Jammer detection by random pilots in massive mimo spatially uncorrelated rician channels

Jammer Detection by Random Pilots in Massive MIMO Spatially Uncorrelated Rician Channels Jammer Detection by Random Pilots in Massive MIMO Spatially uncorrelated Rician Channels Giang Quynh Le Vu Facu[.]

Jammer Detection by Random Pilots in Massive MIMO Spatially-uncorrelated Rician Channels

Giang Quynh Le Vu

Faculty of Information Technology

National Academy of Education Management

Hanoi, Vietnam

Email: quynhgiang81@gmail.com

Hung Tran Faculty of Computer Science Phenikaa University Hanoi, Vietnam Email: hung.tran@phenikaa-uni.edu.vn

Kien Trung Truong Undergraduate Faculty Fulbright University Vietnam

Ho Chi Minh city, Vietnam Email: kien.truong@fulbright.edu.vn

Abstract—Pilot contamination is a major problem affecting

the secrecy capacity of communication systems The jammer

is difficult to detect This issue is also linked to numerous

research projects In this study, the authors propose a pilot

attack detection method with a high detection probability and

a reduced false-alarm probability in Massive MIMO

Spatially-uncorrelated Rician Channels

Index Terms—Massive MIMO, physical layer security, Rician

fading, eavesdropper detection, jammer detection

I INTRODUCTION Massive Multiple-Input Multiple-Output (MIMO) is a

sig-nificant transmission technology used in both 5th Generation

(5G) New Radio (NR) networks and 6th Generation (6G)

networks [?], [1]–[4] In such systems, a base station (BS)

with a higher number of antennas simultaneously supports

one or more antenna users Previous research has shown that

if the number of antennas at the base station is big enough, the

channels between the BS and the users are orthogonal to each

other under certain situations, but this does not negate the

im-pacts of noise and co-channel interference This orthogonality

of the transmission channels, in particular, makes Massive

MIMO systems with Rayleigh fading extremely safe at the

physical layer [5], [6] Unauthorized devices can influence

the security, integrity, and availability of information in ways

(passive eavesdropper and jammer) because of the features of

the radio environment These ways show up in the following

studies: [5], [7]–[11] Eavesdroppers and jammers use pilot

contamination as one way of listening to and trying to decode

the transmitter’s signal This has a negative influence on

legal communication networks, even disrupting them The

detection jammers in Massive MIMO uncorrelated Rician

fading channels were the subject of this study It should

be noted that practically all prior studies of systems with

one passive eavesdropper assumed Rayleigh fading channels

Because they incorporate a Line-Of-Sight component, the

Rician fading channels in this study are theoretically more

generic than the Rayleigh fading channels [12] In [13], [14]

the authors provided the analysis of the secrecy capacity

analysis of the point-to-point transmission systems with a

finite number of antennas In [15] We, also investigated a

way for detecting the existence of Eavesdropper, who induced

channel estimation jamming utilizing the contamination pilot

training approach Different from the methods in [7], [15] where only two pilots are selected as N-PSK, in this study

we use the method of randomly selecting a pair of pilots from a set of pilots which is phase-shift keying N-PSK This choice makes it difficult for jammers to correctly predict the user’s pilots and pretend to be the user This makes it easy for the system to detect jammers and reduces the false-alarms probability As pilot symbols that are transmitted by random,

we use phase-shift keying (N -PSK) Jammer’s existence was detected in the scalar product between the received vectors The remainder of this paper is organized as follows Section

I is Introduction II introduces the system model We present

a detection procedure based on random training pilots in the presence of received noise, as well as the construction of detection regions, in Section III The simulation results are presented in Section IV, and the paper is wrapped up in Section V

Notation: a is scalar, a is vector, A is matrix, [A]i,jrepresents (i, j), AH, is Hermitian matrix transposed, E[˙] is main value

