Wavefront Manipulation Attack via Programmable mmWave Metasurfaces: From Theory to Experiments

Abstract

Reconfigurable surfaces enable on-demand manipulation of electromagnetic wave properties in a controllable manner. These surfaces have been shown to enhance mmWave wireless networks in many ways, including blockage recovery. In this paper, we investigate the security vulnerabilities associated with the deployment of reconfigurable surfaces, i.e., an adversary may deploy new rogue surfaces or tamper with already-deployed surfaces to maliciously engineer the reflection pattern. In particular, we introduceMetasurface-enabled Sideband Steering (MeSS), a new metasurface-in-the-middle attack in which the spectral-spatial properties of the reflected wavefront are manipulated such that a concealed sideband channel is created in the spectral domain and steered toward the eavesdropper location, while maintaining the legitimate link toward the victim intact. We fabricate a custom reconfigurable surface prototype and evaluate MeSS through theoretical analysis as well as over-the-air experiments at the 60 GHz band. Our results indicate that MeSS significantly reduces empirical secrecy capacity (up to 81.7%) while leaving a small power penalty at the victim that can be masked under normal channel fluctuations.