Content uploaded by Hakan Alakoca
Author content
All content in this area was uploaded by Hakan Alakoca on Nov 11, 2022
Content may be subject to copyright.
IEEE COMMUNICATIONS MAGAZINE, VOL. XX, NO. XX, 2022 1
Metasurface Manipulation Attacks: Potential
Security Threats of RIS-Aided 6G Communications
Hakan Alakoca, Graduate Student Member, IEEE, Mustafa Namdar, Member, IEEE,
Sultan Aldirmaz-Colak, Senior Member, IEEE, Mehmet Basaran, Member, IEEE, Arif Basgumus, Member, IEEE,
Lutfiye Durak-Ata, Senior Member, IEEE, and Halim Yanikomeroglu, Fellow, IEEE
Abstract—The physical layer security (PLS) of reconfigurable
intelligent surfaces (RIS) is critical for providing secure and
reliable communications in the 6th-generation (6G) wireless
systems. This paper contributes to a debate on many aspects
of unique vulnerabilities that can arise in the PLS of RIS with
malicious attacks on signal processing (SP) in 6G networks.
We address and categorize future security threats in RIS-aided
networks considering PLS aspects. Metasurface manipulation
attacks (MSMA) are based on manipulating metasurface be-
havior for malicious purposes. In this study, we present the
potential hostile activities of MSMA considering the impact of
electromagnetic and time-frequency deterioration. In addition, we
evaluate various interference-based MSMA and eavesdropping
booster-based MSMA (EaB-MSMA), which are novel potential
PLS attacks that involve manipulating phase shifting activity with
SP on malicious RIS. We also compare performance degradation
in the presence of hostile interference-based MSMA through the
manipulation of maliciously configured RIS. Additionally, in the
EaB-MSMA case, the loss of secrecy capacity is shown to be
considerably greater in passive eavesdropping scenarios.
Index Terms—6G communications, metasurface manipulation
attacks, physical layer security, reconfigurable intelligent sur-
faces, wireless security.
I. INTRODU CTIO N
Future developments in digital society are anticipated to
be dramatically altered by 6G wireless communication net-
works. Massive connectivity, extremely low latency, reduced
power consumption, higher data speeds, broader coverage,
and improved reliability are all made possible by connec-
tivity. Reconfigurable and programmable metasurfaces have
emerged as a potential technology and are currently draw-
ing more attention in 6G wireless networks as a result of
noteworthy advancements in technologies like radio-frequency
micro-electro-mechanical systems. Reconfigurable intelligent
surfaces (RIS) often consist of a large number of passive
devices controlled by software that has been modified. Re-
cently, a detailed overview of RIS hardware and modeling
H. Alakoca and L. Durak-Ata are with the Information and Communications
Research Group, Informatics Institute, Istanbul Technical University, 34469,
Istanbul, Turkey (e-mail: {alakoca, durakata}@itu.edu.tr).
M. Namdar is with Kutahya Dumlupinar University, 43100, Kutahya,
Turkey (e-mail: mustafa.namdar@dpu.edu.tr).
S. Aldirmaz-Colak is with Kocaeli University, 41001, Kocaeli, Turkey (e-
mail: sultan.aldirmaz@kocaeli.edu.tr).
M. Basaran is with both Kartal R&D Center, Siemens San. Tic. A.S., 34870,
Istanbul, Turkey (e-mail: mehmet.basaran@siemens.com).
A. Basgumus is with Bursa Uludag University, 16059, Bursa, Turkey (e-
mail: basgumus@uludag.edu.tr).
H. Yanikomeroglu is with the Department of Systems and Computer
Engineering, Carleton University, Ottawa, ON K1S 5B6, Canada (e-mail:
halim@sce.carleton.ca).
This work has been supported by The Scientific and Technological Research
Council of Turkey (TUBITAK) under Project 120E307.
with operational considerations has been published in [1].
Furthermore, within the scope of this study, the RIS hardware
interface designs are examined in detail with a variety of
operating modes.
