Transmit Optimization for Symbol-Level Spoofing

Transmit Optimization for Symbol-Level Spoofing

Jie Xu, Lingjie Duan, and Rui Zhang
Part of this paper has been submitted to the IEEE Global Communications Conference (GLOBECOM) workshop on Trusted Communications with Physical Layer Security (TCLPS), Washington, DC USA, December 4-8, 2016 [1].J. Xu is with the School of Information Engineering, Guangdong University of Technology (e-mail: jiexu.ustc@gmail.com). He is also with the Engineering Systems and Design Pillar, Singapore University of Technology and Design.L. Duan is with the Engineering Systems and Design Pillar, Singapore University of Technology and Design (e-mail: lingjie_duan@sutd.edu.sg).R. Zhang is with the Department of Electrical and Computer Engineering, National University of Singapore (e-mail: elezhang@nus.edu.sg). He is also with the Institute for Infocomm Research, A*STAR, Singapore.
Abstract

With recent developments of wireless communication technologies, malicious users can use them to commit crimes or launch terror attacks, thus imposing new threats on the public security. To quickly respond to defend these attacks, authorized parities (e.g., the National Security Agency of the USA) need to intervene in the malicious communication links over the air. This paper investigates this emerging wireless communication intervention problem at the physical layer. Unlike prior studies using jamming to disrupt or disable the targeted wireless communications, we propose a new physical-layer spoofing approach to change their communicated information. Consider a fundamental three-node system over additive white Gaussian noise (AWGN) channels, in which an intermediary legitimate spoofer aims to spoof a malicious communication link from Alice to Bob, such that the received message at Bob is changed from Alice’s originally sent message to the one desired by the spoofer. We propose a new symbol-level spoofing scheme, where the spoofer designs the spoofing signal via exploiting the symbol-level relationship between each original constellation point of Alice and the desirable one of the spoofer. In particular, the spoofer aims to minimize the average spoofing-symbol-error-rate (SSER), which is defined as the average probability that the symbols decoded by Bob fail to be changed or spoofed, by designing its spoofing signals over symbols subject to the average transmit power constraint. By considering two cases when Alice employs the widely-used binary phase-shift keying (BPSK) and quadrature phase-shift keying (QPSK) modulations, we obtain the respective optimal solutions to the two average SSER minimization problems. Numerical results show that the symbol-level spoofing scheme with optimized transmission achieves a much lower average SSER, as compared to other benchmark schemes.

{keywords}

Wireless communication surveillance and intervention, symbol-level spoofing, spoofing-symbol-error-rate (SSER) minimization, power control.

I Introduction

Recent technological advancements have enabled increasing use of infrastructure-free wireless communications. For example, smartphone users can exchange information with each other by exploiting local Wi-Fi and Bluetooth connections, or using the fifth-generation (5G) cellular device-to-device communications; and even unmanned aerial vehicles (UAVs) can directly communicate with nearby ground stations and send back photos and videos in real time. Although these infrastructure-free communication links bring great convenience to our daily lives, they can also be used by malicious users to launch various security attacks. For instance, terrorists can use peer-to-peer Wi-Fi connections to communicate and facilitate terror attacks, and criminals can control UAVs to spy and collect private information from rightful users. As such malicious attacks are launched via infrastructure-free wireless communications, they are difficult to be monitored by solely using existing information surveillance methods that intercept the communication data at the cellular or Internet infrastructures.111See, e.g., the Terrorist Surveillance Program launched by the National Security Agency in the USA at https://nsa.gov1.info/surveillance/. In response to such new threats on public security, authorized parties such as government agencies should develop new approaches to legitimately surveil these suspicious wireless communication links over the air (e.g., via eavesdropping) to detect malicious attacks, and then intervene in them (e.g., via jamming and spoofing) to quickly defend and disable these attacks.

There have been several recent studies in the literature that investigate the surveillance of wireless communications, where authorized parties efficiently intercept suspicious wireless communication links, extract their exchanged data contents, and help identify the malicious wireless communication links to intervene in. Conventionally, the methods for wireless communications surveillance include wiretapping of wireless operators’ infrastructures and installation of monitoring software in smartphones. Recently, over-the-air eavesdropping has emerged as a new wireless communications surveillance method. Among others, passive eavesdropping (see, e.g., [2]) and proactive eavesdropping [3, 4, 5, 6] are two approaches implemented at the physical layer, in which authorized parties can deploy dedicated wireless monitors to overhear the targeted wireless communications, especially the infrastructure-free ones.

