Transmit Optimization for SymbolLevel Spoofing
Abstract
With recent developments of wireless communication technologies, malicious users can use them to commit crimes or launch terror attacks, thus imposing new threats on the public security. To quickly respond to defend these attacks, authorized parities (e.g., the National Security Agency of the USA) need to intervene in the malicious communication links over the air. This paper investigates this emerging wireless communication intervention problem at the physical layer. Unlike prior studies using jamming to disrupt or disable the targeted wireless communications, we propose a new physicallayer spoofing approach to change their communicated information. Consider a fundamental threenode system over additive white Gaussian noise (AWGN) channels, in which an intermediary legitimate spoofer aims to spoof a malicious communication link from Alice to Bob, such that the received message at Bob is changed from Alice’s originally sent message to the one desired by the spoofer. We propose a new symbollevel spoofing scheme, where the spoofer designs the spoofing signal via exploiting the symbollevel relationship between each original constellation point of Alice and the desirable one of the spoofer. In particular, the spoofer aims to minimize the average spoofingsymbolerrorrate (SSER), which is defined as the average probability that the symbols decoded by Bob fail to be changed or spoofed, by designing its spoofing signals over symbols subject to the average transmit power constraint. By considering two cases when Alice employs the widelyused binary phaseshift keying (BPSK) and quadrature phaseshift keying (QPSK) modulations, we obtain the respective optimal solutions to the two average SSER minimization problems. Numerical results show that the symbollevel spoofing scheme with optimized transmission achieves a much lower average SSER, as compared to other benchmark schemes.
Wireless communication surveillance and intervention, symbollevel spoofing, spoofingsymbolerrorrate (SSER) minimization, power control.
I Introduction
Recent technological advancements have enabled increasing use of infrastructurefree wireless communications. For example, smartphone users can exchange information with each other by exploiting local WiFi and Bluetooth connections, or using the fifthgeneration (5G) cellular devicetodevice communications; and even unmanned aerial vehicles (UAVs) can directly communicate with nearby ground stations and send back photos and videos in real time. Although these infrastructurefree communication links bring great convenience to our daily lives, they can also be used by malicious users to launch various security attacks. For instance, terrorists can use peertopeer WiFi connections to communicate and facilitate terror attacks, and criminals can control UAVs to spy and collect private information from rightful users. As such malicious attacks are launched via infrastructurefree wireless communications, they are difficult to be monitored by solely using existing information surveillance methods that intercept the communication data at the cellular or Internet infrastructures.^{1}^{1}1See, e.g., the Terrorist Surveillance Program launched by the National Security Agency in the USA at https://nsa.gov1.info/surveillance/. In response to such new threats on public security, authorized parties such as government agencies should develop new approaches to legitimately surveil these suspicious wireless communication links over the air (e.g., via eavesdropping) to detect malicious attacks, and then intervene in them (e.g., via jamming and spoofing) to quickly defend and disable these attacks.
There have been several recent studies in the literature that investigate the surveillance of wireless communications, where authorized parties efficiently intercept suspicious wireless communication links, extract their exchanged data contents, and help identify the malicious wireless communication links to intervene in. Conventionally, the methods for wireless communications surveillance include wiretapping of wireless operators’ infrastructures and installation of monitoring software in smartphones. Recently, overtheair eavesdropping has emerged as a new wireless communications surveillance method. Among others, passive eavesdropping (see, e.g., [2]) and proactive eavesdropping [3, 4, 5, 6] are two approaches implemented at the physical layer, in which authorized parties can deploy dedicated wireless monitors to overhear the targeted wireless communications, especially the infrastructurefree ones.
Efficient surveillance can help detect and identify malicious users and their communications. After that, authorized parties need to quickly respond and defend them via wireless communication intervention. For example, the security agency may need to disrupt, disable, or spoof ongoing terrorists’ communications to prevent terror attacks at the planning stage, and it is also desirable to change the control signal of a malicious UAV to land it in a targeted location and catch it. In the literature, physicallayer jamming (see, e.g., [7, 8, 9, 10, 11, 12, 13, 14]) is one existing approach that can be employed to intervene in malicious communications, though it was originally proposed for military instead of public security applications. In the physicallayer jamming, the jammer sends artificially generated Gaussian noise (socalled “uncorrelated jamming” [7, 8, 9, 10, 11]) or a processed version of the malicious signal (socalled “correlated jamming” [12, 13, 14]) to disrupt or disable the targeted malicious wireless communications. However, jamming the targeted communications at the physical layer is easy to be detected, and may not be sufficient to successfully intervene in malicious activities. This is due to the fact that when the targeted communication continuously fails due to the jamming attack, the malicious users may take countermeasures by changing their communication frequency bands or switching to another way of communications. Thus, we are motivated to study a new wireless communication intervention via spoofing at the physical layer, which can keep the malicious communication but change the communicated information to intervene in.
We investigate the new physicallayer spoofing by considering a fundamental threenode system over additive white Gaussian noise (AWGN) channels. As shown in Fig. 1, an intermediary legitimate spoofer aims to spoof a malicious communication link from Alice to Bob, such that the received message at Bob is changed from Alice’s originally sent message to the one desired by the spoofer. Under this setup, we propose a new symbollevel spoofing approach, in which the spoofer designs the spoofing signals via exploiting the symbollevel relationship between each original constellation point of Alice and the desirable one of the spoofer, so as to optimize the spoofing performance. In particular, we consider two cases when Alice employs the widelyused binary phaseshift keying (BPSK) and quadrature phaseshift keying (QPSK) modulations, respectively.^{2}^{2}2Note that the symbollevel spoofing approach is extendible to other modulation techniques such as ary quadrature amplitude modulation (QAM) and ary phase shift keying (PSK) with . Nevertheless, under these modulation techniques, how to design spoofing signals to optimally solve the average SSER minimization problem is generally a more difficult task, since the corresponding SSER functions will become very complicated. The objective of the spoofer is to minimize the average spoofingsymbolerrorrate (SSER), i.e., the average probability that the symbols decoded by Bob fail to be changed as the desirable ones of the spoofer. The main results of this paper are summarized as follows.