The potential of RIS still requires specific security solutions
due to the vulnerability of physical layer security (PLS) attacks
[2]. PLS has been widely considered as a potential paradigm
for improving transmission privacy and secrecy against ma-
licious attacks on wireless communication networks using
signal processing (SP) algorithms. The study of RIS-aided PLS
systems, in particular, has been advanced by several research
articles that have studied the structure of RIS considering SP
algorithms [3], [4]. Motivated by this, several improvements
and optimization algorithms have been proposed in the liter-
ature to enhance PLS, notably for the passive eavesdropping
(PE) scenarios described in [5], [6]. An RIS-based jamming
attack [7], a joint jamming and eavesdropping attack [8], a
pilot spoofing attack [9], and a pilot contamination attack
[10] have also been discussed in the literature. In addition,
an RIS-aided robust hybrid beamforming-based secure com-
munication system has been studied in [11] in the presence
of eavesdropping and jamming nodes. The performance of
the secure communication system for an RIS-aided multiple
input and multiple output communications in the presence of
a malicious eavesdropping RIS module and an eavesdropper
has been investigated in [12]. A systematic and comprehensive
overview of deep reinforcement learning techniques in order
to optimize multi-RIS-aided communication environment with
multiple users is provided in [13]. In [14], the authors point
out the issue of illegal use of an RIS with severe impacts on
both signal leakage and interference attack scenarios. However,
these attack scenarios are not further diversified or classified.
Various modulation schemes are proposed in the literature to
increase system performance, such as [15] for an RIS-aided
communications.
In this study, potential threats to RIS-aided networks are
discussed, classified, and analyzed to address challenging
steps in building secure next-generation networks. We address
potential threats to PLS in communications to illuminate future
research directions. The main contributions of this study are
summarized in the following.
⊳Feasibility of the vulnerable configurations: We provide a
basic overview of the feasibility of malicious RIS-aided com-
munications considering the attacker’s perspective, followed
by a discussion on why the malicious RIS is preferable to
generic relay nodes.
⊳Potential RIS-specialized attack models: We introduce and
classify metasurface manipulation attack (MSMA) types for an
RIS-aided environment in next-generation wireless networks
IEEE COMMUNICATIONS MAGAZINE, VOL. XX, NO. XX, 2022 2
Base Station
UE
Microcontroller
RIS
Eve
Microcontroller Plane
FPGA
Units RFE
Baseband
Signal
Processing
Microcontroller
Circuit Board
Copper Backplane
RIS Panel
Meta-atom
Circuit-level
Meta-Surface Plane
Vulnerable
Access
Any security vulnerability?
Yes!
Backhaul Communication
Granted Access for Vulnerable Conguration
Firmware
Operating System
Network Function
Data
Silicon Level
Hardware
Software
Enable vulnerable
beamforming
or EM congurations
Absorption
Polarization
Refraction
Reection
Focusing
+
_
Input
Output
Power
Amplier
(Optional)
Phase-shift
circuit
Patch
Increases
Attacking
Inventory
Jamming or
Eavesdropping
Behavior
Fig. 1: Feasibility of vulnerable configuration of an RIS-aided communication.
to combat possible communication risks. We also categorize
these risk elements from the point of the characteristics of
electromagnetic and time-frequency deterioration.
⊳Case studies: We extensively examine conventional vul-
nerability cases for information exploitation and information
gathering attacks, considering performance evaluation in terms
of bit error rate (BER) and positive secrecy capacity (PSC).
This article aims to provide a detailed investigation of poten-
tial security threats in an RIS-aided wireless communication
network in 6G. The analysis for the PLS perspective is pre-
sented in detail considering two special cases for information
gathering and information exploitation with respect to the
system performance results.
II. MALICIOUS RE CONFIGURATION: FEA SIBILITY A ND
VULNERAB ILIT Y PERSPECT IVE
RIS-aided communication systems are promising solutions
to be included in next-generation networks and are expected
to be widely used. Various applications that utilize RIS-aided
systems have the potential to be used in technologies such
as industrial communications, space communications, body
area networks, and interconnected vehicular communications.
However, the foreseen use cases of 6G networks can be
detrimental to any vulnerable access to an RIS-aided com-
munication environment. Here, we detail the feasibility of the
vulnerable configuration of RIS-aided networks, as illustrated
in Fig. 1 step by step.
⊳Backhaul access: If attackers find any security vulner-
ability of a microcontroller in hardware or software-based
systems, it will be accessed in backhaul links in RIS-aided
communication networks. Chip security vulnerabilities have
long been acknowledged, but wireless communication security
will undoubtedly depend on them. Software-only security is
no longer adequate, as cyber attacks penetrate the system
stack. An RIS-aided infrastructure should be constructed on
top of a trusted root established in the system’s silicon layer.
Security of the software side as network function, operating
system, and firmware are also critical. Every level of security
is only as secure as the layer beneath it. The vulnerable access
mechanism is illustrated in Fig. 1. Eventually, vulnerable
configuration access will be granted to utilize an RIS in a
hostile manner.