Efficient surveillance can help detect and identify malicious users and their communications. After that, authorized parties need to quickly respond and defend them via wireless communication intervention. For example, the security agency may need to disrupt, disable, or spoof ongoing terrorists’ communications to prevent terror attacks at the planning stage, and it is also desirable to change the control signal of a malicious UAV to land it in a targeted location and catch it. In the literature, physical-layer jamming (see, e.g., [7, 8, 9, 10, 11, 12, 13, 14]) is one existing approach that can be employed to intervene in malicious communications, though it was originally proposed for military instead of public security applications. In the physical-layer jamming, the jammer sends artificially generated Gaussian noise (so-called “uncorrelated jamming” [7, 8, 9, 10, 11]) or a processed version of the malicious signal (so-called “correlated jamming” [12, 13, 14]) to disrupt or disable the targeted malicious wireless communications. However, jamming the targeted communications at the physical layer is easy to be detected, and may not be sufficient to successfully intervene in malicious activities. This is due to the fact that when the targeted communication continuously fails due to the jamming attack, the malicious users may take counter-measures by changing their communication frequency bands or switching to another way of communications. Thus, we are motivated to study a new wireless communication intervention via spoofing at the physical layer, which can keep the malicious communication but change the communicated information to intervene in.

We investigate the new physical-layer spoofing by considering a fundamental three-node system over additive white Gaussian noise (AWGN) channels. As shown in Fig. 1, an intermediary legitimate spoofer aims to spoof a malicious communication link from Alice to Bob, such that the received message at Bob is changed from Alice’s originally sent message to the one desired by the spoofer. Under this setup, we propose a new symbol-level spoofing approach, in which the spoofer designs the spoofing signals via exploiting the symbol-level relationship between each original constellation point of Alice and the desirable one of the spoofer, so as to optimize the spoofing performance. In particular, we consider two cases when Alice employs the widely-used binary phase-shift keying (BPSK) and quadrature phase-shift keying (QPSK) modulations, respectively.222Note that the symbol-level spoofing approach is extendible to other modulation techniques such as -ary quadrature amplitude modulation (-QAM) and -ary phase shift keying (-PSK) with . Nevertheless, under these modulation techniques, how to design spoofing signals to optimally solve the average SSER minimization problem is generally a more difficult task, since the corresponding SSER functions will become very complicated. The objective of the spoofer is to minimize the average spoofing-symbol-error-rate (SSER), i.e., the average probability that the symbols decoded by Bob fail to be changed as the desirable ones of the spoofer. The main results of this paper are summarized as follows.

• In the BPSK case (with the constellation points being ), the spoofing signals are designed by classifying the symbols into two types. In each of Type-I symbols (see Fig. 2-(a)), where the original constellation point of Alice and the desirable one of the spoofer are identical (both are or ), the spoofing signal is designed to constructively combine with the original signal of Alice at Bob to help improve the decoding reliability against Gaussian noise. In each of Type-II symbols (see Fig. 2-(b)), where the original constellation point of Alice and the desirable one of the spoofer are opposite (one is (or ) but the other is (or )), the spoofing signal is designed to destructively combine with the original signal of Alice at Bob, thus moving the constellation point towards the desirable opposite direction. We minimize the average SSER by optimizing the spoofing signals and their power allocations over Type-I and Type-II symbols at the spoofer, subject to its average transmit power constraint. Although this problem is non-convex, we derive its optimal solution. It is shown that when the transmit power at Alice is low or the spoofing power at the spoofer is high, the spoofer should allocate its transmit power to both Type-I and Type-II symbols. Otherwise, when the transmit power at Alice is high and the spoofing power at the spoofer is low, the spoofer should allocate almost all its transmit power over a certain percentage of Type-II symbols with an “on-off” power control.

• In the QPSK case with the constellation points being with , the symbols are further classified into three types, where in Type-I, Type-II, and Type-III symbols, the original constellation points of Alice and the desirable ones of the spoofer are identical, opposite, and neighboring, respectively, as shown in Fig. 5. For Type-I and Type-II symbols, the spoofing signals are designed to have equal strengths for the real and imaginary components, such that at the receiver of Bob they can be be constructively and destructively combined with the original constellation points by Alice, respectively. For Type-III symbols, the spoofing signals are designed to have independent real and imaginary components. Under such a design, we formulate the average SSER minimization problem by optimizing the spoofing power allocations over symbols, subject to the average transmit power constraint. Though this problem is non-convex and generally difficult, we obtain its optimal solution, motivated by that in the BPSK case.

