Abstract
Multiuser MIMO (MU-MIMO) networks rely on Channel State Information (CSI) feedback from clients to the access point to enable spatial multiplexing. In the 802.11ac standard, this feedback is transmitted in plaintext — a design choice that creates exploitable security vulnerabilities.
This work demonstrates two novel attacks exploiting unprotected CSI feedback: a sniff attack that uses intercepted CSI to eavesdrop on other users' transmissions, and a power attack that manipulates CSI to force the AP into suboptimal beam-forming, degrading throughput for targeted users. We also propose efficient defenses that protect CSI integrity without degrading network performance.
Key Contributions
- First analysis of security vulnerabilities in plaintext CSI feedback in MU-MIMO (802.11ac).
- Sniff attack: intercept CSI to eavesdrop on co-scheduled MU-MIMO transmissions.
- Power attack: forge CSI to disrupt beam-forming and degrade victim throughput.
- Lightweight defense mechanisms that preserve network performance while protecting CSI.
BibTeX
@inproceedings{tung2014csisec,
title = {Vulnerability and Protection of Channel State Information in Multiuser MIMO Networks},
author = {Tung, Yu-Chih and Han, Sihui and Chen, Dongyao and Shin, Kang G.},
booktitle = {Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS)},
year = {2014},
publisher = {ACM}
}