In the BPSK case (with the constellation points being ), the spoofing signals are designed by classifying the symbols into two types. In each of TypeI symbols (see Fig. 2(a)), where the original constellation point of Alice and the desirable one of the spoofer are identical (both are or ), the spoofing signal is designed to constructively combine with the original signal of Alice at Bob to help improve the decoding reliability against Gaussian noise. In each of TypeII symbols (see Fig. 2(b)), where the original constellation point of Alice and the desirable one of the spoofer are opposite (one is (or ) but the other is (or )), the spoofing signal is designed to destructively combine with the original signal of Alice at Bob, thus moving the constellation point towards the desirable opposite direction. We minimize the average SSER by optimizing the spoofing signals and their power allocations over TypeI and TypeII symbols at the spoofer, subject to its average transmit power constraint. Although this problem is nonconvex, we derive its optimal solution. It is shown that when the transmit power at Alice is low or the spoofing power at the spoofer is high, the spoofer should allocate its transmit power to both TypeI and TypeII symbols. Otherwise, when the transmit power at Alice is high and the spoofing power at the spoofer is low, the spoofer should allocate almost all its transmit power over a certain percentage of TypeII symbols with an “onoff” power control.

In the QPSK case with the constellation points being with , the symbols are further classified into three types, where in TypeI, TypeII, and TypeIII symbols, the original constellation points of Alice and the desirable ones of the spoofer are identical, opposite, and neighboring, respectively, as shown in Fig. 5. For TypeI and TypeII symbols, the spoofing signals are designed to have equal strengths for the real and imaginary components, such that at the receiver of Bob they can be be constructively and destructively combined with the original constellation points by Alice, respectively. For TypeIII symbols, the spoofing signals are designed to have independent real and imaginary components. Under such a design, we formulate the average SSER minimization problem by optimizing the spoofing power allocations over symbols, subject to the average transmit power constraint. Though this problem is nonconvex and generally difficult, we obtain its optimal solution, motivated by that in the BPSK case.