• Numerical results show that for both BPSK and QPSK cases, the symbol-level spoofing scheme with optimized transmission achieves a much better spoofing performance (in terms of a lower average SSER), as compared to the block-level spoofing benchmark where the spoofer does not exploit the symbol information of Alice, and a heuristically designed symbol-level spoofing scheme.

It is worth noting that in the existing literature there is another type of higher-layer spoofing attack, which can also be utilized for wireless communication intervention (see, e.g., [2, 15, 16, 17]). For example, in the medium access control (MAC) spoofing [15] and Internet protocol (IP) spoofing, a network attacker can hide its true identity and impersonate another user, so as to access the targeted wireless networks. Nevertheless, for these higher-layer spoofing, the network attacker needs to establish new wireless communication links to access the network. In contrast, our proposed symbol-level spoofing is implemented at the physical layer, which can change the communicated information of ongoing malicious wireless communications, thus leading to a quicker response and intervention that is also more likely to be covert.

It is also worth comparing our proposed symbol-level spoofing versus the symbol-level precoding (not for security) in downlink multiuser multi-antenna systems [18, 19]. In the symbol-level precoding, the transmitter designs its precoding vectors by exploiting the symbol-level relationships among the messages to different receivers, such that the constructive part of the inter-channel interference is preserved and exploited and only the destructive part is eliminated. Although the symbol-level spoofing and precoding are based on a similar design principle of exploiting the symbol-level relationship among co-channel signals, they focus on different application scenarios for different purposes, thus requiring different design methods.

The remainder of this paper is organized as follows. Section II introduces the system model and formulates the average SSER minimization problem. Sections III and IV propose the symbol-level spoofing approach and design the spoofing signals and their power allocations for the cases of BPSK and QPSK modulations, respectively. Section V presents numerical results to evaluate the performance of the proposed symbol-level spoofing design as compared to other benchmark schemes. Finally, Section VI concludes the paper.

Ii System Model and Problem Formulation

As shown in Fig. 1, we consider a fundamental three-node system over AWGN channels, where an intermediary legitimate spoofer aims to spoof a malicious wireless communication link from Alice to Bob by changing the communicated data at the Bob side. We consider that the malicious communication employs the BPSK or QPSK modulation techniques, which are most commonly used in existing wireless communication systems. In the th symbol of this block, we denote the transmitted signal by Alice as , where is the transmit power per symbol at Alice, and denotes the message that Alice wants to deliver to Bob. Here, is equally likely chosen from the set of constellation points , where and for the BPSK and QPSK cases, respectively. Therefore, we have .

First, we introduce the receiver model of Bob by considering the case without spoofing. Accordingly, the received signal by Bob in the th symbol is expressed as

 rn=√Pxn+vn, (1)

where denotes the noise at the receiver of Bob, which is an independent and identically distributed (i.i.d.) circularly symmetric complex Gaussian (CSCG) random variable with zero mean and unit variance. Based on the maximum likelihood (ML) detection, the decoded message by Bob is expressed as

 argmins∈M|rn−√Ps|2. (2)

Next, we consider the spoofing strategy employed by the spoofer. It is assumed that the spoofer perfectly knows the transmitted symbol information ’s of Alice. Here, ’s can be practically obtained by the spoofer via efficient eavesdropping or wiretapping beforehand. For example, if Alice is an intermediary node of a multi-hop communication link, then the spoofer can obtain ’s via eavesdropping the previous hops; if Alice gets its transmitted data from the backhaul or infrastructure-based networks, then the spoofer can acquire them via using wiretapping devices to overhear the backhaul communications; and furthermore, the spoofer can even secretly install an interceptor software (e.g., FlexiSPY333See http://www.flexispy.com/.) in the Alice’s device to get ’s. Note that the assumption about the perfect symbol information at the spoofer has been made in the existing correlated jamming literature (see, e.g.,[12, 13]) to improve the jamming performance. We make a similar assumption here for the purpose of characterizing the spoofing performance upper bound, and leave the details about the symbol information acquisition for future work. Based on the information of ’s, the spoofer designs the spoofing signal as in the th symbol (the design details will be provided in the next section). Then, the received signal at Bob is expressed as

 yn=√Pxn+zn+vn. (3)