⊳Feedback of vulnerable configuration: The optimal
reflection coefficients of the RIS are analyzed in the base
station (BS) and sent to the RIS controller through a specific
feedback link in the typical scenario predicted for its operation
[3]. This feedback is connected via a backhaul communication
link as shown in Fig. 1 and is responsible for designing the
reflection/refraction coefficients with the aid of the channel
state information (CSI). After vulnerable access is granted,
the hostile configuration can be attainable using the CSI of
connected users to the RIS node.
⊳Software controlled SP: The main components of the
microcontroller plane are depicted in Fig. 1. Microcontrollers
are capable of processing baseband signals from BS with the
aid of field-programmable gate arrays (FPGA) [3]. RF front-
end (RFE) units are also used for signal transmission and
reception for surface elements. Any unauthorized access to
microcontroller hardware and/or backhaul communication link
can modify and maintain the microcontroller to alter baseband
operations. Through software-defined radio transceiver nodes,
an RIS-aided multichannel transmission is practicably imple-
mentable, but it is still prone to vulnerable configurations.
⊳Metamaterials: Metasurface plane which is consists of
the circuit board, copper backplane, RIS panels and meta-
atoms, is presented in Fig. 1. Alongside phase-shift circuits
for reflecting and transmitted signals, there is also power
amplifying units for active metasurfaces in the circuit-level
implementation. Metamaterial technology plays a crucial role
in RIS-aided communications through 6G networks. Recent
developments and investigations of the physical architecture
of metasurfaces are presented in a comprehensive way in [1].
Vulnerable access impacts surface-level hardware elements,
including the circuit board, copper backplane, and meta-atom
IEEE COMMUNICATIONS MAGAZINE, VOL. XX, NO. XX, 2022 3
elements with the aid of FPGA units. Incident signals are
modified by maliciously configured phase shift circuits.
⊳Vulnerable beamforming and wave propagation: It is
possible to adjust electromagnetic propagation functionality,
such as reflection, refraction, absorption, focusing, and po-
larization properties of incident signals, etc., through meta-
surfaces. We also note that these electromagnetic propagation
functionalities can be regulated for malicious purposes which
are indicated in Fig. 1. Maliciously configured phase shift
circuits can modify the behavior of incident, reflected, and
refracted electromagnetic waves. Increasing the SP capability
of RIS can present unique security risks and potential threats
to wireless networks.
RIS-based communication systems depend mainly on the
configuration of their metasurfaces, which are used to maxi-
mize or optimize the signal-to-noise ratio (SNR) between the
transmitter and receiver nodes. What if an RIS, which has full
configuration capability of the electromagnetic environment is
operated as a malicious relay node? RIS-aided communication
systems have simpler transmitter and receiver structures than
conventional relay networks. Changing the electromagnetic
property of an RIS architecture for reflected and refracted
signals increases the inventory of hostile attacks. In the event
of hostile access to a microcontroller device capable of SP
functions, an RIS can be easily adjusted for adversary pur-
poses. However, malicious manipulation could be performed
in the time and frequency domain to degenerate or obtain the
frame structure of legitimate users.
III. ELECTROM AGNE TIC DET ERIORATIO N-BASED MSMA
RIS is specialized in reshaping electromagnetic waves in a
specified manner, and regular RIS units are capable of forming
reflections of incident signals in desired forms with the aid of
CSI of the nodes. In addition to reflecting capability, thanks to
metamaterial developments in recent years, it is also possible
to refract signals in desirable directions. Due to these unique
electromagnetic capabilities, it is inevitable to encounter that
attackers will gain additional unique abilities. In this section,
we introduce possible attack types according to RIS’ abilities.
A. Reflection
Reflection, which is the most widely used characteristic
electromagnetic mechanism of metasurfaces, could be em-
ployed in an eavesdropping or jamming manner. First, the
applicability of reflection-based electromagnetic deterioration
depends on the modification of the phase shift matrix of the
RIS units.
⊳A conventional MSMA (C-MSMA) is inspired by a
conventional jamming attack that depends on the modification
of all elements of the surface. The primary method of altering
the attacking behavior of the phase shift matrix elements is
the injecting of Gaussian distributed phase shift elements. In
the C-MSMA case, complex Gaussian distributed phase shifts
should be obtained. The average SNR of the legitimate user
pair is reduced as a result of manipulated reflections.
⊳A partial MSMA (P-MSMA) is an applicable partial
selection of metasurfaces generated by C-MSMA. In this
case, lower surfaces and power consumption are enough to
manipulate the target signal than for a C-MSMA. Similar to
C-MSMA, a phase shift matrix should be acquired to make
an effective reflection deterioration.