Numerical results show that for both BPSK and QPSK cases, the symbollevel spoofing scheme with optimized transmission achieves a much better spoofing performance (in terms of a lower average SSER), as compared to the blocklevel spoofing benchmark where the spoofer does not exploit the symbol information of Alice, and a heuristically designed symbollevel spoofing scheme.
It is worth noting that in the existing literature there is another type of higherlayer spoofing attack, which can also be utilized for wireless communication intervention (see, e.g., [2, 15, 16, 17]). For example, in the medium access control (MAC) spoofing [15] and Internet protocol (IP) spoofing, a network attacker can hide its true identity and impersonate another user, so as to access the targeted wireless networks. Nevertheless, for these higherlayer spoofing, the network attacker needs to establish new wireless communication links to access the network. In contrast, our proposed symbollevel spoofing is implemented at the physical layer, which can change the communicated information of ongoing malicious wireless communications, thus leading to a quicker response and intervention that is also more likely to be covert.
It is also worth comparing our proposed symbollevel spoofing versus the symbollevel precoding (not for security) in downlink multiuser multiantenna systems [18, 19]. In the symbollevel precoding, the transmitter designs its precoding vectors by exploiting the symbollevel relationships among the messages to different receivers, such that the constructive part of the interchannel interference is preserved and exploited and only the destructive part is eliminated. Although the symbollevel spoofing and precoding are based on a similar design principle of exploiting the symbollevel relationship among cochannel signals, they focus on different application scenarios for different purposes, thus requiring different design methods.
The remainder of this paper is organized as follows. Section II introduces the system model and formulates the average SSER minimization problem. Sections III and IV propose the symbollevel spoofing approach and design the spoofing signals and their power allocations for the cases of BPSK and QPSK modulations, respectively. Section V presents numerical results to evaluate the performance of the proposed symbollevel spoofing design as compared to other benchmark schemes. Finally, Section VI concludes the paper.
Ii System Model and Problem Formulation
As shown in Fig. 1, we consider a fundamental threenode system over AWGN channels, where an intermediary legitimate spoofer aims to spoof a malicious wireless communication link from Alice to Bob by changing the communicated data at the Bob side. We consider that the malicious communication employs the BPSK or QPSK modulation techniques, which are most commonly used in existing wireless communication systems. In the th symbol of this block, we denote the transmitted signal by Alice as , where is the transmit power per symbol at Alice, and denotes the message that Alice wants to deliver to Bob. Here, is equally likely chosen from the set of constellation points , where and for the BPSK and QPSK cases, respectively. Therefore, we have .
First, we introduce the receiver model of Bob by considering the case without spoofing. Accordingly, the received signal by Bob in the th symbol is expressed as
(1) 
where denotes the noise at the receiver of Bob, which is an independent and identically distributed (i.i.d.) circularly symmetric complex Gaussian (CSCG) random variable with zero mean and unit variance. Based on the maximum likelihood (ML) detection, the decoded message by Bob is expressed as
(2) 
Next, we consider the spoofing strategy employed by the spoofer. It is assumed that the spoofer perfectly knows the transmitted symbol information ’s of Alice. Here, ’s can be practically obtained by the spoofer via efficient eavesdropping or wiretapping beforehand. For example, if Alice is an intermediary node of a multihop communication link, then the spoofer can obtain ’s via eavesdropping the previous hops; if Alice gets its transmitted data from the backhaul or infrastructurebased networks, then the spoofer can acquire them via using wiretapping devices to overhear the backhaul communications; and furthermore, the spoofer can even secretly install an interceptor software (e.g., FlexiSPY^{3}^{3}3See http://www.flexispy.com/.) in the Alice’s device to get ’s. Note that the assumption about the perfect symbol information at the spoofer has been made in the existing correlated jamming literature (see, e.g.,[12, 13]) to improve the jamming performance. We make a similar assumption here for the purpose of characterizing the spoofing performance upper bound, and leave the details about the symbol information acquisition for future work. Based on the information of ’s, the spoofer designs the spoofing signal as in the th symbol (the design details will be provided in the next section). Then, the received signal at Bob is expressed as
(3) 
With the ML detection, the decoded message by Bob is expressed as
(4) 
The spoofer aims to maximize the opportunity of changing the messages of Alice to be the desirable ones by itself. Let denote the desirable constellation point for the th symbol, which is equally likely chosen from and is independent from the message sent by Alice. Nevertheless, due to the limited spoofing power and receiver noise, it is difficult for the spoofer to ensure that all symbols ’s are successfully changed to be the desirable ’s. In this case, we define the probability of unsuccessful spoofing in any symbol as the SSER, denoted by .^{4}^{4}4Note that with BPSK, the SSER is equivalent to the spoofingbiterrorrate (SBER). Then, the objective of the spoofer is to minimize the average SSER, i.e., , where denotes the statistical expectation over all possible symbols. Suppose that the spoofer is constrained by a maximum average transmit power denoted by , i.e., . As a result, the optimization problem of our interest is
(5) 
In the following two sections, we will solve problem (5) by considering the BPSP and QPSK modulations, respectively.
Iii Optimal SymbolLevel Spoofing Design with BPSK Signaling
In this section, we consider the case with BPSK signaling, i.e., . In the following, we first propose the symbollevel spoofing signals design and then optimally solve the average SSER minimization problem (5) in this case.
Iiia Spoofing Signals Design and Problem Reformulation
To facilitate the description, as shown in the examples in Fig. 2, we classify the symbols over each block into two types as follows based on the relationship between the original constellation point of Alice and the desirable one of the spoofer in each symbol .

