Massive multiple-input and multiple-output (massive MIMO) has the potential to thwart passive eavesdropping as the signals transmitted by large antenna arrays become highly focused. Indeed, the impact of passive eavesdropping has been shown to be negligible when the base station (BS) antenna size approaches infinity for Rayleigh channels. In this paper, we experimentally explore eavesdropping in massive MIMO incorporating real-world factors including a limited BS antenna array size, potential correlation in over-the-air channels, and adaptation of modulating and coding schemes (MCS) over a discrete and finite set. Using a 96-antenna ArgosV2 BS, we first explore scaling the array size and identify eavesdropper (Eve) advantages due to channel correlation. We next identify the “MCS saturation regime” as a vulnerability even with high SNR due to limited MCS levels, and thereby demonstrating the need for power control as a counter-strategy, especially considering Eve’s advantages in the over-the-air channels. We further demonstrate Eve’s gain in optimizing her position, not only via being nomadic and searching for the most favorable position, but also via exploiting predictable line-of-sight (LoS) positional vulnerabilities. Specifically, we demonstrate Eve’s advantage by simply sharing the elevation angle with Bob in the LoS scenario. Finally, we examine how Eve’s advantage due to channel correlation scales with more eavesdropping antennas.

中文翻译：

---

大规模 MIMO 中的窃听：新漏洞和对策


随着大型天线阵列传输的信号变得高度集中，大规模多输入和多输出（大规模 MIMO）有可能阻止被动窃听。事实上，当瑞利信道的基站 (BS) 天线尺寸接近无穷大时，被动窃听的影响可以忽略不计。在本文中，我们通过实验探索了大规模 MIMO 中的窃听，其中结合了现实因素，包括有限的 BS 天线阵列尺寸、空中信道中的潜在相关性以及离散和有限集上的调制和编码方案 (MCS) 的自适应。使用 96 天线 ArgosV2 BS，我们首先探索扩展阵列大小并识别由于信道相关性而导致的窃听者 (Eve) 优势。接下来，我们将“MCS 饱和状态”识别为一个漏洞，即使由于 MCS 水平有限而具有高 SNR，因此证明需要将功率控制作为反策略，特别是考虑到 Eve 在无线信道中的优势。我们进一步证明了 Eve 在优化位置方面的收益，不仅通过游牧和寻找最有利的位置，还通过利用可预测的视线 (LoS) 位置漏洞。具体来说，我们通过在视距场景中简单地与 Bob 共享仰角来展示 Eve 的优势。最后，我们研究了 Eve 的优势是如何通过更多的窃听天线来扩展信道相关性的。