⊳An orthogonal MSMA (O-MSMA) another jamming-
based scenario that constitutes a phase shift matrix orthogonal
to the actual one. This impact significantly degrades the cas-
caded channel gain, since the norm of the individual channels
will be minorized according to the Gram-Schmidt process.
Thus, instead of benefiting, RIS harms the user. It can be
applicable when obtaining the CSI of each individual channel.
Setting the nullspace of the ideal phase shift matrix using
both QR decomposition and singular value decomposition
(SVD) could be possible to degradation of the performance
of legitimate users.
⊳An eavesdropper booster MSMA (EaB-MSMA) is an
information gathering-based scenario through SP operations
of metasurfaces, which are coordinated by malicious access.
After obtaining the CSI of the BS and Eve alongside a
legitimate phase shift matrix, it could be applicable to generate
a phase shift matrix to maximize eavesdropper SNR instead
of UE. Therefore, the system performance of eavesdroppers
improves significantly, while the signal quality of legitimate
users degrades due to this attack.
B. Refraction
Simultaneously reflecting and transmitting RIS or the intel-
ligent omni-surface concept has recently gained importance in
the literature [1]. Energy splitting, time splitting, and mode
switching modes are the main behaviors of the omni-surface
RIS units. These abilities of omni-surface elements can be
used by attackers for jamming and eavesdropping activities.
⊳A refracted time shifter MSMA (RfTS-MSMA) is
an activity vulnerable to deterioration of the time-switching
mechanism in elements of the omni-surface. It is required to
obtain and modify the time-switching activity mechanism in
this scenario. It can be applied via vulnerable time-shift mod-
ification of the communication time of the RIS to constitute
an interference signal.
⊳A refracted energy shifter MSMA (RfES-MSMA) is a
harmful alteration of the energy sharing behavior between the
transmission and reflection operations of the proper system.
In RfES-MSMA, after acquiring the phase shift matrix and
energy sharing parameters of the omni-surface elements, can
be modified to maintain the jamming behavior of RIS.
⊳A refracted mode shifter MSMA (RfModS-MSMA)
is another adversarial attack that modifies the transmit or
reflecting behavior of each individual metasurface element.
In RfModS-MSMA, the attacker reselects transmitting and
reflecting elements in the RIS based on mode switching on
omni-surface. It could be applicable by setting receiving to
transmitter mode or transmitting to receiving mode to generate
interference signals.
⊳A refraction eavesdropper MSMA (RfE-MSMA) is
an eavesdropping type scenario to capture BS data by ma-
nipulating RIS with characteristics of the omni-surface. Ba-
sically, similar to EaB-MSMA, omni-surface behavior could
be modified by time, mode or energy switching mechanism in
onmi-surface elements. The attacker could select the proper
modifications of these parameters to increase eavesdropping
activity with the aid of phase shift matrix and CSI of the BS
and Eve.
IEEE COMMUNICATIONS MAGAZINE, VOL. XX, NO. XX, 2022 4
TABLE I: Vulnerable activities of malicious RIS-aided networks considering electromagnetic deterioration capability. (Φ: Phase
shift matrix)
C-MSMA Jamming ΦGaussian distributed artificial phase injection to
whole metasurfaces
P-MSMA Jamming ΦGaussian distributed artificial phase injection to
selected metasurfaces
O-MSMA Jamming Φ, CSI of the BS and UE Setting SVD or QR decomposition of the Φ
EaB-MSMA Eavesdropping Φ, CSI of the BS and Eve Generating and utilizing Φto maximize
eavesdropper SNR
RfTS-MSMA Jamming Φ, time switching activity Adjusting vulnerable time-shift modification to
omni-surfaces
RfES-MSMA Jamming Φ, energy splitting behavior Vulnerable modification of energy coefficient for
omni-surfaces
RfMod-MSMA Jamming Φ, mode switching activity Adversarial mode shifting for omni-surfaces
RfE-MSMA Eavesdropping Φwith time, mode, or energy
switching mechanism
Operating hostile modifications for suitable
omni-surface operations to increase eavesdropping
activity
InAbs-MSMA Jamming ΦTurning off metasurface behavior or setting the
whole phase-shift as zero
InSpl-MSMA Jamming Φ, access multi-user ordering
and power allocations
Manipulating user ordering or manipulating power
allocations via optimization algorithms
Ain-MSMA Jamming Φ, CSI of the victim UEs and
BS
Generating interference signals for victim links via
beamforming optimization
BeamFrag-MSMA Eavesdropping Φ, CSI of the BS, UE, and Eve Utilizing optimization tools to minimize secrecy
capacity
AmpAlt-MSMA Jamming ΦVulnerable alteration of the amplitude of the Φfor
active metasurfaces
Electromagnetic
Capability
Attack
Type Behavior Prerequisites Feasibility
Reflection
Refraction
Absorption and
Splitting
Focusing and
Beamforming
C. Absorption and Splitting
Despite the fact that a fully programmable smart radio
environment could adjust metasurface materials to absorb
incident signals for specific purposes, the amplitude of the
reflected signals, which come from legitimate users, could
be severely degraded. The splitting of incident signals is an-
other electromagnetic method of RIS-aided communications.