II SYSTEMMODEL

We study a network with a single-cell single-user massive multiple-input multiple-output (MIMO) system where a base station A communicates with a legitimate user terminal B

in the presence of an illegitimate user terminal J, also known as a jammer, as illustrated in Fig 1 For notation convenience, denote X = {B, J}, which is the index set

of user terminals The base station A is equipped with M antennas, where M ≫ 2, while both the user terminals are single antenna Assume the system operates in the half-duplex time division half-duplexing (TDD) mode, where the base station and the user terminals cannot transmit and receive

at the same time Moreover, the uplink transmission and the downlink transmission happen in the same frequency

We assume frequency-flat block-fading channel model where channel coefficients keep unchanged during the duration of each radio frame and change independently frame-by-frame Let hX,k ∈ CM ×1 be the uplink channel coefficient vector from user terminal X ∈ X to base station A during radio frame k Assume that channel reciprocity is perfect, thus

hH X,k∈ C1×Mis the downlink channel coefficient vector from the base station to user terminal X ∈ X

Fig 1 A diagram depicting the geometry of the investigated system model,

in which a base station A connects with a legitimated user terminal B and

illegal user terminal J.

We assume that the transmission between the legitimate

user B and the base station is perfectly frame synchronized

This means that the base station knows exactly the position of

training symbols in the uplink radio frame Denote Kk be the

index set of those symbols in radio frame k Obtaining

accu-rate channel state information is crucial for the base station to

perform data detection and to design downlink beamforming

vectors Thus, one of the most effective strategy for the

illegit-imate user terminal J to attack the legitillegit-imate communication

is to contaminate the uplink training phase Let S be the set of

all possible pilot symbols for uplink training In practice, for

most standardized wireless applications, the pilot set S used

by legitimate user terminals are often explicitly specified in

the technical specifications In the paper, we assume that S

is a N -PSK alphabet with N possible symbols defined as

S = {ejm2π/N

: m ∈ Z, 0 ≤ m ≤ (N − 1)}

Denote pX as the transmit power of user terminal X ∈ X

during the training period Assume that pX remains constant

over many frames In training symbol ℓ ∈ Kk, we assume

that legitimate user terminal B is able to transmit a random

pilot symbol sB,k,ℓ ∈ S in order to make it unpredictable

by illegitimate user terminal J In other words, at any time,

illegitimate user terminal J knows exactly S but it does

not know which pilot symbol is transmitted Thus, one of

the best strategies that illegitimate user terminal J could

do is to transmit a random pilot symbol sJ,k,ℓ ∈ S We

can rewrite sJ,k,ℓ = sJ,k,ℓs∗B,k,ℓsB,k,ℓ = sk,ℓsB,k,ℓ where

sk,ℓ= sJ,k,ℓs∗B,k,ℓ∈ S because sJ,k,ℓ, sB,k,ℓ∈ S

Define αk,ℓ as the indicator parameter such that αk,ℓ = 1

if illegitimate user terminal J transmits in training symbol

ℓ ∈ Kk and that αk,ℓ = 0 if illegitimate user terminal

J does not transmit In other words, pilot contamination

occurs in training symbol ℓ ∈ Kk if and only if αk,ℓ = 1

Denote nk,ℓ ∈ CM ×1 as additive white Gaussian noise at

the base station in the training symbol ℓ ∈ Kk such that

nk,ℓ ∼ CN (0M ×1, σ2IM ×M) Denote yk,ℓ ∈ CM ×1 as the

received training signal in training symbol ℓ ∈ Kk, which is

given by

yk,ℓ=√

pBhB,ksB,k,ℓ+ αk,ℓ

√

pJhJ,ksJ,k,ℓ+ nk,ℓ (1) Let fk,ℓ∈ CM ×1be the equivalent channel coefficient vector, which is defined as

fk,ℓ=√

pBhB,k+ αk,ℓ√

pJhJ,ksk,ℓ (2)

We can rewrite yk,ℓ as

yk,ℓ=fk,ℓsB,k,ℓ+ nk,ℓ (3) Assume that the locations of the base station and the user terminals do not change over many frames For analytical tractability, we assume that the antenna elements of base station A collectively form a Uniform Linear Array (ULA) Denote ¯dA = πdA/λ as the normalized distance between adjacent antennas at the base base station, where dA is the distance between the adjacent antenna elements at base station