TypeI symbol: The symbol is called a TypeI symbol if and are identical ( or ). We denote the set of all TypeI symbols as .

TypeII symbol: The symbol is called a TypeII symbol if and are opposite ( and , or and ). We denote the set of all TypeII symbols as .
In the following two propositions, we present the optimal symbollevel spoofing signal design, and obtain the corresponding SSER functions.
Proposition iii.1
Given any TypeI symbol , it is optimal to minimize the conditional SSER by designing aligning with , where denotes the spoofing power for this symbol. Accordingly, is given as
(6) 
where is the error function defined as
Proof:
See Appendix A. \qed
Proposition iii.2
Given any TypeII symbol , it is optimal to minimize the conditional SSER by designing opposite to , where denotes the spoofing power for this symbol. Accordingly, is given as
(7) 
Proof:
This proposition can be proved by following a similar procedure as for Proposition III.1. Therefore, the details are omitted for brevity. \qed
Propositions III.1 and III.2 are intuitive. In each TypeI symbol, Proposition III.1 shows that the spoofing signal should be designed such that at the receiver of Bob it is constructively combined with the original signal from Alice, thus increasing the received power of the desirable constellation point against Gaussian noise. In each TypeII symbol, Proposition III.2 shows that at the receiver of Bob the spoofing signal should be destructively combined with the original signal from Alice, so as to move the constellation point towards the desirable opposite direction.
Based on these two propositions, the average SSER minimization problem (5) is specified as follows by jointly optimizing the spoofing power ’s over TypeI symbols and ’s over TypeII symbols.
(8) 
where the term follows from the fact that each of the two symbol sets and on average occupies a half of all symbols over each block.
The spoofing power allocation problem (8) is generally nonconvex, since the SSER function in the objective is nonconvex over (as will be shown next). Therefore, this problem is difficult to solve. In the following, we first show some useful properties of the SSER functions and , and then present the optimal solution to problem (8).
IiiB Properties of the SSER Functions and
First, we have the following lemma for the SSER function .
Lemma iii.1
is monotonically decreasing and convex over .
Proof:
It is easy to show that over , the first and secondorder derivatives of satisfy that and , respectively. Therefore, this lemma follows. \qed
Next, we study the SSER function .
Lemma iii.2
is monotonically decreasing over . The convexity of is given as follows depending on Alice’s transmit power .