With the ML detection, the decoded message by Bob is expressed as

 ^xn=argmins∈M|yn−√Ps|2. (4)

The spoofer aims to maximize the opportunity of changing the messages of Alice to be the desirable ones by itself. Let denote the desirable constellation point for the th symbol, which is equally likely chosen from and is independent from the message sent by Alice. Nevertheless, due to the limited spoofing power and receiver noise, it is difficult for the spoofer to ensure that all symbols ’s are successfully changed to be the desirable ’s. In this case, we define the probability of unsuccessful spoofing in any symbol as the SSER, denoted by .444Note that with BPSK, the SSER is equivalent to the spoofing-bit-error-rate (SBER). Then, the objective of the spoofer is to minimize the average SSER, i.e., , where denotes the statistical expectation over all possible symbols. Suppose that the spoofer is constrained by a maximum average transmit power denoted by , i.e., . As a result, the optimization problem of our interest is

 min{zn} En(Pr(^xn≠¯xn)) s.t. En(|zn|2)≤Q. (5)

In the following two sections, we will solve problem (5) by considering the BPSP and QPSK modulations, respectively.

Iii Optimal Symbol-Level Spoofing Design with BPSK Signaling

In this section, we consider the case with BPSK signaling, i.e., . In the following, we first propose the symbol-level spoofing signals design and then optimally solve the average SSER minimization problem (5) in this case.

Iii-a Spoofing Signals Design and Problem Reformulation

To facilitate the description, as shown in the examples in Fig. 2, we classify the symbols over each block into two types as follows based on the relationship between the original constellation point of Alice and the desirable one of the spoofer in each symbol .

• Type-I symbol: The symbol is called a Type-I symbol if and are identical ( or ). We denote the set of all Type-I symbols as .

• Type-II symbol: The symbol is called a Type-II symbol if and are opposite ( and , or and ). We denote the set of all Type-II symbols as .

In the following two propositions, we present the optimal symbol-level spoofing signal design, and obtain the corresponding SSER functions.

Proposition iii.1

Given any Type-I symbol , it is optimal to minimize the conditional SSER by designing aligning with , where denotes the spoofing power for this symbol. Accordingly, is given as

 f1(An)= 12−12erf(√An+√P), (6)

where is the error function defined as

Proof:

See Appendix -A. \qed

Proposition iii.2

Given any Type-II symbol , it is optimal to minimize the conditional SSER by designing opposite to , where denotes the spoofing power for this symbol. Accordingly, is given as

 f2(Bn)= 12−12erf(√Bn−√P). (7)
Proof:

This proposition can be proved by following a similar procedure as for Proposition III.1. Therefore, the details are omitted for brevity. \qed

Propositions III.1 and III.2 are intuitive. In each Type-I symbol, Proposition III.1 shows that the spoofing signal should be designed such that at the receiver of Bob it is constructively combined with the original signal from Alice, thus increasing the received power of the desirable constellation point against Gaussian noise. In each Type-II symbol, Proposition III.2 shows that at the receiver of Bob the spoofing signal should be destructively combined with the original signal from Alice, so as to move the constellation point towards the desirable opposite direction.

Based on these two propositions, the average SSER minimization problem (5) is specified as follows by jointly optimizing the spoofing power ’s over Type-I symbols and ’s over Type-II symbols.

 min{An≥0},{Bn≥0} 12(En∈N1(f1(An))+En∈N2(f2(Bn))) s.t. 12(En∈N1(An)+En∈N2(Bn))≤Q, (8)

where the term follows from the fact that each of the two symbol sets and on average occupies a half of all symbols over each block.

The spoofing power allocation problem (8) is generally non-convex, since the SSER function in the objective is non-convex over (as will be shown next). Therefore, this problem is difficult to solve. In the following, we first show some useful properties of the SSER functions and , and then present the optimal solution to problem (8).

Iii-B Properties of the SSER Functions f1(An) and f2(Bn)

First, we have the following lemma for the SSER function .

Lemma iii.1

is monotonically decreasing and convex over .

Proof:

It is easy to show that over , the first- and second-order derivatives of satisfy that and , respectively. Therefore, this lemma follows. \qed

Next, we study the SSER function .

Lemma iii.2

is monotonically decreasing over . The convexity of is given as follows depending on Alice’s transmit power .

