RIS-Based Spoofing Design

Updated 31 January 2026

RIS-based spoofing design is a method that uses programmable metasurfaces to alter wireless propagation and mislead radar and ISAC sensing systems.
It employs advanced algorithms such as semidefinite relaxation and deep reinforcement learning to optimize phase shifts for creating decoy echoes while suppressing true target signals.
Empirical tests confirm its effectiveness in producing controlled deceptive signatures under realistic channel conditions, highlighting potential defense countermeasures.

Reconfigurable Intelligent Surface (RIS)-based spoofing design encompasses the systematic manipulation of wireless propagation environments using programmable metasurfaces to actively interfere with or mislead adversarial sensing systems, particularly radar and ISAC (Integrated Sensing and Communication) nodes. By adaptively controlling the phase and/or amplitude of incident electromagnetic waves, RISs can mask true targets, generate deliberate deception (e.g., false angles, Doppler cues), and degrade the efficacy of Maximum Likelihood Estimation (MLE) at hostile sensors. The following sections provide a comprehensive technical exposition of RIS-based spoofing, focusing on theoretical frameworks, algorithmic designs, analytical bounds, and empirical validations as presented in recent literature.

1. System Models and Spoofing Threat Vectors

RIS-based spoofing has been studied in two archetypal threat scenarios:

Target-Covering RIS: An RIS co-located with a valuable object (e.g., vehicle, user equipment) manipulates the reflection such that adversarial radar or RSU (roadside unit) is deceived regarding the object's true AoA, range, or even existence. The RIS aims to eliminate or severely attenuate the true echo while synthesizing a strong decoy from another direction, typically associated with environmental clutter (Wang et al., 2024, Gavras et al., 24 Jan 2026).
Malicious Standalone RIS: An attacker deploys an RIS at a strategic location to superimpose synthetic echoes (by dynamically phase modulating over time and/or frequency) to induce estimation errors in Doppler, angle, and hence position-velocity tracking pipelines of sensing RSUs or radars, possibly even crafting physically plausible spatiotemporal trajectories (Shui et al., 3 May 2025, Shui et al., 25 Aug 2025).

The typical RIS configuration consists of $N$ passive elements (e.g., $N=121$ for $11\times 11$ uniform planar arrays) with independent phase shift control and, in advanced threat models, adjustable update rates for dynamic spoofing.

2. Analytical RIS Kernel Models and Deceptive Scattering

Central to RIS-based spoofing is the formal characterization of how RIS phase profiles map to angular response at a sensing radar/ISAC receiver. The system’s angular kernel can be rigorously linked to the steering vectors of both the RIS and the adversary array. For a monostatic radar setup, the received echo in a direction $\theta$ can be described by kernel functions such as

$y(\theta) = \mathbf{a}_R^H(\theta) \Theta \mathbf{G} \mathbf{s},$

with $\Theta = \operatorname{diag}(e^{j\phi_1},\dots,e^{j\phi_N})$ and $\mathbf{G}$ as the channel matrix. By jointly considering the RIS-to-radar and RIS-to-clutter paths, the echoes from the true target ( $y_t$ ) and decoy ( $y_c$ ) directions can be analytically separated, enabling controllable synthesis of deep nulls (invisibility) and strong side lobes (deceptive peaks) (Wang et al., 2024).

In vehicular ISAC contexts, the RIS can further employ time-varying phase ramps

$\phi_m(t) = 2\pi \tilde{\mu} \lceil t/\Delta T \rceil \Delta T \mod 2\pi,$

superimposing controlled Doppler (velocity) cues into the composite echo, thus enabling manipulation of frequency-domain estimators at RSUs (Shui et al., 3 May 2025).

3. Spoofing Optimization: Problem Formulations and Algorithmic Solutions

RIS-based spoofing is fundamentally framed as a constrained non-convex design problem. A representative formulation for radar spoofing is

$\begin{aligned} & \max_{\boldsymbol{\theta} \in \mathbb{C}^N,\, |\theta_n|=1} && P_c(\boldsymbol{\theta}) \ & \text{s.t.} && P_t(\boldsymbol{\theta}) \leq \gamma, \end{aligned}$

where $P_c$ and $P_t$ denote the received echo powers in the clutter (decoy) and true target directions, respectively, and $\gamma$ is a stealth threshold. After kernel expansion, the objective and constraint reduce to quadratic forms, tractable via semidefinite relaxation (SDR) and solved for optimal or suboptimal RIS phase shifts (Wang et al., 2024).

For ISAC vehicular spoofing, the MDP (Markov Decision Process) framework controls the RIS’ phase shift trajectory $\{\tilde{\mu}_k\}$ over $K$ time slots, constrained by physical plausibility (acceleration, displacement) and the slotwise deception feasibility set $\mathcal{A}_k$ . The attacker’s reward function penalizes trajectories that fail to satisfy spatial-temporal consistency, and solution methods involve deep reinforcement learning with action-masking for only physically valid Doppler shifts (Shui et al., 25 Aug 2025).

