Session D-1

## MIMO

Conference
2:00 PM — 3:30 PM EDT
Local
May 3 Tue, 2:00 PM — 3:30 PM EDT

### D$$^2$$BF—Data-Driven Beamforming in MU-MIMO with Channel Estimation Uncertainty

Shaoran Li, Nan Jiang, Yongce Chen, Thomas Hou, Wenjing Lou and Weijun Xie (Virginia Tech, USA)

0
Accurate estimation of Channel State Information (CSI) is essential to design MU-MIMO beamforming. However, errors in CSI estimation are inevitable in practice. State-of-the-art works model CSI as random variables and assume certain specific distributions or worst-case boundaries, both of which suffer performance issues when providing performance guarantees to the users. In contrast, this paper proposes a Data-Driven Beamforming (D$$^2$$BF) that directly handles the available CSI data samples (without assuming any particular distributions). Specifically, we employ chance-constrained programming (CCP) to provide probabilistic data rate guarantees to the users and introduce $$\infty$$-Wasserstein ambiguity set to bridge the unknown CSI distribution with the available (limited) data samples. Through problem decomposition and a novel bilevel formulation for each subproblem, we show that each subproblem can be solved by binary search and convex approximation. We also validate that D$$^2$$BF offers better performance than the state-of-the-art approach while meeting probabilistic data rate guarantees to the users.

### M3: A Sub-Millisecond Scheduler for Multi-Cell MIMO Networks under C-RAN Architecture

Yongce Chen, Thomas Hou, Wenjing Lou and Jeffrey Reed (Virginia Tech, USA); Sastry Kompella (Naval Research Laboratory, USA)

0
Cloud Radio Access Network (C-RAN) is a novel centralized architecture for cellular networks. C-RAN can significantly improve spectrum efficiency by performing cooperative signal processing for multiple cells at a centralized baseband unit (BBU) pool. However, a new resource scheduler is needed before we can take advantage of C-RAN's multi-cell processing capability. Under C-RAN architecture, the scheduler must jointly determine RB allocation, MCS assignment, and beamforming matrices for all users under all covering cells. In addition, it is necessary to obtain a scheduling solution within each TTI (at most 1$$~$$ms) to be useful for the frame structure defined by 5G NR. In this paper, we present $$\mathbf M^3$$---a sub-ms scheduler for multi-cell MIMO networks under C-RAN architecture. $$\mathbf M^3$$ addresses the stringent timing requirement through a novel multi-pipeline design that exploits parallelism. Under this design, one pipeline performs a sequence of operations for cell-edge users to explore joint transmission, and in parallel, the other pipeline is for cell-center users to explore MU-MIMO transmission. Experimental results show that $$\mathbf M^3$$ is capable of offering a scheduling solution within 1$$~$$ms for 7 RRHs, 100 users, 100 RBs, and 2$$\times$$12 MIMO. Meanwhile, $$\mathbf M^3$$ provides ~40% throughput gain on average by employing joint transmission.

### MUSTER: Subverting User Selection in MU-MIMO Networks

Tao Hou (University of South Florida, USA); Shengping Bi and Tao Wang (New Mexico State University, USA); Zhuo Lu and Yao Liu (University of South Florida, USA); Satyajayant Misra (New Mexico State University, USA); Yalin E Sagduyu (Intelligent Automation, Inc., USA)

0
Multi-User Multiple-In-Multiple-Out (MU-MIMO), as a key feature in WiFi 5/6 uses a user selection algorithm, based on each user's channel state information (CSI) to schedule transmission opportunities for a group of users to maximize the service quality and efficiency. In this paper, we discover that such an algorithm creates a subtle attack surface for attackers to subvert user selection in MU-MIMO, causing severe disruptions in today's wireless networks. We develop a system, named MU-MIMO user selection strategy inference and subversion (MUSTER) to systematically study the attack strategies and further to seek efficient mitigation. MUSTER is designed to include two major modules: (i) strategy inference, which leverages a new neural group-learning strategy named MC-grouping via combining Recurrent Neural Network (RNN) and Monte Carlo Tree Search (MCTS) to reverse-engineer a user selection algorithm, and (ii) user selection subversion, which proactively fabricates CSI to manipulate user selection results for disruption. Experimental evaluation shows that MUSTER achieves a high accuracy rate around 98.6% in user selection prediction and effectively launches attacks to damage the network performance. Finally, we create a Reciprocal Consistency Checking technique to defend against the proposed attacks to secure MU-MIMO user selection.

### Semi-Online Precoding with Information Parsing for Cooperative MIMO Wireless Networks

Juncheng Wang and Ben Liang (University of Toronto, Canada); Min Dong (Ontario Tech University, Canada); Gary Boudreau (Ericsson, Canada); Hatem Abou-Zeid (University of Calgary, Canada)

1
We consider cooperative multiple-input multiple-output (MIMO) precoding design with multiple access points (APs) assisted by a central controller (CC) in a fading environment. Even though each AP may have its own local channel state information (CSI), due to the communication delay in the backhaul, neither the APs nor the CC has timely global CSI. Under this semi-online setting, our goal is to minimize the accumulated precoding deviation between the actual local precoders executed by the APs and an ideal cooperative precoder based on the global CSI, subject to per-AP transmit power limits. We propose an efficient algorithm, termed Semi-Online Precoding with Information Parsing (SOPIP), which accounts for the network heterogeneity in information timeliness and computational capacity. SOPIP takes advantage of the precoder structure to substantially lower the communication overhead, while allowing each AP to effectively combine its own timely local CSI with the delayed global CSI to enable adaptive precoder updates. We analyze the performance of SOPIP, showing that it has bounded performance gap from an offline optimal solution. Simulation results under typical Long-Term Evolution network settings further demonstrate the substantial performance gain of SOPIP over other centralized and distributed schemes.