• Alice’s low transmit power regime (i.e., ): is convex over .

• Alice’s high transmit power regime (i.e., ): is first convex over , then concave over , and finally convex over , where the two boundary points are given as

 ζ1 =(√P−√P−22)2, (9) ζ2 =(√P+√P−22)2. (10)
Proof:

See Appendix -B. \qed

In the Alice’s high transmit power regime when , we further have the following property for .

Lemma iii.3

When , there exist two points and with and , such that all the points are above the straight line passing through the two points and .

Proof:

See Appendix -C. \qed

Note that the two points and can be found by using the iterative computation procedure in Appendix -C. Also note that should be strictly positive (though very small in general), since for Type-II symbols and at the zero spoofing power, the marginal SSER with respect to the spoofing power is negative infinity ().

For the purpose of illustration, Fig. 3 shows an example of with , which validates the structural property of in Lemmas III.2 and III.3. It is observed that for Type-II symbols, when the spoofing power is between and , “time-sharing” between the two spoofing powers and can achieve a lower SSER (or equivalently, a better spoofing performance) than using the spoofing power constantly.555By time-sharing, we mean that the spoofer uses the spoofing power for a portion of time, and for the remaining portion of time, where is uniquely chosen such that for any given . This is essential to help derive the optimal power allocation solution to problem (8), as shown next.

Furthermore, Fig. 4 shows the values of , , , and versus the transmit power at Alice. It is observed that as increases, the values of and increase while those of and decrease. When , the value of is observed to be larger than , while is observed to be close to zero (though strictly positive).

Iii-C Optimal Spoofing Power Allocation for Problem (8)

Now, we present the optimal solution to problem (8) by using the properties of and shown above. To help description, we define a new function : when , we define to be equivalent to , i.e., ; while when , we define

 ¯f2(Bn)={f2(Bn),if Bn∈[0,τ1]∪[τ2,+∞)cBn+d,if Bn∈(τ1,τ2), (11)

where and . Here, the points correspond to those on the straight line passing through the two points and . Based on Lemma III.3, it is evident that serves as a lower bound of over , and importantly, is convex over . Accordingly, we define an auxiliary optimization problem

 min{A≥0},{B≥0} 12(f1(A)+¯f2(B)) s.t. A+B≤2Q, (12)

which is convex and whose optimal solution is denoted as and . Here, since the strict equality should hold at the optimality of problem (12), and can be obtained by using a simple bisection search. Note that both and should be strictly positive, which is due to the fact that at the zero spoofing power, the marginal SSERs with respect to the spoofing power are both negative infinity ( and ).

With the help of and , we have the following proposition.

Proposition iii.3

The optimal solution of } to problem (8) is given as and that of is given as follows by considering two cases.

• When and , the spoofer uses time-sharing between the spoofing powers and , i.e., the spoofer sets over a fraction of the symbols in , and over the remaining fraction in , where is uniquely chosen such that .

• Otherwise, it follows that .

Proof:

See Appendix -D. \qed

Therefore, problem (8) is finally solved, and we summarize the algorithm to optimally solve it in Table I.

It is worth emphasizing that Proposition III.3 shows the following interesting optimal spoofing power allocation strategies for the spoofer to minimize the average SSER.

• When the transmit power at Alice is low (i.e., ) or the spoofing power at the spoofer is high (such that ), the spoofer should use the optimized constant transmit power over both Type-I and Type-II symbols. This is due to the fact that both SSER functions and are convex over such regimes.

• When the transmit power at Alice is high (i.e., ) and the spoofing power at the spoofer is low666Indeed, when the spoofing power is sufficiently low such that , the spoofer should instead use constant spoofing power over Type-II symbols. Nevertheless, since is also too small, this case does not happen under practical values of . (such that ), the spoofer focuses its spoofing power over only a certain percentage of Type-II symbols with an “on-off” power control, i.e., the spoofer uses a large spoofing power (i.e., ) over a portion of Type-II symbols, and uses nearly zero spoofing power over the other Type-II symbols. This is due to the fact that the SSER function is non-convex over the regime of , and thus it is beneficial for the spoofer to allocate almost all the power over a limited number of Type-II symbols.

Iv Symbol-Level Spoofing Design with QPSK Signalling

In this section, we consider the case with QPSK signalling, i.e., . We first design the symbol-level spoofing signals and obtain the SSER functions under any given spoofing power, and then solve the average SSER minimization problem (5) in this case.

