In a wireless communication system, a base station normally communicates with multiple users that are attached to it. The base station transmits data to the individual users by scheduling them on the available radio resources such as time slots and frequency bands.
The achievable data rate of a certain user on a certain radio resource depends on the channel of that user on that radio resource. As the radio channel generally varies over time and frequency, it is well-known that the system performance can be greatly improved by scheduling the users according to the channel state information, called dynamic scheduling or adaptive resource allocation.
When the channel state information is available at the transmitter, i.e. the base station, the base station may always schedule the radio resources to the user that has the best channel quality such that the system performance in terms of system data throughput is maximized. This is normally referred to as maximum rate scheduler.
The channel state information is usually provided to the transmitter from the receiver through channel feedback. That is, each user feeds back his channel state information to the base station.
This information which is fed back can be used by an attacker. Hence, an attacker can feed back arbitrary channel state information from an attack user terminal to the base station. For example, the attacker may claim that he always has very good channel, and so the base station that tries to maximize the system data throughput will schedule the attacker much more frequently than other users. Consequently, the other users are scheduled less frequently, resulting in performance degradation.
Different from the maximum rate scheduler, proportional fair scheduler weights the channel qualities of a user on individual radio resources by the average channel quality of that user. Thus, the proportional fair scheduler provides certain fairness among users. However, it only reduces the impact of the attacker but cannot completely prevent the attack.
Furthermore, the attack not only has a negative effect on the user side but also for the operator whose intent usually is to maximize the billing. However, the data throughput is not billed until the receiver acknowledges the successful reception of the data. The attacker could then just avoid the billing by not using the resources which the base station schedules to him. As a result, the billable data throughput is not maximized.
Multiple-input and multiple-output (MIMO) is a technology of using multiple antennas at transmitter and receiver to improve communication performance by utilizing the spatial dimension.
When the base station is equipped with multiple antennas, more than one user can be scheduled simultaneously, i.e. on the same time-frequency resource, and separated in spatial domain, which is known as spatial division multiple access.
When the channel state information is available at the transmitter, i.e. the base station, the performance can be largely improved by using precoding. In precoding, the simultaneous data streams are transmitted with different and appropriate precoder, e.g. antenna weighting vectors, such that the performance such as data throughput is maximized. Generally speaking, when more than one user are simultaneously scheduled, the precoder of each data stream is properly selected to maximize the signal level to the dedicated user and minimize the interference level to the other users.
If two users have similar channels, e.g. their channel spatial correlation is similar, e.g. the spatial correlation between the two users is high or the two users have a similar eigenspace of the channel correlation matrix, a data stream with the precoder that maximizes the signal level to one user necessarily generates high interference to the other. Therefore, it is preferred not to simultaneously schedule these two users.
Hence, the attacker can affect the performance of a particular user, called victim hereafter, by pretending to have a channel which has maximum interference at the victim. For example, the attacker may feed back the same channel state information as the victim. The attacker may get the channel state information of the victim by using the location data of the victim and calculating an estimation of his channel state information based on radio planning tools or measurement data look-up tables, or by overhearing the feedback channel of the victim.
FIG. 1 illustrates one example of such an attack where the attacker is attached to the same base station 1 as the victim. The victim sends channel state information c1 to the base station 1. The attacker pretends to have the same channel as the victim by sending the channel state information c1 to the base station 1, although his real channel state information is c2. The base station 1 concludes from these channel feedback that the victim and the attacker have the same channel and then decides not to schedule them simultaneously. Consequently, the base station 1 schedules the victim less frequently and the throughput of the victim is decreased.
FIG. 2 illustrates another example of such an attack where the victim is attached to base station 1 but the attacker is attached to a different base station 2. Once the attacker knows that the channel state information between the victim and the base station 2 is c1′, he pretends to have the same channel as the victim by sending the channel state information c1′ to the base station 2, although his real channel state information is c2. The base station 2 then maximizes the signal to the attacker assuming it has the channel state information c1, which creates high interference at the victim and the throughput of the victim is decreased.
Note that in case of such an attack the attacker may be only interested in decreasing the throughput of the victim without taking care of its own throughput.
If the users are scheduled based on the proportional fair scheduler, the attempt of the attacker has a limited effect for the case of the attacker and the victim being scheduled by the same base station. However, the attack via base stations in neighboring cells is still possible. Further, the proportional fair scheduler does not maximize the billable system throughput.
One solution which an expert could possibly imagine is to send a precoder matrix codebook index instead of quantized channel state information as the feedback information provided by the users to the base station. However, a closer examination of this solution reveals that it leads to identical problems as described by the feedback of channel state information because the attacker can still use the estimated channel state information at the victim for calculating a codebook index that generates maximum interference. Besides, the attacker can use the overheard precoder index sent by the victim and deduce channel information of the victim.
Therefore, it would therefore be desirable if a mechanism could be provided for preventing such intentional service performance degradation by attackers.