QoS Degradation Attack in D2D Multicasting Networks : Analysis and Countermeasure

Ⅰ. Introduction

Over the past decade, there has been extensive use of smart devices in cellular networks, which results not only in a stupendous increase in data traffic but also in the demand for a better quality of service (QoS). In addition to mobile phones, laptops, wearable devices, tablets, and even vehicles can also be wirelessly connected to the internet in recent times. Cellular networks have evolved over the years to satisfy these diverse demands. Accordingly, several advanced technologies such as device-to-device (D2D) communication, cell-free massive multiple-input and multiple-output(MIMO), intelligent reflecting surfaces (IRS), and mobile edge computing have been investigated and developed to improve the performance of cellular networks^[1,2].

D2D communication in cellular networks is a technology that enables mobile users in proximity to communicate with each other without infrastructures such as base stations. D2D communication has been highlighted as one of the leading technologies in cellular networks due to its potential to improve performance in terms of latency, throughput, and resource utilization for various applications such as content sharing, data and computation offloading, coverage extension, and the Internet of Things (IoT)^[3]. Furthermore, many applications, such as content sharing, require the formation of clusters, and thus several studies have investigated the development of cluster-based D2D communications.

In cluster-based D2D communication, nearby users are grouped into a cluster with a designated cluster head (CH) to facilitate the dissemination of information. D2D clustering has been proven to improve network performance in terms of throughput, energy consumption, and spectral efficiency. Accordingly, various clustering algorithms have been presented in D2D cellular networks^[4,5]. Channel state information(CSI) feedback is essential in cluster-based D2D communication since it can directly or indirectly affect the achievable rate between devices (or users) in the cluster. Thus, the availability of the CSI of individual users in the cluster is beneficial for every user to receive and correctly decode the information transmitted. However, CSI feedback itself can be exploited by a malicious user, and thus it has been considered one of the potential threats in wireless networks.

Tung et al. analyzed the vulnerability of CSI forgery in multiuser MIMO systems^[6], which can be exploited to eavesdrop on other transmissions. Wang et al. investigated a sniffing attack in multiuser MIMO networks using manipulated CSI and proposed a countermeasure based on differences in angular spectra^[7]. Hou et al. presented possible attacks in multi-user MIMO networks that adopted CSI-based user selection algorithms^[8]. A number of studies investigated the impacts of CSI forgery in wireless communication systems but most of them considered infrastructure-based networks rather than D2D communication environments^[6-8].

Only a few studies considered CSI forgery problems in D2D communications^[9,10]. They mainly focused on analyzing the impact of cluster failure attacks, not QoS degradation attacks, and considered only link-level simulations. Bang et al. investigated CSI forgery problems in D2D clustering scenarios^[10]. They newly presented threat models such as clustering failure attack and QoS degradation attack. However, they only formulated the QoS degradation attack and did not provide details of the analysis in the closed-form.

To the best of our knowledge, the QoS degradation attack in D2D communication has not been investigated in detail in terms of analysis and simulations. To this end, in this paper, we investigate the QoS degradation attack in cluster-based D2D communication in detail, particularly deriving a closed-form expression of cluster sum-rate and performing a system-level simulation to verify its validity. Our main contributions are summarized as follows:

✓ We investigate the QoS degradation attack in cluster-based D2D communication and derive the closed-form of the cluster sum-rate under the attack;

✓ We further analyze the effect of a threshold-based defense scheme against the QoS degradation attack and derive mathematical formulation in the closed-forms;

✓ We perform system-level simulations to evaluate the impact of the QoS degradation attack on cluster-based D2D communication with Simu5G.

The rest of the paper is organized as follows. Section II describes the system model, the threat model, and the performance metric. In Section III, we introduce a countermeasure against possible threats and mathematically analyze the performance of the countermeasure. In Section IV, we perform a simulation to evaluate the performance of the defense mechanism and to verify our mathematical analysis. Finally, we draw our conclusions in Section V.

Ⅱ. System Model

Fig. 1 depicts a system model where we consider a single D2D cluster of multiple devices includingasingle malicious device as a cluster member. Weassume that all the devices and the base stationareequipped with a single antenna. Additionally, weassume that a malicious device acts as the cluster member under the situation that the cluster head (CH) was already designated. The CH is responsible for D2D multicasting in the cluster and decides the datarate for D2D multicasting based on CSI feedback from each user to the CH[10]. We define {0, …·, N} as an index of each device except for the CH (i.e., only cluster members of the D2D cluster). We consider total N + 1 cluster members: N normal cluster members and a single malicious cluster member. Let hn denote the channel fading coefficient between the CH and device n. We assume a Rayleigh fading channel and thus hn ∈ is a complex Gaussian random variable with zero mean and variance .