Iv-a Spoofing Signals Design and Problem Reformulation

Similar to the BPSK case and as illustrated in the example in Fig. 5, we classify the QPSK symbols into three types based on the relationship between the original constellation point of Alice and the desirable one of the spoofer.

• Type-I symbol: The symbol is called a Type-I symbol if and are identical (i.e., ). The set of all Type-I symbols is denoted as .

• Type-II symbol: The symbol is called a Type-II symbol if and are opposite (i.e., ). The set of all Type-II symbols is denoted as .

• Type-III symbol: The symbol is called a Type-III symbol if and are neighboring. The set of all Type-III symbols is denoted as .

Here, Type-I, Type-II, and Type-III symbols on average occupy , , and portions of all symbols, respectively. To facilitate the description, we focus on one particular original constellation point , and consider the desirable constellation point to be , , and , for Type-I, Type-II, and Type-III symbols, respectively. Under each of the three desirable constellation points, we will design the corresponding symbol-level spoofing signal and derive the SSER function under any given spoofing power. Note that the spoofing signals design for other symbols (i.e., Type-I, Type-II, and Type-III symbols other than those in Fig. 5) can be similarly devised to achieve the same SSER functions, and thus is omitted for brevity.

First, consider a particular Type-I symbol with . In this case, the optimal spoofing signal is given in the following proposition.

Proposition iv.1

It is optimal to minimize the conditional SSER by designing , where denotes the given spoofing power for this Type-I symbol. Accordingly, is given as

 g1(An)= 1−(12+12erf(√An/2+√P/2))2. (13)
Proof:

See Appendix -E. \qed

Next, consider a particular Type-II symbol with and . In this case, it is difficult to rigorously derive the optimal spoofing signal design under any values of . Nevertheless, we can provide the optimal spoofing signal in the special case of in the following proposition.

Proposition iv.2

In the case of , it is optimal to minimize the conditional SSER by designing , where denotes the given spoofing power for this Type-II symbol. Accordingly, is given as

 g2(Bn)=1−(12+12erf(√Bn/2−√P/2))2. (14)
Proof:

See Appendix -F. \qed

For the remaining case of , it is difficult to prove the optimality of the spoofing signal design of . Nevertheless, such optimality is observed via extensive simulations. Therefore, we choose for this particular Type-II symbol under any value of , and accordingly, we have the conditional SSER as in (14).

Remark iv.1

From Propositions IV.1 and IV.2, it is observed that the optimally designed spoofing signals for Type-I and Type-II symbols have an equal strength in their respective real and imaginary components, such that at the receiver of Bob they are constructively and destructively combined with the original signals of Alice, respectively. The design of spoofing signals in Type-I and Type-II symbols in the QPSK case is similar to that in the BPSK case (see Propositions III.1 and III.2), but leading to different SSER functions due to their difference in the modulation order.

In addition, consider a particular Type-III symbol with and . In this case, we independently design the real and imaginary components of the spoofing signal, and generally set it to be , where the spoofing power is denoted as . Under such a design, the conditional SSER is expressed as

 g3(CRn,CIn)= 1−(12+12erf(√CRn−√P/2))(12+12erf(√CIn+√P/2)). (15)

Here, the derivation of (15) is based on a similar procedure as in the proof of Propositions IV.1 (see (27)), and thus is omitted for brevity.

By combining the above three types of symbols, the average SSER minimization problem is reformulated as a spoofing power allocation problem among the three types of symbols, given as

 min{An≥0},{Bn≥0},{CRn≥0,CIn≥0} 14En∈N1(g1(An))+14En∈N2(g2(Bn))+12En∈N3(g3(CRn,CIn)) s.t. 14En∈N1(An)+14En∈N2(Bn)+12En∈N3(CRn+CIn)≤Q. (16)

Problem (16) is nonconvex in general and thus difficult to solve. In the following, we show some useful properties of the three SSER functions, to help solve problem (16).

Iv-B Properties of the SSER Functions g1(An), g2(Bn), and g3(CRn,CIn)

In this subsection, we show the monotonic properties and convexities of the three SSER functions.

Lemma iv.1

is monotonically decreasing and convex over .

Proof:

See Appendix -G. \qed

For , it is very difficult for us to rigorously prove its convexity over the whole regime of . We first provide the following lemma to analytically show its convexity under certain regimes, and then remark on its convexity in the general case.