A and λ is the wavelength corresponding to the carrier frequency Denote dX, ∀X ∈ X , is the distance from the base station to user terminal X Denote θX ∈ [−π, π], ∀X ∈ X ,

as the angle between the line connecting the base station

to user terminal X and the boresight of the antenna array

of the base station We believe that this system model is

a good starting point for analytical tractability in order to obtain useful insights More complicated models, such as those with a larger number of user terminals and/or with multiple-antenna user terminals, are left for future work Under the assumption of uniformly-linear array (ULA) at the base station, the array response gX ∈ CM ×1 of the channel vector hX,kis independent of radio frame k and is computed as

gX=h1 ej2 ¯dA sin θX · · · ej2 ¯ dA(M −1) sin θX T (4) Note that gHXgX= M, ∀X ∈ X and

gHJ gB=sin(M ¯dA(sin θB− sin θJ))

sin( ¯dA(sin θB− sin θJ)) e

j(M −1) ¯ d A (sin θ B −sin θ J )

(5)

It can be proved that

¯ ψ(θB, θJ) = lim

M →∞

|ψ(θB, θJ, M )|

=

(

1, if sin θB= sin θJ,

In this paper, we assume spatially-uncorrelated Rician fading channels [16] Denote κX as the Rician coefficient and

βXas the large-scale fading coefficient of hX In general, κX

and βX remain constant in many consecutive radio frames

In other words, they are independent of the radio frame index Thus, it is justifiable to assume that κX and βX are known perfectly Define the large-scale fading coefficients

corresponding to the Line-of-Sight (LoS) part and the

Non-Line-of-Sight (NLoS) part of hX,k as

βX,L= κX

κX+ 1βX; βX,N=

1

κX+ 1βX. (9) The channel vector hX,kis decomposed as follows

hX,k=β1/2X,LgX+ βX,N1/2wX,k (10) where βX,L1/2gX ∈ CM ×M is the LoS part and βX,N1/2wX ∈

CM ×M with wX ∼ CN (0M ×1, IM ×M) is the NLoS part

The Rayleigh fading model considered in much related prior

work corresponds to a special case of having no LoS part in

this uncorrelated Rician fading channel model, i.e κX = 0

and hence βX,L = 0 and βX,L = βX for all X ∈ X For

notational convenience and for later comparison purposes, let

the following two subscripts ()Ri and ()Ra indicate the

pa-rameters related to the Rician fading channel model and those

related to the Rayleigh fading channel model, respectively

III PROPOSEDRANDOMPILOTCONTAMINATION

DETECTIONMETHOD

In this section, we propose a new pilot contamination

detection method that takes into account the special

charac-teristics of the Rician channel model We first present how the

detection regions are constructed and the detection algorithm

We then show that the proposed detection method is likely

to take the advantage of the features of the Rician channel

to provide a higher detection probability than the prior work

that only works in the Rayleigh channel model Similarly, let

()Jand ()0indicate the parameters when the illegitimate user

terminal J transmits jamming signals and those when J does

not transmit jamming signals, respectively

A Proposed Metric

We propose a new scalar-valued metric that is defined as

a scaled inner product of the received signals in two random

different training symbols ℓ ∈ Kk and u ∈ Kq as follows

zk,q=√1

My

H k,ℓyq,u (11) Although the proposed metric has a similar expression as the

one proposed in [7] for the Rayleigh channel model, it does

not require that the two training symbols be in the same radio

frame Define sB = s∗B,q,usB,k,ℓ, which is also a N -PSK

symbol because both s∗B,q,u and sB,k,ℓ are N -PSK symbols

For notational convenience, we define

ak,q=√1

Mf

H q,ufk,ℓ (12)

nk,q=√1

H q,unk,ℓ+ nHq,ufk,ℓ+ nHq,unk,ℓ
(13)

By substituting (3) into (11), we obtain

zk,q=ak,qsB+ nk,q (14) Note that (28) can be treated as the input-output relationship

of a single-input single-output (SISO) channel where sBis the

transmitted N -PSK symbol, ak,q is the equivalent complex channel coefficient and nk,q is equivalent noise