Metasurfaces can be adjusted to split signals for transmitting
multiple UEs with the aid of CSI.
⊳An information absorption MSMA (InAbs-MSMA)
is based on the absorbing of electromagnetic signals by the
elements of the metasurface in a vulnerable manner. In InAbs-
MSMA which is required to obtain phase shift matrix, can
be applied by turning off metasurface behavior or setting the
whole phase shift as zero.
⊳An information splitting MSMA (InSpl-MSMA) is
effective in degenerating user ordering methods and optimizing
power allocation. After obtaining phase shift matrix behavior,
multi-access network allocations, and user ordering, it is
possible to manipulate user ordering or power allocation mech-
anisms in the communication environment. It can be viable by
using optimization algorithms for malicious purposes.
D. Focusing and Beamforming
Guarding secure communications against eavesdropping us-
ing the RIS elements given in [12]. As shown in [12] artifi-
cial noise solutions are especially effective in combating the
eavesdropper effect. However, a similar design could be used
for malicious purposes. Furthermore, when there is no line-
of-sight between the BS and the RIS link, there can be severe
performance degradation due to RIS-aided communication.
Furthermore, in more extreme cases, only selected victim user
or users might be affected by focusing and beamforming,
whereas other users would not be impacted by using powerful
SP mechanisms.
⊳An artificial interference injection MSMA (Ain-
MSMA) is a possible beamforming attack that uses reflected
interference signals to manipulate the PIN diodes of the
metasurface element. The attack design could be able to
advance by beamforming optimizations with the aid of CSI
of the BS and victim UEs. Please also note that the direct
link between the BS and RIS could be easily targeted for the
jamming attack to ultimate signal degeneration. Victim UEs
are exposed to Ain-MSMA by manipulating metasurfaces to
deteriorate the direct link between BS and UEs.
⊳A beamforming fragmentation MSMA (BeamFrag-
MSMA) which is another eavesdropping action, can be applied
by minimizing the convex or non-convex form of secrecy
capacity which can be solved using alternating optimization,
manifold minimization, or semidefinite relaxation methods. It
can be viable after capturing the phase shift matrix, and CSI
of the BS, UEs, and Eve.
⊳An amplification alteration MSMA (AmpAlt-MSMA)
is another focusing type vulnerable activity that can be found
in active RIS elements capable of amplification. When captur-
ing the phase shift matrix, it is possible to alter the amplitude
of the matrix elements. If the power level is above the desired
level, undesirable situations can occur in signal clipping and
a high peak-to-average power ratio at the destination node.
Potential vulnerabilities and attacks that can occur through
malicious scenarios based on electromagnetic deterioration
considering prerequisites and feasibility are summarized in
Table-I.
IEEE COMMUNICATIONS MAGAZINE, VOL. XX, NO. XX, 2022 5
Metasurface
Elements
Metasurface
Elements
Articial Signal Generator
Pilot Tone: Cyclic Prex:
Payload Data: Attacked:
OFDM Symbol
No Attack
Phase
Shifting
Network
Baseband
Signal
Reception
External
Control
Phase
Shift
Matrix
Phase
Shifting
Network
Baseband
Signal
Transmission
Metasurface
Behavior
Switch
External
Control
OFDM TX
OFDM RX
Phase
Shift
Matrix
F1
F2
F3
F4
P1
P2 P3
F1 : Full band injection MSMA F2 : Partial band injection MSMA F3 : CP injection MSMA F4 : Pilot injection MSMA P1 : Modulation alteration MSMA P2 : Bandwidth alteration MSMA P3 : CSI gathering MSMA
Fig. 2: Potential attacking scenarios on time-frequency deterioration-based MSMA.
IV. TIME-FREQUENCY DETERIOR ATION-BASE D MSMA
Protecting frame security is essential since every trans-
mitted of data carried over the wireless medium by data
frames. Metasurface behavior principally consists of signal
transmission and reception as illustrated in Fig. 2. Metasurface
switch mechanisms are utilized for transmission or reception
options. On the transmission side, external control is capable
to manipulate baseband orthogonal frequency domain multi-
plexing (OFDM) transmitter, phase shift matrix by means of an
artificial signal generator. Generated signals are combined with
OFDM signals as baseband signals and pass through a phase-
shifting network for enabling transmission to metasurfaces.