Alice’s low transmit power regime (i.e., ): is convex over .

Alice’s high transmit power regime (i.e., ): is first convex over , then concave over , and finally convex over , where the two boundary points are given as
(9) (10)
Proof:
See Appendix B. \qed
In the Alice’s high transmit power regime when , we further have the following property for .
Lemma iii.3
When , there exist two points and with and , such that all the points are above the straight line passing through the two points and .
Proof:
See Appendix C. \qed
Note that the two points and can be found by using the iterative computation procedure in Appendix C. Also note that should be strictly positive (though very small in general), since for TypeII symbols and at the zero spoofing power, the marginal SSER with respect to the spoofing power is negative infinity ().
For the purpose of illustration, Fig. 3 shows an example of with , which validates the structural property of in Lemmas III.2 and III.3. It is observed that for TypeII symbols, when the spoofing power is between and , “timesharing” between the two spoofing powers and can achieve a lower SSER (or equivalently, a better spoofing performance) than using the spoofing power constantly.^{5}^{5}5By timesharing, we mean that the spoofer uses the spoofing power for a portion of time, and for the remaining portion of time, where is uniquely chosen such that for any given . This is essential to help derive the optimal power allocation solution to problem (8), as shown next.
Furthermore, Fig. 4 shows the values of , , , and versus the transmit power at Alice. It is observed that as increases, the values of and increase while those of and decrease. When , the value of is observed to be larger than , while is observed to be close to zero (though strictly positive).
IiiC Optimal Spoofing Power Allocation for Problem (8)
Now, we present the optimal solution to problem (8) by using the properties of and shown above. To help description, we define a new function : when , we define to be equivalent to , i.e., ; while when , we define
(11) 
where and . Here, the points correspond to those on the straight line passing through the two points and . Based on Lemma III.3, it is evident that serves as a lower bound of over , and importantly, is convex over . Accordingly, we define an auxiliary optimization problem
(12) 
which is convex and whose optimal solution is denoted as and . Here, since the strict equality should hold at the optimality of problem (12), and can be obtained by using a simple bisection search. Note that both and should be strictly positive, which is due to the fact that at the zero spoofing power, the marginal SSERs with respect to the spoofing power are both negative infinity ( and ).
With the help of and , we have the following proposition.
Proposition iii.3
The optimal solution of } to problem (8) is given as and that of is given as follows by considering two cases.

When and , the spoofer uses timesharing between the spoofing powers and , i.e., the spoofer sets over a fraction of the symbols in , and over the remaining fraction in , where is uniquely chosen such that .

Otherwise, it follows that .
Proof:
See Appendix D. \qed
1) If , then find the two points and by using the iterative computation procedure in Appendix C. 
2) Construct the new function as in (11), and obtain and by solving problem (12). 
3) Obtain the optimal solution and to problem (8) by Proposition III.3. 
Therefore, problem (8) is finally solved, and we summarize the algorithm to optimally solve it in Table I.
It is worth emphasizing that Proposition III.3 shows the following interesting optimal spoofing power allocation strategies for the spoofer to minimize the average SSER.

When the transmit power at Alice is low (i.e., ) or the spoofing power at the spoofer is high (such that ), the spoofer should use the optimized constant transmit power over both TypeI and TypeII symbols. This is due to the fact that both SSER functions and are convex over such regimes.