Lemma iv.2

is monotonically decreasing over . The convexity of is given as follows.

• Under any value of , there exists a small but positive , such that is convex over , where with given in (9);

• Under any value of , is convex over , where is given as follows and with given in (10);

 χ2=max⎛⎜ ⎜ ⎜ ⎜ ⎜⎝P,⎛⎜ ⎜ ⎜ ⎜⎝√P+√π2+√(√P+√π2)2−22⎞⎟ ⎟ ⎟ ⎟⎠2⎞⎟ ⎟ ⎟ ⎟ ⎟⎠; (17)
• When , is concave over .

Proof:

See Appendix -H. \qed

Remark iv.2

Note that in Lemma IV.2, we cannot analytically show the convexity of in the regime of , and thus in the whole regime of . Despite this fact, via extensive simulations, we numerically find that has a similar convexity property as in Proposition III.2. That is, under Alice’s low transmit power regime (particularly, when is no larger than a boundary point ), is convex over ; whereas under Alice’s high transmit power regime (when ), there exist two points such that is first convex over , then concave over , and finally convex over . In the latter case, it follows similar to Lemma III.3 that there exist two points and with and , such that all the points are above the straight line passing through the two points and . Note that under any given value of , the values of and can be numerically found by checking the second-order derivatives of ; and baed on them we can obtain and by using a similar procedure as that in Appendix -C.

Next, we consider the SSER function for the Type-III symbols. We rewrite with and . Then we have the following lemma.

Lemma iv.3

is monotonically increasing and concave over . is monotonically increasing over . The convexity of is given as follows depending on Alice’s transmit power .

• Alice’s low transmit power regime (i.e., ): is concave over .

• Alice’s high transmit power regime (i.e., ): is first concave over , then convex over , and finally concave over , where the two boundary points are given as and . Furthermore, there exist two points and with and , such that all the points ’s are below the straight line passing through the two points and .

Proof:

This lemma can be proved following similar procedures as those for Lemmas III.1 and III.2. Therefore, the details are omitted for brevity. \qed

The results in Lemmas IV.2 and IV.3 will play important roles in the design of the spoofing power allocation to solve problem (16), as will be shown next.

Iv-C Spoofing Power Allocation for Problem (16)

In this subsection, we propose the optimal solution to problem (16) by using the properties of the SSER functions shown in the proceeding subsection. First, we define two auxiliary SSER functions for Type-II and Type-III symbols to facilitate the derivation. For Type-II symbols, we define an auxiliary SSER function , where if , we have ; whereas if , it follows that

 (18)

where and . Here, the points correspond to those on the straight line passing through the two points and . Based on Lemma III.3, it is evident that serves as a lower bound of over , and importantly, is convex over .

In addition, we consider Type-III symbols, and define another auxiliary function

 ¯g3(CRn,CIn)=1−¯gR3(CRn)gI3(CIn), (19)

where if , we have ; whereas if , it follows that

 ¯gR3(CRn)={gR3(CRn),if CRn∈[0,^τ1]∪[^τ2,+∞)^cCRn+^d,if CRn∈(^τ1,^τ2), (20)

with and . Here, the points correspond to those on the straight line passing through the two points and . Based on Lemma IV.3, it is evident that serves as an upper bound of over , and accordingly, serves as a lower bound of over . Furthermore, is concave over .

By combining the above discussions for the three types of symbols, we solve problem (16) by solving the following auxiliary problem:

 minA≥0,B≥0,CR≥0,CI≥0 14¯g1(A)+14¯g2(B)+12(1−¯gR3(CR)gI3(CI)) s.t. 14A+14B+12(CR+CI)≤Q. (21)

Note that problem (21) itself is non-convex due to the coupling of and . Nevertheless, under any given , the optimization over , , and becomes a convex optimization problem. As a result, we use a one-dimensional search over , and solve the convex optimization problem in (21) under any given to obtain the optimal , , and . Therefore, problem (21) is optimally solved, for which the corresponding spoofing power allocation solution is denoted as , , , and , respectively. Then we obtain the optimal spoofing signals design for problem (16) as given in the following proposition.

Proposition iv.3

The spoofing power allocation solution of and to problem (16) is given as and , and that of and is given as follows.

• When and , the spoofer uses time-sharing between the spoofing power and , i.e., the spoofer sets over a fraction of the symbols in , and over the remaining fraction in , where is uniquely chosen such that