The CH multicasts data to only cluster members who request content sharing. Let indicate the set of active cluster members who request content sharing. We assume that the CH sets multicasting data rate to consider the minimum quality of service (in terms of data rate) for all devices in . Then, the minimum achievable data rate for all cluster members in is given as follows:

where r represents the signal-to-noise ratio (SNR) for transmission.

2.1 Threat Model: QoS Degradation Attack

The main purpose of the malicious device is to degrade the quality of service (QoS) in the D2D cluster by exploiting CSI forgery. Note that the data rate for D2D multicasting in (1) is mainly determined by the device that experiences the worst channel condition (i.e., minimum value of |hn|2 , ∈ ). Thus, the malicious device can intentionally report its underestimated CSI instead of the original one for the purpose of degrading the date rate in (1)

We define this attack as the QoS degradationattack[10]. Without loss of generality, we assume n=0for the index of the malicious device. Then, we canmodel the forged CSI of the original |h0|2 as follows:

where a ∈(0, 1] denotes the CSI forgery factor bythe malicious user.

To execute the QoS degradation attack, themalicious user deliberately reports an underestimatedCSI (i.e., | 0|2 in (2)) to the CH in order to lower the data rate for D2D multicasting in (1). Consequently, if the QoS degradation attackissuccessfully done from the perspective of themalicious device, then the base station believes that the malicious device experiences the worst channel fading. Thus, the base station sets the minimumachievable data rate for the D2D multicastingasfollows:

2.2 Performance Metric: Cluster Sum-Rate

For the QoS degradation attack, all cluster membersin the D2D cluster suffer from the data ratedegradation. Thus, we consider the sum-rate intheD2D cluster as a performance metric to quantitativelymeasure the level of QoS degradation, instead of asingle device’s data rate in (1).

We define the cluster sum-rate as a sumof all datarates of the cluster members that require content sharing from the CH and it is given by

where | | represents the number of cluster membersin .

Note that the cluster sum-rate jointly considers thenumber of cluster members (i.e., served D2Ddevicesby the CH) and the data rate for D2D multicastingtogether. We will compare the expectation of thecluster sum-rate with and without the QoS degradationattack in detail with mathematical analysis in Section Ⅲ and extensive simulations in Section Ⅳ, respectively.

Ⅲ. Analysis and Countermeasure

In this section, we first investigate the closed-form of cluster sum-rate in (4) without considering a countermeasure. Next, we introduce threshold-based countermeasures proposed in [10] and derive the closed-form of cluster sum-rate in (4) when the countermeasure is applied, which has not been studied in previous work^[10].

3.1 Sum-Rate Analysis without Countermeasure

[TeX:] $$\mathrm{For}^h$$ analytical tractability, we consider an independent and identically distributed (i.i.d.) condition for channel coefficient [TeX:] $$h_n$$ (i.e.,[TeX:] $$\sigma_{h_n}^2=\sigma_h^2 \forall n$$). When we do not consider a countermeasure against QoS degradation attack (i.e., defense mechanism), we assume that all devices in the D2D cluster request content sharing (i.e.,[TeX:] $$\mathscr{D}=\mathscr{N}$$). We analyze the expectation of the cluster sum-rate without a defense mechanism for reference and it is summarized in the following theorem.

Theorem 1. For a given N, [TeX:] $$\sigma_h^2$$, and [TeX:] $$\alpha$$, the expectation of the cluster sum-rate without any defense is given by

where [TeX:] $$\mu=\frac{1+\alpha N}{\alpha \sigma_h^2}$$, and E1(x) indicates an exponential integral function defined as [TeX:] $$\mathrm{E}_1(x)=\int_x^{\infty} \frac{\exp (-t)}{t} d t$$^[11].

Proof. In the absence of the defense mechanism, the cluster sum-rate in (4) is rewritten by

where [TeX:] $$\mathscr{D}$$\ {0} denotes a subtraction of index 0 from a set [TeX:] $$\mathscr{D}$$ and the second equality holds with notation substitutions with [TeX:] $$X=\min _{n \in \mathscr{D} \backslash\{0\}}\left|h_n\right|^2, Y=\left|\hat{h}_0\right|^2=\alpha |h_0|^2$$and [TeX:] $$\min \left(X,Y\right)$$.