When the transmit power at Alice is high (i.e., ) and the spoofing power at the spoofer is low^{6}^{6}6Indeed, when the spoofing power is sufficiently low such that , the spoofer should instead use constant spoofing power over TypeII symbols. Nevertheless, since is also too small, this case does not happen under practical values of . (such that ), the spoofer focuses its spoofing power over only a certain percentage of TypeII symbols with an “onoff” power control, i.e., the spoofer uses a large spoofing power (i.e., ) over a portion of TypeII symbols, and uses nearly zero spoofing power over the other TypeII symbols. This is due to the fact that the SSER function is nonconvex over the regime of , and thus it is beneficial for the spoofer to allocate almost all the power over a limited number of TypeII symbols.
Iv SymbolLevel Spoofing Design with QPSK Signalling
In this section, we consider the case with QPSK signalling, i.e., . We first design the symbollevel spoofing signals and obtain the SSER functions under any given spoofing power, and then solve the average SSER minimization problem (5) in this case.
Iva Spoofing Signals Design and Problem Reformulation
Similar to the BPSK case and as illustrated in the example in Fig. 5, we classify the QPSK symbols into three types based on the relationship between the original constellation point of Alice and the desirable one of the spoofer.

TypeI symbol: The symbol is called a TypeI symbol if and are identical (i.e., ). The set of all TypeI symbols is denoted as .

TypeII symbol: The symbol is called a TypeII symbol if and are opposite (i.e., ). The set of all TypeII symbols is denoted as .

TypeIII symbol: The symbol is called a TypeIII symbol if and are neighboring. The set of all TypeIII symbols is denoted as .
Here, TypeI, TypeII, and TypeIII symbols on average occupy , , and portions of all symbols, respectively. To facilitate the description, we focus on one particular original constellation point , and consider the desirable constellation point to be , , and , for TypeI, TypeII, and TypeIII symbols, respectively. Under each of the three desirable constellation points, we will design the corresponding symbollevel spoofing signal and derive the SSER function under any given spoofing power. Note that the spoofing signals design for other symbols (i.e., TypeI, TypeII, and TypeIII symbols other than those in Fig. 5) can be similarly devised to achieve the same SSER functions, and thus is omitted for brevity.
First, consider a particular TypeI symbol with . In this case, the optimal spoofing signal is given in the following proposition.
Proposition iv.1
It is optimal to minimize the conditional SSER by designing , where denotes the given spoofing power for this TypeI symbol. Accordingly, is given as
(13) 
Proof:
See Appendix E. \qed
Next, consider a particular TypeII symbol with and . In this case, it is difficult to rigorously derive the optimal spoofing signal design under any values of . Nevertheless, we can provide the optimal spoofing signal in the special case of in the following proposition.
Proposition iv.2
In the case of , it is optimal to minimize the conditional SSER by designing , where denotes the given spoofing power for this TypeII symbol. Accordingly, is given as
(14) 
Proof:
See Appendix F. \qed
For the remaining case of , it is difficult to prove the optimality of the spoofing signal design of . Nevertheless, such optimality is observed via extensive simulations. Therefore, we choose for this particular TypeII symbol under any value of , and accordingly, we have the conditional SSER as in (14).
Remark iv.1
From Propositions IV.1 and IV.2, it is observed that the optimally designed spoofing signals for TypeI and TypeII symbols have an equal strength in their respective real and imaginary components, such that at the receiver of Bob they are constructively and destructively combined with the original signals of Alice, respectively. The design of spoofing signals in TypeI and TypeII symbols in the QPSK case is similar to that in the BPSK case (see Propositions III.1 and III.2), but leading to different SSER functions due to their difference in the modulation order.
In addition, consider a particular TypeIII symbol with and . In this case, we independently design the real and imaginary components of the spoofing signal, and generally set it to be , where the spoofing power is denoted as . Under such a design, the conditional SSER is expressed as
(15) 
Here, the derivation of (15) is based on a similar procedure as in the proof of Propositions IV.1 (see (27)), and thus is omitted for brevity.
By combining the above three types of symbols, the average SSER minimization problem is reformulated as a spoofing power allocation problem among the three types of symbols, given as
(16) 
Problem (16) is nonconvex in general and thus difficult to solve. In the following, we show some useful properties of the three SSER functions, to help solve problem (16).
IvB Properties of the SSER Functions , , and
In this subsection, we show the monotonic properties and convexities of the three SSER functions.
Lemma iv.1
is monotonically decreasing and convex over .
Proof:
See Appendix G. \qed
For , it is very difficult for us to rigorously prove its convexity over the whole regime of . We first provide the following lemma to analytically show its convexity under certain regimes, and then remark on its convexity in the general case.
Lemma iv.2
Proof:
See Appendix H. \qed
Remark iv.2
Note that in Lemma IV.2, we cannot analytically show the convexity of in the regime of , and thus in the whole regime of . Despite this fact, via extensive simulations, we numerically find that has a similar convexity property as in Proposition III.2. That is, under Alice’s low transmit power regime (particularly, when is no larger than a boundary point ), is convex over ; whereas under Alice’s high transmit power regime (when ), there exist two points such that is first convex over , then concave over , and finally convex over . In the latter case, it follows similar to Lemma III.3 that there exist two points and with and , such that all the points are above the straight line passing through the two points and . Note that under any given value of , the values of and can be numerically found by checking the secondorder derivatives of ; and baed on them we can obtain and by using a similar procedure as that in Appendix C.
Next, we consider the SSER function for the TypeIII symbols. We rewrite with and . Then we have the following lemma.
Lemma iv.3
is monotonically increasing and concave over . is monotonically increasing over . The convexity of is given as follows depending on Alice’s transmit power .