Since it is challenging to determine the exact distribution

of nk,q, we adopt the same approach as [7] in which we study its statistical property when M is large enough For

a given realization of the channel vectors and the trans-mitted pilot symbols, both fq,u and fk,ℓ are given Note that nk,q = √1

MyH k,ℓyq,u − ak,qsB, where yk,ℓ and yq,u are two independent Gaussian vectors of size M with the same variance N0IM and means fk,ℓsB,k,ℓ and fq,usB,q,u, respectively It follows that E[nk,q] = 0 It also follows that

nk,qis a sum of M complex-valued normal product Gaussian variables By applying the Lyapunov central limit theorem, we obtain

lim

M →∞

nk,q

σM

d

where σM is defined as below and will be shown later to be finite when M grows very large

σ2M =N0

M ∥fq,u∥2+ ∥fk,ℓ∥2+ M N0
(16)

In other words, when M grows very large, nk,q converges in distribution to a complex-valued Gaussian random variable with mean 0 and variance σM2 Numerical results in [7] showed that this approximation is relatively tight even for the not-so-large number of antennas at the base station M = 5 In general, the effective noise variance σM2 depends on a number

of factors, including the presence of jamming signals, the channel model, and the positions of the two training symbols

B With Jamming Signals When there are jamming signals in both training symbols, i.e αk,ℓ= αq,u= 1 Replacing these values into (16) results

σ2Ri,J,M= N0

M



∥√pBhB,k+√

pJhJ,ksk,ℓ∥2

+ ∥√

pBhB,q+√

pJhJ,qsq,u∥2+ M N0

 (17)

As M grows very large, we have

¯

σRi,J2 = lim

M →∞σRi,J,M2 (18)

= N0



2 ¯βB,k,k+ 2 ¯βJ,k,k+ N0

+ 2 q

¯

βB,k,kβ¯J,k,kψ(θB, θJ)Re{sk,ℓ+ sq,u} (19) The equivalent channel coefficient in this case is given by

aRi,J,k,q =√1

M(

√

pBhB,q+√

pJhJ,qsq,u)H

× (√pBhB,k+√

pJhJ,ksk,ℓ) (20) This parameter depends on whether the two training symbols are in the same radio frame or not It also depends on whether the training symbols guessed by J match with those

transmitted by B, i.e., sq,u= sk,ℓ, or not Define

¯

aRi,J,k,q= lim

M →∞

aRi,J,k,q

√

= ¯βB,k,q+ ¯βJ,k,qs∗q,usk,ℓ

+

q

¯

βB,k,qβ¯J,k,qψ(θB, θJ)(s∗q,u+ sk,ℓ) (22) When sq,u = sk,ℓ, which happens with the probability of

1/N , then ¯aRi,J,k,q is a real-valued scalar value regardless

of the comparison of k and q In this case, it has a high

probability that the contaminated metric zk,qis located within

the circle of radius ¯σRi,J and centered at an N -PSK symbol

scaled by ¯aRi,J,k,q When sq,u ̸= sk,ℓ, which happens with

the probability of (N − 1)/N , then ¯aRi,J,k,q is a

complex-valued scalar In this case, it has a high probability that the

contaminated metric zk,qis located within the circle of radius

¯

σRi,Jand centered at an N -PSK symbol scaled by |¯aRi,J,k,q|

and rotated by a certain angle

C Without Jamming Signals

When the illegitimate user terminal J does not transmit

signals in both training symbols, we have αk,ℓ = αq,u = 0

Denote σ20,M as the corresponding value of σ2M Replacing

αk,ℓ= αq,u = 0 into (16) and (12), we obtain

aRi,0,k,q= √1

Mh

H B,qhB,k, (23)

σ2Ri,0,M= N0

M pB∥hB,k∥2+ pB∥hB,q∥2+ M N0
(24)

For notational convenience, we define for all X ∈ X

¯

βX,k,q =

(

pXβX, if k = q,

pXβX,L, otherwise (25) Using the properties of the Rician channel model provided in