The phase-shifting network is responsible for adjusting phase
shift matrix elements in the physical domain. In the reception
side, signals collected from metasurfaces are proceeded to
phase-shift network to obtain phase shift matrix elements and
baseband signals. Baseband OFDM receiver is used for signal
equalization. Deterioration of the baseband signal could be
possible in any malicious relay node, but it can be combined
with electromagnetic deterioration.
A. Frame-Based Injection Attacks
OFDM samples, which are the principal components of
the radio frames, are transmitted over the communication
channel from BS to RIS. In the presence of MSMA, incident
signals are converted to baseband signals and then maliciously
manipulated via an external control.
⊳A full band injection MSMA (F1) is a wideband
tone injection attack which can be generated by constituting
an artificial signals into the transmitted OFDM signals. In
this vulnerability case, an artificial signal generator produces
interference signals for degeneration of each subcarrier as
given in Fig. 2.
⊳A partial band injection MSMA (F2) is based on in-
terference injection generated in partially selected subcarriers
from the entire band indicated in Fig. 2.
⊳A cyclic prefix injection MSMA (F3) targets the cyclic
prefix (CP) portion of the incident signal as given in Fig. 2.
Artificial signal generation has an effect only on the set of
CP samples in this attack type. Consequently, it is critical in
deteriorating synchronization in OFDM communication since
the OFDM waveform is capable of fixing the synchronization
issue with the aid of CP samples.
⊳A pilot injection MSMA (F4) aims to deteriorate the
pilot signals in communication channels. It can be applied
by inserting artificial signals into each pilot tone of the
OFDM frame. It may cause a high BER of the system since
the channel estimation process is handled via pilot tones to
equalization of the payload data in the receivers.
B. Parameter Attacks
Communication parameters such as modulation, bandwidth,
and CSI estimation parameters, are also configurable by an
external control unit for transmitting and receiving operations
at RIS node. RIS transceiver is able to operate on different
bandwidth options owing to advances in metamaterials.
⊳A modulation alteration MSMA (P1) is applicable to
alternate modulated symbols from OFDM transmitter as illus-
trated in Fig. 2 with artificially generated ones. When altering
a signal like injection attacks, it can be easily characterized
as a jamming signal. We also note that after obtaining CSI of
the eavesdropper node, modulation can be optimized for the
sake of information gathering purposes.
⊳A bandwidth alteration MSMA (P2) targets to alter
the communication bandwidth of the proper system. In this
way, established connections could fail and deteriorate in the
time-frequency domain.
⊳A CSI gathering MSMA (P3) is highly effective in
capturing CSI information at the OFDM receiving node as
depicted in Fig. 2. It could be also vulnerable to PLS-aided
wireless key generation techniques which are used by CSI to
produce secret keys. Confidential messages can be resolved
by means of captured CSI in the RIS by malicious control
operation.
V. CASE STUDIES
We demonstrate the potential impact of novel threats
through two case studies, represented in Fig. 3. A legitimate
transmitter node (BS), transmits symbols through an RIS-
relayed node, to a legitimate receiver node (UE) in the
presence of an eavesdropper, which we will refer to as Eve.
Both users are equipped with a single antenna to transmit or
receive signals. ℎ𝑖,𝑔𝑖, and 𝑔𝐸𝑖denote the complex channel
coefficients of the 𝑖-th surface elements between BS →RIS,
RIS →UE, and RIS →Eve, respectively. There is also a
direct link between BS and UE, which is indicated as 𝑧. All
individual channels are exposed to Nakagami-𝑚fading with
the 𝑚parameter. Also, Eve could not obtain any information
directly from BS. Please also note that 𝑑𝑥𝑦 is given as the
distance between the nodes, where {𝑥, 𝑦} ∈ {1,2,3,4}, which
IEEE COMMUNICATIONS MAGAZINE, VOL. XX, NO. XX, 2022 6
BS
UE
RIS
Microcontroller
Eve
1
2
3
4
Fig. 3: Network topology of the case studies.
is presented in Fig. 3. Furthermore, the Gaussian distributed
noise components 𝑛𝐵and 𝑛𝐸are with zero-mean, and variance
of 𝜎2
𝐵and 𝜎2
𝐸for UE and Eve, respectively.