Alice’s low transmit power regime (i.e., ): is concave over .

Alice’s high transmit power regime (i.e., ): is first concave over , then convex over , and finally concave over , where the two boundary points are given as and . Furthermore, there exist two points and with and , such that all the points ’s are below the straight line passing through the two points and .
Proof:
IvC Spoofing Power Allocation for Problem (16)
In this subsection, we propose the optimal solution to problem (16) by using the properties of the SSER functions shown in the proceeding subsection. First, we define two auxiliary SSER functions for TypeII and TypeIII symbols to facilitate the derivation. For TypeII symbols, we define an auxiliary SSER function , where if , we have ; whereas if , it follows that
(18) 
where and . Here, the points correspond to those on the straight line passing through the two points and . Based on Lemma III.3, it is evident that serves as a lower bound of over , and importantly, is convex over .
In addition, we consider TypeIII symbols, and define another auxiliary function
(19) 
where if , we have ; whereas if , it follows that
(20) 
with and . Here, the points correspond to those on the straight line passing through the two points and . Based on Lemma IV.3, it is evident that serves as an upper bound of over , and accordingly, serves as a lower bound of over . Furthermore, is concave over .
By combining the above discussions for the three types of symbols, we solve problem (16) by solving the following auxiliary problem:
(21) 
Note that problem (21) itself is nonconvex due to the coupling of and . Nevertheless, under any given , the optimization over , , and becomes a convex optimization problem. As a result, we use a onedimensional search over , and solve the convex optimization problem in (21) under any given to obtain the optimal , , and . Therefore, problem (21) is optimally solved, for which the corresponding spoofing power allocation solution is denoted as , , , and , respectively. Then we obtain the optimal spoofing signals design for problem (16) as given in the following proposition.
Proposition iv.3
The spoofing power allocation solution of and to problem (16) is given as and , and that of and is given as follows.

When and , the spoofer uses timesharing between the spoofing power and , i.e., the spoofer sets over a fraction of the symbols in , and over the remaining fraction in , where is uniquely chosen such that