Consequently, the expectation of (6) is derived as follows:

where [TeX:] $$/\mathscr{D}/=N+1$$ and f_Z[TeX:] $$$$ (·) denotes the probabilitydensity function (PDF) of Z.

Using the fact that X corresponds to the minimum of N i.i.d. exponential random variables with a parameter [TeX:] $$\sigma_h^2$$ and Y is also exponentially distributed, we can obtain the cumulative distribution function (CDF) of Z (i.e., FZ (z)) as follows:

In addition, the PDF of Z is given by

We can finally obtain (5) by substituting (9) into (7).

3.2 Sum-Rate Analysis with Countermeasure

To mitigate CSI forgery attacks such as underestimated or overestimated CSI reporting, threshold-based filtering mechanisms were investigated in [10]. We also employ the threshold-based defense scheme to defend the D2D multicasting against the QoS degradation attack. The main idea of the threshold-based defense scheme is for the CH to set a proper threshold value in order to filter out the forged (underestimated) CSI by the malicious user during the D2D multicasting for content sharing. Similar to [10], we define a criterion for the filtering using the threshold value [TeX:] $$\gamma$$ and it is expressed as follows:

Remark 1. Threshold-based defense mechanisms inherently have a disadvantage such that a legitimate device could even be considered as a malicious device if its actual CSI feedback is less than the criterion. Thus, the CH could exclude those devices satisfying (10) from the D2D multicasting for content sharing. However, we can minimize this negative effect by properly setting a threshold value as discussed in [10]. It will be further discussed in Section Ⅳ.

Let [TeX:] $$\mathscr{M}$$ represent the set of cluster members who are considered to report their original CSI feedback to the CH (i.e., [TeX:] $$/h_n/^2 \geq \gamma$$). Then, the CH sets the D2D multicasting data rate based on [TeX:] $$\mathscr{M}$$, which is a subset of [TeX:] $$\mathscr{D}$$(i.e.,[TeX:] $$\mathscr{M} \subset \mathscr{D}$$). Thus, when we apply the defense mechanism, the cluster sum-rate is expressed as follows:

Note that the number of elements in M varies depending on the [TeX:] $$\gamma$$ value and it is the main factor to determine the value of (11). Thus, the value of [TeX:] $$\gamma$$ must be chosen carefully. For example, setting a very low [TeX:] $$\gamaa$$ value might allow the malicious device to launch the attack and it results in approaching an almost zero cluster sum-rate. Accordingly, we analyze the expectation of the cluster sum-rate with a defense mechanism and it is summarized in the following theorem.

Theorem 2. For a given N, [TeX:] $$\sigma_h^2$$, and [TeX:] $$\alpha$$, the expectation of the cluster sum-rate with the defense mechanism is derived as (12), shown at the top of the next page where [TeX:] $$\eta=\exp \left(-\frac{1}{\sigma_h^2}\right), \beta=(1+\gamma \rho), \mu=\frac{1+\alpha N}{\alpha \sigma_h^2}$$ and [TeX:] $$E_1(x)=\int_x^{\infty} \frac{\exp (-t)}{t} d t$$

Proof. Using the condition of whether the malicious device is filtered out by (10) or not, and given the number of devices in the D2D cluster (i.e., [TeX:] $$/\mathscr{M}/=k$$), we reformulate (11) into (13), shown at the top of the next page.

To derive the closed-form of (13), we define the probability events as follows:

H : an event that [TeX:] $$/\hat{h}_0/^2 \geq \gamma$$,

[TeX:] $$H^c$$: a complement of H (i.e., [TeX:] $$/\hat{h}_0/^2 \geq \gamma$$),

[TeX:] $$A_K$$ : an event that exactly k out of N devices have their CSI values greater than or equal to [TeX:] $$\gamma$$ (i.e.,[TeX:] $$/\mathscr{M}/=k$$).

Then, the expectation of the cluster sum-rate with the defense mechanism can be derived as follows:

where [TeX:] $$/\bar{h}_n/^2$$ indicate channel gain satisfying condition of [TeX:] $$/h_n/^2 \geq \gamma$$, which follows a truncated exponential distribution, and the second equality holds due to the independence between each probability event. Further, Pr[H], Pr[[TeX:] $$H^c$$], and Pr[[TeX:] $$A_K$$] are obtained as follows:

where we define Pr[[TeX:] $$/\left.h_n\right/^2 \geq \gamma$$] for [TeX:] $$n \in \left{1, \cdots, N\right}$$ as.

