Search papers, labs, and topics across Lattice.
This paper introduces BFIAttack, a novel attack that exploits beamforming feedback information (BFI) to reconstruct channel state information (CSI) of legitimate users, thereby compromising Wi-Fi physical-layer security. The attack uses closed-form CSI reconstruction for single-antenna stations and maximum likelihood estimation for multi-antenna stations, further refining the reconstructed CSI using spatial similarities among antenna pairs. Experiments demonstrate a high attack success rate, reaching 73% in multi-antenna scenarios within five attempts and exceeding 93% in single-antenna scenarios with a single attempt.
Wi-Fi physical-layer security, thought to be robust, crumbles with a simple beamforming feedback exploit, achieving up to 93% attack success rates.
With the rapid evolution of wireless technologies, Wi-Fi has expanded beyond its original role in data transmission to support various emerging applications, particularly in physical-layer security, including device authentication, user authentication, and secret key generation. Despite extensive research on Wi-Fi Channel State Information (CSI)-based physical-layer security, its vulnerabilities remain largely unexplored. In this work, we propose BFIAttack, a novel attack that exploits Beamforming Feedback Information (BFI) to reconstruct the CSI of a legitimate user or device, thereby compromising Wi-Fi-based physical-layer security. We realize the attack by leveraging a closed-form CSI reconstruction method for the single-antenna station scenario and a maximum likelihood estimation-based CSI reconstruction for the multi-antenna station scenario. Moreover, we exploit spatial similarities among antenna pairs to refine the reconstructed CSI and enhance attack effectiveness. Experimental results show that BFIAttack achieves an average attack success rate of $73\%$ in multi-antenna station scenarios with no more than five attack attempts, and over $93\%$ in single-antenna station scenarios with only a single attempt. BFIAttack reveals critical vulnerabilities in existing Wi-Fi-based physical-layer security.