RIS is capable of tuning the electromagnetic phase shifts
with the help of PIN diodes. The number of individual surface
elements is represented as 𝑁. Without any vulnerable access,
𝜙𝑖, the individual components of the diagonal phase shift
matrix can be constructed to maximize SNR considering CSI
between the transmitter node and the RIS and between the
RIS and the receiver node. However, hostile access to a mi-
crocontroller device allows modification and utilization of all
components of the metasurface in which jamming and eaves-
dropping behavior. First, we designate six individual potential
threat scenarios for the impact of hostile interference from the
malicious RIS relay node. Additionally, microcontrollers uti-
lize a baseband processing mechanism to exploit information
at the legitimate receiver node. In C-MSMA, an attacker node
manipulates individual phase shift components by inserting
modified phase terms formed by 𝜙𝑚
𝑖∼ (0, 𝜎 2
𝐴). Similarly,
in the P-MSMA scenario, preselected metasurfaces are utilized
a jamming manner. Nullspace for the incident and reflected
signals is implemented through O-MSMA with both QR and
SVD decomposition-based. In the InfAbs-MSMA scenario, the
components of the phase shift matrix are set to zero for all
individual components. Ain-MSMA scenario is designed to
deteriorate both the RIS to the UE link and the BS to the
UE link. Second, malicious RIS with information gathering
purpose EaB-MSMA case is also presented. Here, the phase
shift matrix can be generated to diminish the secrecy capacity.
When a malicious user captures the CSI of the BS →RIS, RIS
→UE, or RIS →Eve, it can be uncomplicated to enhance the
level of the received signal at Eve.
First, we examine the various MSMA types to demonstrate
the impact of malicious RIS usage on BER performance, as
presented in Fig. 4. BS transmits a binary phase shift keying
modulated signal through an RIS-aided network to the UE.
In the simulations, 𝑁is selected as 128 and the distances
between the nodes are selected as 1 m. All individual channel
coefficients are exposed to Nakagami-𝑚fading with 𝑚= 4.
The less vulnerable scenario belongs to P-MSMA. Maliciously
selected 50% makes an approximately 5 dB difference in SNR
gain in BER performance at the level of 10−4 in P-MSMA.
An increase in the malicious surface selection from 50% to
75% has a significant impact on the performance of BER in
P-MSMA. A significant difference in BER was observed in
the case of C-MSMA, where all surfaces were actively used
-40 -30 -20 -10 0 10 20 30
10-5
10-4
10-3
10-2
10-1
1
Bit Error Rate
Fig. 4: Comparison of BER performance of BPSK transmitted
signal under various MSMA.
Positive Secrecy Capacity [bit/s/Hz]
Fig. 5: Comparison of PSC vs. 𝐸𝑏∕𝜎2
𝐵for PE and EaB-MSMA
scenarios.
in the attack. Furthermore, increasing manipulation variance
𝜎2
𝐴severely degrades the quality of the received signal. O-
MSMA with QR decomposition has a worse effect on BER
performance than SVD-based O-MSMA. QR-based O-MSMA
is also observed to outperform InAbs-MSMA in terms of
BER performance above 15 dB SNR. The more extreme
vulnerability could be seen in the Ain-MSMA vulnerability
scenario. InAbs-MSMA makes RIS elements unusable, com-
munications are handled by means of the direct link. In Ain-
MSMA, severe BER degradation occurs as a result of the high
impact of interference on the direct link. The impact of secrecy
loss in the presence of RIS-aided EaB-MSMA networks is
compared to conventional PE in Fig. 5. We compare our
results considering the performance of PSC with the path loss
effect, the number of surface elements, and the relative noise
variances of UE and Eve. The path loss coefficient is selected
as 3.4 and the distances of the nodes are also determined as
𝑑12 = 1 m, 𝑑23 = 2 m and 𝑑13 = 4 m, respectively. For
ease of readability, 𝑚is selected as 𝑚= 1. As we can see,
when accessing RIS with SP capability, EaB-MSMA is more
destructive than conventional PE attacks. For RIS equipped
with 𝑁= 128 and 𝑁= 32 surface elements at 𝑑24 = 5
m distance and 20 dB SNR under the equal variances of
UE and Eve, the PSC values for EaB-MSMA and PE reach
approximately 14 bits/s/Hz and 1 bit/s/Hz, respectively. The
IEEE COMMUNICATIONS MAGAZINE, VOL. XX, NO. XX, 2022 7
location of the eavesdropper further away from the RIS and the
decrease in 𝜎2
𝐸also improve the PSC for both the EaB-MSMA
and PE information gathering cases, as expected. It should
also be emphasized that despite the long distance between the
eavesdropper node and RIS, the PSC has a minimal value
compared to the counterpart.