Section II and after some manipulation, we obtain

¯

aRi,0,k,q= lim

M →∞

|aRi,0,k,q|

√

M = ¯βB,k,q (26)

¯

σ2Ri,0= lim

M →∞σ2Ri,0,M= N0 2 ¯βB,k,k+ N0
(27)

While ¯aRi,0,k,q depends on the positions of the training

symbols, ¯σ2

Ri,0does not

D Proposed Detection Algorithm

Recall that zk,q can be treated as the equivalent received

signal of the SISO channel with the input-output relationship

given in (28) We now construct the detection region based

on the scalar metric zk,qso that the base station could decide

whether an illegitimate user terminal is contaminating the

desired pilots or not Recall that zk,qis the sum of a N -PSK

symbol scaled by aRi,0,k,q and a Gaussian noise with mean

0 and variance σ2

Ri,0,M In general, the base station has not obtained accurate estimates of small-scale fading coefficients

before the training periods This means that it hasn’t known

exactly aRi,0,k,q and σ2

Ri,0,M before the making the decision

on the presence of jamming signals Nevertheless, as the

user terminals do not move in a long enough period, it is

justifiable to assume that the base station could estimate the large-scale fading coefficients βBand βB,Laccurately enough Thus, for a given N -PSK modulation scheme and for a large-enough number of antennas M , we propose the detection regions as the circles of radius ¯σRi,0 with the centers at the scaled N -PSK symbols with the common scaling factor

of √

M ¯aRi,0,k,q In order to reduce the effects of noise on detection accuracy, we also propose that K, where K ≥ 2,

N -PSK pilots are used for jammer detection purpose Based

on these detection regions and the use of K training symbols,

we propose the following detection method

• The base station selects a number of different pairs of training symbols from the K training symbols Note that the maximum number of pairs of training symbols is K(K − 1)/2

• For each pair of training symbols ℓ ∈ Kk and u ∈ Kq, the base station performs the following steps:

– Compute the scalar-valued equivalent received sig-nal zk,q

– Compute dm = |zk,q −√M ¯aRi,0,k,qejm2π/N| for each m ∈ 0, 1, · · · , N − 1 Note that dm can be considered as the distance from the scalar-valued equivalent received signal to the mth scaled N -PSK symbol

– Compute the minimum distance dmin = min0≤m≤(N −1)dm

– If dmin< ¯σRi,0then the base station decides that the training symbols are not contaminated; otherwise, it decides that they are contaminated, i.e there exists

an active illegitimate user terminal

• The base station makes the decision on the existence

of the jamming signals based on the majority of the detection results of the selected pairs

Note that the larger the number of selected pairs, the more accurate the detection decision The benefits, however, comes

at the cost of more overhead and more computational com-plexity Note also that the use of more pairs of training symbols to take the advantage of temporal diversity is one

of the main differences of this paper in relative comparison with prior work, including our own prior work

E Asymptotical Analysis of Detection Probability

In this section, we analyze the detection probability of the proposed method when the number of antennas M at the base station grows very large to obtain insights on the impacts of the channel model By dividing both sides of (28) by ak,q, which is non-zero, we obtain the following processed metric

˜k,q=sB+nk,q

ak,q

The radius of each proposed detection region is proportional

to with DRi,0,k,q= σ

2 Ri,0,k,q

|aRi,0,k,q| 2 In addition, the radius of the circle in which the metric zk,qlies with high probability when there exist jamming signal is proportional to DRi,J,k,q =