The table below summarizes main optimization approaches:

Scenario	Spoofing Objective	Algorithm
Radar deception	Max. decoy echo, null at target	SDR, majorization-minim.
ISAC velocity/angle spoof	Max. MF at false Doppler/AoD	MDP, masked PPO

4. Analytical Bounds, Stealth Criteria, and Robustness Analyses

Proper characterization of RIS deception capability relies on quantifying both pointwise (per-AoA) and integrated (angle-range) nulling. Position-independent placement metrics (e.g., kernel power, decoy placement score) guide the selection of clutter directions that maximize decoy indistinguishability from genuine echoes (Gavras et al., 24 Jan 2026).

For Doppler spoofing, feasibility sets $F_\text{spoof}$ are analytically derived in terms of matched filter output, RIS element count $M$ , and the SNR gap between spoofed peaks and legitimate echoes. The bias induced in MLE estimators for both velocity and angle-of-departure (AoD) is computed exactly, allowing for quantitative risk assessment in ISAC networks. Maximum allowable spoofed velocity errors and AoD estimation errors (up to $14.9$ m/s and $65^\circ$ respectively) are documented in high-fidelity simulations (Shui et al., 3 May 2025).

Stealth optimization involves additional robust design: choosing phase profiles and decoy directions immune to noise and hardware imperfections, as well as dynamically adapting configurations in response to adversary detection capability.

5. Empirical Validation, Performance Trade-offs, and Countermeasures

Extensive simulation and hardware-in-the-loop validations confirm the theoretical capabilities and boundaries of RIS-based spoofing:

For radar spoofing, SDR and low-complexity MM algorithms yield indistinguishable $\overline{P}_C$ (decoy echo) for a fixed $\overline{P}_T \leq \gamma$ , with majorization-minimization achieving real-time performance and random phase configurations yielding negligible spoofing gain (Wang et al., 2024).
In vehicular ISAC, manipulating the RIS enables the adversary to completely override Doppler tracking within 3.1 $^\circ$ beam misalignment, and to construct full fake trajectories over 67+ slots using masked-PPO. Existing clustering-based anomaly detectors are ineffective, but Signal Temporal Logic (STL)-based neuro-symbolic detectors achieve >74% spoof identification while remaining transparent and lightweight (Shui et al., 25 Aug 2025).

Design guidelines include maintaining sufficient angular separation (≥10 $^\circ$ ) between true and decoy directions, moderate clutter distances, large $N$ , and closed-loop adaptation of RIS parameters based on real-time geometric feedback.

Defensive countermeasures cover:

Adaptive null steering toward known RIS hotspots,
Frequent randomization of beam alignment and RIS control schedules,
Multi-domain joint anomaly detection leveraging time-frequency-angle sparsity.

6. Practical Extensions, Limitations, and Research Directions

RIS-based spoofing design generalizes to multiple adversaries, multi-cell ISAC deployments, and complex multi-target clutter environments. Extensions accommodate multi-RIS cooperation, game-theoretic adversarial codebook design, and adversarial machine learning frameworks for both attack and defense (Shui et al., 25 Aug 2025, Gao et al., 2023).

Limitations arise from hardware constraints (control granularity, element coupling), the need for precise channel state information, and high control overhead for dynamic adaptation. Assumptions of the adversary’s ignorance of RIS configuration and perfect decoupling from the legitimate control link may not always hold, motivating the integration of robust artificial noise and risk-sensitive optimization techniques (Rexhepi et al., 21 Apr 2025).

Theoretical gaps remain in fully characterizing the CRB-maximizing and configuration-independent decoying analyses due to limited access to tractable RIS kernel models (Gavras et al., 24 Jan 2026). A plausible implication is that progression in analytical compactness and kernel power analysis will further refine deception capability quantification and robust spoofing placement.

Future research is likely to pursue:

Full-capacity decoy design with physical-layer secrecy constraints,
Multi-objective trade-offs between communication, sensing, and security robustness,
Real-time, low-power implementations of multi-modal RIS spoofing and defense algorithms.

References

"RIS-Enabled Spoofing Against Adversary Sensing: CRB-Maximizing Design and Decoying Analysis" (Gavras et al., 24 Jan 2026)
"Intelligent Reflecting Surface-Aided Radar Spoofing" (Wang et al., 2024)
"Sensing Safety Analysis for Vehicular Networks with Integrated Sensing and Communication (ISAC)" (Shui et al., 3 May 2025)
"Analysis and Detection of RIS-based Spoofing in Integrated Sensing and Communication (ISAC)" (Shui et al., 25 Aug 2025)
"RIS-Assisted Wireless Link Signatures for Specific Emitter Identification" (Gao et al., 2023)
"Blinding the Wiretapper: RIS-Enabled User Occultation in the ISAC Era" (Rexhepi et al., 21 Apr 2025)