Massive MIMO Pilot Distortion Attack and Zero-Startup-Cost Detection: Analysis and Experiments

Accurate Channel State Information (CSI) is a key requirement for massive MIMO to achieve multi-fold increases in throughput and secrecy rate. Consequently, an adversary targeting the channel sounding process has the potential to significantly degrade performance. In this paper, we first present and model the Pilot Distortion Attack, a simple but devastating jamming strategy in which the adversary distorts the AP's CSI measurement of even a single client leading to denial-of-service for all clients associated with the AP. We propose MACE as a countermeasure that exploits the AP's large antenna array to detect jamming with zero startup cost and zero additional network overhead. Our key insight is that with many antennas, the AP's variance estimator of client Carrier Frequency Offset (CFO) will significantly increase when there are jamming signals present. We build a testbed with a 72-antenna massive MIMO AP and conduct the first experimental study of the Pilot Distortion Attack. Our results show that a single-antenna adversary jamming no more than 1/60 of the time and having no more transmit power than any client can cause over 26% reduction of achievable rate of all clients. Moreover, by setting a single threshold, MACE can achieve 0.97 true positive at 0.01 false positive for various client/adversary locations and for a wide range of SNR (5 similar to 35 dB) and SIR (-5 similar to 35 dB) with SNR-SIR >= 5 dB.