and may limit the choice in object shape. In this project, we aim to experimentally explore these challenges Eve faces in THz eavesdropping and examine how the security resilience improves as a result.

To further improve the security resilience of sub-THz transmissions, we propose monitoring backscatter at the AP as a countermeasure for the object scattering attack. The effectiveness of the proposed countermeasure strategy is also experimentally evaluated.

To study the security resilience improvement with narrowing beams as the transmission band goes toward the terahertz (THz) regime, we consider the experimental setup where the AP serves its client Bob located at 2m from the AP using 100GHz, 200GHz, and 400GHz band. In the case of eavesdropping, Eve places a scattering object within the AP-Bob transmission link, equal distance to both the AP and Bob. (That is, 1m from the AP and 1m from Bob.) The half power beam width (HPBW) of 100GHz, 200GHz, and 400GHz bands in the experiment are 7cm, 4cm, 3cm at the distance of 1m respectively, which suggests the scale of the scattering object that can serve Eve. Indeed, we use object size varying from 5mm to 80mm in our experiment. In addition to size, we also vary the material (metal, PVC, and porcelain), shape (cylinder, plate), and location (on-axis, off-axis) of the object to explore potential weakness in the sub-THz transmission.

A successful eavesdropping from Eve’s perspective requires not only low secrecy capacity for Bob, but also low blockage to ensure the object scattering attack is not exposed. Therefore, we evaluate the security level of the transmission using these two metrics with a minor modification to the secrecy capacity: We consider the normalized secrecy capacity, which normalized the secrecy capacity to Bob’s Shannon capacity, and thus captures the percentage of capacity that is secure. To frame our discussion, we set the arbitrary thresholds for both metrics to 0.5, that is, Eve’s scattering object is blocking half of Bob’s signal and 50% of Bob’s capacity is secure. Below which we presume that eavesdropping is feasible without being detected by Bob.

We found that eavesdropping in the sub-THz regime becomes more challenging for Eve in terms of many aspects, including object material, size, shape, and location placement. First, in contrast to the diverse choices of materials in lower bands (i.e. 60GHz), the choice of material becomes more limited as the frequency increases. We observed that PVC and porcelain became worse reflectors in higher frequency, making them unfavorable choices in higher frequency eavesdropping. In contrast, metal remains to be a good reflector and effectively scatters signals to Eve and thus is used in the following experiment.

Second, we found that the object size is limited by the beam width of the transmission. In our experiment, we observed that blockage depends on relative dimension of the beam and the object. Specifically, for a certain frequency, blockage Increases with the size of the scattering object as expected. As the transmission frequency increases from 100GHz to 400GHz, the blockage also increases since higher frequency employs narrower beams. Although a larger object reflects more signals to Eve, it also obstructs the communication between the AP and Bob which can lead to an alarm or suffocate the ongoing transmission. Therefore, In the higher frequencies with narrower beams, Eve is limited to use an object with a smaller dimension.

The next challenge Eve faces is the object with the same relative size to the beam width does not scatter as much signals as the transmission frequency increases. Specifically, in our experiment, when using metal pipe object with the size corresponds to the HPBW of the transmission, we observe that the normalized secrecy capacity increases as the frequency increases, as a result of decreasing scattering signal to Eve. To overcome this challenge, Eve would have to choose a plate object over a round object to focus the scattered signals, at the same time sacrifice the location flexibility she once had with the round object.

Next, we found that more careful placement of the object is required for a successful eavesdropping in higher frequency. While placing the scattering object on-axis of the AP-Bob transmission can potentially reflect more signals to Eve, it also causes more noticeable blockage. To decrease the blockage, an agile Eve considers placing the object slightly off-axis. Indeed, with the right choice of object size, shape, and placing it off-axis, Eve can still launch a successful eavesdropping up to 400GHz according to our experiment.

Knowing an eavesdropping attack is still possible in the sub-THz regime motivates detection of such attack. We proposed to detect using back-scatter signal at the AP. What we found is that the back-scatter detection method works only for a subset of scenario, in which the object is rounded, on-axis, and larger enough relative to the beam width. For the plate object which direct the signals to specific direction, the back-scatter detection works poorly. Nonetheless, the back-scatter detection method still helps detecting the attack.


Ma, R. Shrestha, J. Adelberg, C.-Y Yeh, Z. Hossain, E. Knightly, J. Miquel Jornet, and D. Mittleman, “Security and Eavesdropping in Terahertz Wireless Links,”Nature, 563(7729):89-93 (2018)