VI. CONCLUSION
Metasurfaces with SP functionalities can dramatically
threaten secure wireless communications due to the potential
capabilities of RIS. To improve security on 6G networks, PLS
is critical for preserving user confidentiality and providing
robust communications. In this article, we identified and clas-
sified MSMA for active RIS communication links to anticipate
potential threats in 6G networks. We examined the impact
of MSMA with two different use cases based on information
gathering and information exploitation scenarios. According to
our analyses, the BER of the legitimate user pair is extremely
reduced in the presence of various MSMA types. Furthermore,
in terms of PSC, it was shown that EaB-MSMA scenarios
present a more serious threat to secure communications than
PE.
REFER ENCES
[1] M. Jian et al., “Reconfigurable intelligent surfaces for wireless communi-
cations: Overview of hardware designs, channel models, and estimation
techniques,” Intelligent and Converged Networks, vol. 3, no. 1, pp. 1–32,
2022.
[2] E. C. Strinati et al., “Reconfigurable, intelligent, and sustainable wireless
environments for 6G smart connectivity,” IEEE Commun. Mag., vol. 59,
no. 10, pp. 99–105, 2021.
[3] C. Pan et al., “Reconfigurable intelligent surfaces for 6G systems:
Principles, applications, and research directions,” IEEE Commun. Mag.,
vol. 59, no. 6, pp. 14–20, 2021.
[4] S. Basharat et al., “Reconfigurable intelligent surfaces: Potentials, ap-
plications, and challenges for 6G wireless networks,” IEEE Wireless
Commun., vol. 28, no. 6, 2021.
[5] A. Almohamad et al., “Smart and secure wireless communications via
reflecting intelligent surfaces: A short survey,” IEEE Open J. Commun.
Soc., vol. 1, pp. 1442–1456, 2020.
[6] J. Luo et al., “Reconfigurable intelligent surface: Reflection design
against passive eavesdropping,” IEEE Trans. Wireless Commun., vol. 20,
no. 5, pp. 3350–3364, 2021.
[7] B. Lyu et al., “IRS-based wireless jamming attacks: When jammers can
attack without power,” IEEE Wireless Commun. Lett., vol. 9, no. 10, pp.
1663–1667, 2020.
[8] X. Liu et al., “Detect pilot spoofing attack for intelligent reflecting
surface assisted systems,” IEEE Access, vol. 9, pp. 19 228–19 237, 2021.
[9] K.-W. Huang and H.-M. Wang, “Intelligent reflecting surface aided pilot
contamination attack and its countermeasure,” IEEE Trans. Wireless
Commun., vol. 20, no. 1, pp. 345–359, 2020.
[10] Y. Sun et al., “Intelligent reflecting surface enhanced secure transmission
against both jamming and eavesdropping attacks,” IEEE Trans. Veh.
Technol., vol. 70, no. 10, pp. 11 017–11 022, 2021.
[11] ——, “RIS-assisted robust hybrid beamforming against simultaneous
jamming and eavesdropping attacks,” IEEE Trans. on Wireless Commun.
(Early Access), May. 2022, doi:10.1109/TWC.2022.3174629.
[12] G. C. Alexandropoulos et al., “Safeguarding MIMO communications
with reconfigurable metasurfaces and artificial noise,” in Proc. IEEE
Int. Conf. on Commun., 2021, pp. 1–6.
[13] ——, “Pervasive machine learning for smart radio environments enabled
by reconfigurable intelligent surfaces,” Proceedings of the IEEE, vol.
110, no. 9, pp. 1494–1525, 2022.
[14] Y. Wang et al., “Wireless communication in the presence of illegal re-
configurable intelligent surface: Signal leakage and interference attack,”
IEEE Wireless Commun., vol. 29, no. 3, pp. 131–138, 2022.
[15] L. Yang et al., “A novel RIS-assisted modulation scheme,” IEEE
Wireless Commun. Lett., vol. 10, no. 6, pp. 1359–1363, 2021.
Hakan Alakoca is a Ph.D. student at Istanbul Technical University, Turkey.
Mustafa Namdar is currently an Associate Professor at Kutahya Dumlupinar
University, Kutahya, Turkey.
Sultan Aldirmaz-Colak is currently an Associate Professor at Kocaeli
University, Turkey.
Mehmet Basaran is currently a Research Professional with Siemens Turkey.
Arif Basgumus is currently an Assistant Professor at Bursa Uludag University,
Bursa, Turkey.
Lutfiye Durak-Ata is currently a full professor at Istanbul Technical Univer-
sity, Istanbul, Turkey.
Halim Yanikomeroglu is a full professor at Carleton University, Ottawa,
Canada.