σRi,J,k,q2

|aRi,J,k,q| 2 In principle, the detection probability is close

to zero when DRi,J,k,q ≤ DRi,0,k,q and it increases with

the ratio of DRi,J,k,q/DRi,0,k,q when DRi,J,k,q > DRi,0,k,q

Thus, it is desired that DRi,J,k,q/DRi,0,k,q is as large as

possible Notably, we can show that DRi,J,k,q/DRi,0,k,q =

DRi,J,k,k/DRi,0,k,kfor all q This means that the performance

of the proposed approach does not depend on the number of

radio frames containing the two considered training symbols

In other words, the proposed approach allows flexibility and

frequent checking of the existence of jamming signals

IV NUMERICAL RESULTS

We simulate the detection probability and the false-alarm

probability to evaluate the efficiency of our detection scheme

The probability of false alarm is defined as the probability

that jammer is detected because jammer does not exist We

studied a network with only one cell, where the base station

is at the cell’s center and the legitimated user Bob and the

eavesdropper device are randomly across the cell Assuming

the effect of shadowing is ignored, then large-scale fading is

computed as [17]

βX,Y= 32.4 + 10nYlog10(d3D,X) + 20 log10(fc)

where X ∈ X , Y ∈ Y = {L, N}, d3D,X is the distance in

meters from base station to node X in 3-D space,fc = 3.5GHz

is the carrier frequency, nY is the exponential coefficient of

transmission Moreover, we assume that d3D,Xis computed as

follows d3D,X=qd2

2D,X+ (hA− hX)2, where d2D,X is the distance from the base station to the node X in the 2-D space,

hA is height of the base station A, and hX is height of the

node X [17] Suppose hA= 10m and hB = hJ= 1.5m The

paper investigates the urban cell environment, then nL = 2

for LOS and nN = 2.9 for NLOS Follow [17], for UMa

environment then κ measured in dB is a Gaussian random

variable N (9, 3.5) For simplicity, we assume κB = κJ =

9dB We assume that the system works at bandwidth 10MHz

and that the base station transmission power is pd= 43dBm

We assume that the distance between adjacent antennas at the

base station is half wavelength, that is dA= 0.5λ Simulation

results are averaged over 100.000 realizations

First, we consider a simulation scenario where the

illegit-imate user terminal J is 300 meters from the legitillegit-imate user

terminal B The parameters of the Rician channel model is

selected as κB = κJ = 9dB Fig 2 shows the detection

probability as a function of SNR when the base station has

M = 128 antennas and uses 8-PSK pilots As expected,

the probability of detection increases SNR; in the high SNR

domain, detection probability go to 1 Notably, even with a

small number of pilots, e.g K = 5, we have a very high

probability of detecting jammers, much higher than using only

a pair of pilots, i.e K = 2

Figure 3 presents the detection probability as a function of

SNR for a number of N -PSK pilots when the base station has

only M = 64 antennas Notice that the detection probability

also increases with SNR and gets very close to 1 when SNR is

larger than 15dB From this observation, we can conclude that

Fig 2 Detection probability as a function of SNR for M = 128, N = 8 and for different values of K.

Fig 3 Detection probabilities vs SNR for K = 10, M = 64 antennas, and N = 4; 8; 16-PSK

by using a sufficient number of pilots, the base station does not need to use too many antennas for the jammer detection purpose

Figure 4 presents the numerical results of the false-alarm probability as a function of the number of antennas M as the base station when 8-PSK pilots are used at the SNR of 5dB As expected, the false-alarm probability decreases with the number of antennas at the base station Moreover, this result show that the likelihood of false-alarms probability is relatively low when a sufficient number of pilots are used When the number of antennae is big enough, the false-alarm probability rapidly approaches zero This means that

Fig 4 False-alarm probabilities N = 8 PSK , SNR=5; K = 2; 5; 10; 15

the jammer can be detected with very high probability by

using a large number of pilots as well as a large number of

antennas

V CONCLUSION AND FUTURE WORK

We proposed a strategy for detecting the presence of an

illegitimate user terminal based on the use of random PSK

pilots in a massive MIMO system under the assumption of

Rician spatially-uncorrelated channel model We proposed

performance metric that measure a form of correlation

be-tween the received signals in two different training symbols

The main idea for the detection strategy was based on

the analytical results of the differences in the value of the

performance metric when the jamming signal was present

and when it was absent Moreover, our proposed method

could take the advantage of the temporal diversity of training

symbols to reduce the negative effects of noise on detection

accuracy The numerical results showed that the proposed

method could achieve relatively high detection probability and

relatively low false-alarm probability in various simulation

scenarios Suggestions for future work could focus on a

more complicated channel model, such as spatially-correlated

Rician channel model, and/or on the use of other pilot signal

modulations

REFERENCES [1] T L Marzetta, “Noncooperative cellular wireless with unlimited num-bers of base station antennas,” IEEE Trans on Wireless Commun., vol 9, no 11, pp 3590–3600, 2010.