###### Session Chair

Dimitrios Koutsonikolas (Northeastern University)

Session D-2

## WiFi

Conference
4:00 PM — 5:30 PM EDT
Local
May 3 Tue, 4:00 PM — 5:30 PM EDT

### Physical-World Attack towards WiFi-Based Behavior Recognition

Jianwei Liu and Yinghui He (Zhejiang University, China); Chaowei Xiao (University of Michigan, ann arbor, USA); Jinsong Han (Zhejiang University & School of Cyber Science and Technology, China); Le Cheng and Kui Ren (Zhejiang University, China)

0
Behavior recognition plays an essential role in numerous behavior-driven applications (e.g., virtual reality and smart home) and even in the security-critical applications (e.g., security surveillance and elder healthcare). Recently, WiFi-based behavior recognition (WBR) technique stands out among many behavior recognition techniques due to its advantages of being non-intrusive, device-free, and ubiquitous. However, existing WBR research mainly focuses on improving the recognition precision, while neglecting the security aspects.
In this paper, we reveal that WBR systems are vulnerable to manipulating physical signals. For instance, our observation shows that WiFi signals can be changed by jamming signals. By exploiting the vulnerability, we propose two approaches to generate physically online adversarial samples to perform untargeted attack and targeted attack, respectively. The effectiveness of these attacks are extensively evaluated over four real-world WBR systems. The experiment results show that our attack approaches can achieve 80% and 60% success rates for untargeted attack and targeted attack in physical world, respectively. We also show that our attack approaches can be generalized to other WiFi-based sensing applications, such as the user authentication.

### Push the Limit of WiFi-based User Authentication towards Undefined Gestures

Hao Kong (Shanghai Jiao Tong University, China); Li Lu (Zhejiang University, China); Jiadi Yu, Yanmin Zhu, Feilong Tang, Yi-Chao Chen and Linghe Kong (Shanghai Jiao Tong University, China); Feng Lyu (Central South University, China)

0
With the development of smart indoor environments, user authentication becomes an essential mechanism to support various secure accesses. Although recent studies have shown initial success on authenticating users with human gestures using WiFi, they rely on predefined gestures and perform poorly when meeting undefined gestures. This work aims to enable WiFi-based user authentication with undefined gestures rather than only predefined gestures, i.e., realizing a gesture-independent user authentication. In this paper, we first explore the physiological characteristics underlying body gestures, and find that the statistical distributions under WiFi signals induced by body gestures could exhibit the invariant individual uniqueness unrelated to specific body gestures. Inspired by this observation, we propose a user authentication system, which utilizes WiFi signals to identify individuals in a gesture-independent manner. Specifically, we design an adversarial learning-based model, which can suppress specific gesture characteristics, and extract invariant individual uniqueness unrelated to specific body gestures, to authenticate users. Extensive experiments in indoor environments show that the proposed system is feasible and effective in gesture-independent user authentication.

### Target-oriented Semi-supervised Domain Adaptation for WiFi-based HAR

Zhipeng Zhou (University of Science and Technology of China, China); Feng Wang (University of Mississippi, USA); Jihong Yu (Beijing Institute of Technology/ Simon Fraser University, China); Ju Ren (Tsinghua University, China); Zhi Wang (Xi'an Jiaotong University, China); Wei Gong (University of Science and Technology of China, China)

0
Incorporating domain adaptation is a promising solution to mitigate the domain shift problem of WiFi-based human activity recognition (HAR). The state-of-the-art solutions, however, do not fully exploit all the data, only focusing either on unlabeled samples or labeled samples in the target WiFi environment. Moreover, they largely fail to carefully consider the discrepancy between the source and target WiFi environments, making the adaptation of models to the target environment with few samples become much less effective. To cope with those issues, we propose a Target-Oriented Semi-Supervised (TOSS) domain adaptation method for WiFi-based HAR that can effectively leverage both labeled and unlabeled target samples. We further design a dynamic pseudo label strategy and an uncertainty-based selection method to learn the knowledge from both source and target environments. We implement TOSS with a typical meta learning model and conduct extensive evaluations. The results show that TOSS greatly outperforms state-of-the-art methods under comprehensive 1 on 1 and multi-source one-shot domain adaptation experiments across multiple real-world scenarios.

### WiRa: Enabling Cross-Technology Communication from WiFi to LoRa with IEEE 802.11ax

Dan Xia, Xiaolong Zheng, Fu Yu, Liang Liu and Huadong Ma (Beijing University of Posts and Telecommunications, China)

1
Cross-Technology Communication (CTC) is an emerging technique that enables direct interconnection among incompatible wireless technologies. Recent work proposes CTC from IEEE 802.11b to LoRa but has a low efficiency due to their extremely asymmetric data rates. In this paper, we propose WiRa that emulates LoRa waveforms with IEEE 802.11ax to achieve an efficient CTC from WiFi to LoRa. By taking advantage of the OFDMA in 802.11ax, WiRa can use only a small Resource Unit (RU) to emulate LoRa chirps and set other RUs free for high-rate WiFi users. WiRa carefully selects the RU to avoid emulation failures and adopts WiFi frame aggregation to emulate the long LoRa frame. We propose a subframe header mapping method to identify and remove invalid symbols caused by irremovable subframe headers in the aggregated frame. We also propose a mode flipping method to solve Cyclic Prefix errors, based on our finding that different CP modes have different and even opposite impacts on the emulation of a specific LoRa symbol. We implement a prototype of WiRa on the USRP platform and commodity LoRa device. The extensive experiments demonstrate WiRa can efficiently transmit complete LoRa frames with the throughput of 40.037kbps and the SER lower than 0.1.