Let W denote [TeX:] $$\min _{n \in \mathscr{M}}\left\{\left|\bar{h}_n\right|^2\right\}$$ in (14). If [TeX:] $$|\mathscr{M}|=k \text { and } 0 \in \mathscr{M}$$ (i.e., malicious device is in the D2D cluster), the PDF of W is given by

Otherwise (i.e.,[TeX:] $$|\mathscr{M}|=k \text { and } 0 \notin \mathscr{M}$$), the PDF of W is given by

We can finally obtain (12) by plugging Pr[H] in (15), Pr[[TeX:] $$H^c$$] in (16), Pr[[TeX:] $$A_K$$] in (17), (18), and (19) into (14).

Ⅳ. Numerical Results

In this section, we consider two types of simulation tools: MATLAB^[12] and Simu5G^[13]. First, we verify our analysis on the expectation of cluster sum-rate using simulations with MATLAB. Next, we evaluate the performance of the defense mechanism under the QoS degradation attack using Simu5G, a practical simulation tool that implemented 5G specifications-based protocol stacks.

4.1 Simulations with MATLAB

Fig. 2 shows the cluster sum-rate when we consider different values of a and N, respectively. Fig. 2a shows the cluster sum-rate for different values of [TeX:] $$\alpha$$. We verify that our derivation (indicated by ‘ana’) in (12) correctly matches with the simulation results (indicated by ‘sim’). We observe that the cluster sum-rate decreases when the malicious user aggressively adjusts the forgery factor (i.e., small [TeX:] $$\alpha$$ value) since the CH sets the minimumdata rate for the multicast process based on the minimumvalue of CSI feedback reports. It should be noted that the defense scheme excludes cluster members who meet the requirement in (10), which can reduce the number of multicast devices and thus also decrease the cluster sum-rate. However, we can achieve a better cluster sum-rate if we carefully set threshold value (e.g. [TeX:] $$\gamma =\frac{1}{5} \sigma_h^2$$). Fig. 2b shows the cluster sum-rate for different number of users N in the D2D cluster. The cluster sum-rate increases with an increase in the number of users N in the D2D cluster regardless of the [TeX:] $$\alpha$$ value set by the malicious user. We can achieve a better cluster-sum rate when the defense scheme is employed. It implies that the threshold-based defense scheme filters out the unqualified devices (i.e., devices that fall under the category in (10)) but the cluster sum-rate is expected to increase if we carefully set threshold [TeX:] $$\gamma$$ value, as discussed in Fig. 2a.

4.2 Simulations with Simu5G

Simu5G is a network simulator that incorporates 5G New Radio access technology^[13]. It is based on the OMNet++ framework and allows the simulation of 5G network scenarios so that researchers can benchmark their solutions to an easy-to-use framework.1) It also embeds a possible extension to set up device-to-device (D2D) communication simulations, with a special focus on the main parameters that might affect the performance of the D2D network^[13].

¹⁾ https://github.com/Unipisa/Simu5G

As part of the system-level simulation using Simu5G, we consider a cluster of N = 5 devices leveraging cellular links in order to stream video packets from the server through the base station. Each device is to receive the video based on the device with the worst channel quality indicator (CQI). We manually set two types of CQI value ranges for [0-15] in our simulations as follows: [0-6] and [7-15] to indicate poor and good channel conditions, respectively.

Fig. 3 shows the cluster sum-rate of using Simu5G when the various scenarios are considered. In the “attack” scenario, we consider that the malicious device reports a very low CQI value (i.e., CQI = 4) which drastically reduces the cluster sum-rate as observed from the bar graph. However, the cluster sum-rate can be improved when the defense scheme is implemented (i.e., threshold γ corresponding to CQI = 9). Depending on CQI values to filter out suspected users, the cluster sum-rate can dramatically vary. For example, we can achieve a non-degraded cluster sum-rate in the case of “no attack” (i.e., CQI =15). Note that we do not fully consider incorporating D2D links due to some limitations of Simu5G simulations. However, our simulation is similar to that of the D2D scenario discussed in this paper and advanced simulation results using Simu5G will be studied in depth in our future research.

Ⅴ. Conclusion

In this paper, we investigated a CSI forgery attack, specifically, a QoS degradation attack in a D2D cluster where a malicious user in the cluster intentionally reports an underestimated CSI instead of the original one to the cluster head. We defined the cluster sum rate as our evaluation metric against the QoS degradation attack. We introduced a threshold-based countermeasure commonly used against CSI forgery attacks. Further, we derived the closed-form expression of expectation on the cluster sum-rate. Finally, we verified our mathematical derivations using simulations and evaluated the threshold-based defense mechanism considering 5G protocol-based advanced simulation tools (i.e.,Simu5G).