[2] J Zhang, J Fan, B Ai, and D W K Ng, “Noma-based cell-free massive mimo over spatially correlated rician fading channels,” in ICC

2020 - 2020 IEEE International Conference on Communications (ICC),

2020, pp 1–6.

[3] L Sanguinetti, E Bj¨ornson, and J Hoydis, “Toward massive mimo 2.0: Understanding spatial correlation, interference suppression, and pilot contamination,” IEEE Transactions on Communications, vol 68, no 1,

pp 232–257, 2020.

[4] I F Akyildiz, A Kak, and S Nie, “6g and beyond: The future of wireless communications systems,” IEEE Access, vol 8, pp 133 995–

134 030, 2020.

[5] D Kapetanovic, G Zheng, and F Rusek, “Physical layer security for massive MIMO: An overview on passive eavesdropping and active attacks,” IEEE Commun Mag., vol 53, no 6, pp 21–27, 2015 [6] Y Zou, J Zhu, X Wang, and L Hanzo, “A survey on wireless security: Technical challenges, recent advances, and future trends,” Proc of the IEEE, vol 104, no 9, pp 1727–1765, Sep 2016.

[7] D Kapetanovi´c, G Zheng, K Wong, and B Ottersten, “Detection of pilot contamination attack using random training and massive MIMO,”

in Proc of IEEE Int Symp Personal, Indoor, Mobile Radio Commun (PIMRC), Sep 2013, pp 13–18.

[8] T Yang, R Zhang, X Cheng, and L Yang, “Secure massive MIMO under imperfect CSI: Performance analysis and channel prediction,” in IEEE Trans Info Forensics Security, 2018.

[9] X Zhang, D Guo, and K Guo, “Secure performance analysis for multi-pair AF relaying massive MIMO systems in Ricean channels,” IEEE Access, vol 6, pp 57 708–57 720, 2018.

[10] A Mukherjee and A Swindlehurst, “A full-duplex active eavesdropper

in MIMO wiretap channels: Construction and countermeasures,” in Proc IEEE Asilomar Conf on Signals, Systems and Computers, Pacific Grove, U.S.A., Nov 2011, pp 265–269.

[11] D B Rawat, K Neupane, and M Song, “A novel algorithm for secrecy rate analysis in massive MIMO system with target SINR requirements,”

in Proc of IEEE Int Conf Computer Commun (INFOCOM), Apr.

2016, pp 53–58.

[12] O Ozdogan, E Bjornson, and E G Larsson, “Massive MIMO with spatially correlated rician fading channels,” in IEEE Trans Commun., 2018.

[13] G Q L Vu and K T Truong, “Secret capacity of massive mimo with a passive eavesdropper,” Journal of Research and Development

on Information and Communication Technology, vol V-3, no 40, p 1,

12 2018.

[14] C.-Y Yeh and E W Knightly, “Feasibility of passive eavesdropping in massive MIMO: An experimental approach,” in Proc of IEEE Conf Commun Network Security (CNS), Beijing, China, May 2018 [15] G Q Le Vu, T Le Nhat, and K T Truong, “Physical layer security

of massive mimo spatially-uncorrelated rician channels,” in 2021 Inter-national Conference on Advanced Technologies for Communications (ATC), 2021, pp 22–27.

[16] L Sanguinetti, A Kammoun, and M Debbah, “Theoretical perfor-mance limits of massive MIMO with uncorrelated Rician fading chan-nels,” IEEE Trans Commun., 2018.

[17] 3GPP TR 38.901, “Study on channel model for frequencies from 0.5

to 100 GHz,” 3GPP, Technical Report v.15.0.0, Jun 2018.