Physical Layer Authentication Research Articles

Spoof Resilient Coordination in Distributed and Robust Robotic Networks

As cyber–physical networks become increasingly equipped with embedded capabilities, they are made vulnerable to malicious attacks with the increased number of access points available to attackers. A particularly pernicious attack is spoofing, in which a malicious agent spawns multiple identities and can compromise otherwise attack–resilient algorithms that rely on assumed network robustness structures. We generalize a class of resilient consensus strategies, known as weighted mean-subsequence-reduced (W-MSR) consensus, to further provide spoof resilience by incorporating a physical layer authentication. By comparing the physical fingerprints of received signals, legitimate agents can identify and isolate malicious agents that attempt spoofing attacks. A key technical contribution is to quantify worst case misclassification probability using distributionally robust Chebyshev bounds computed via semidefinite programming when the physical fingerprints of received signals are stochastic. Numerical simulations and experimental results illustrate the effectiveness of the proposed methods. Our framework is applicable to a variety of problems involving multirobot systems coordinating via wireless communication.

Privacy Preserving Physical Layer Authentication Scheme for LBS based Wireless Networks

With the fast development in services related to localisation, location-based service (LBS) gains more importance amongst all the mobile wireless services. To avail the service in the LBS system, information about the location and identity of the user has to be provided to the service provider. The service provider authenticates the user based on their identity and location before providing services. In general, sharing location information and preserving the user’s privacy is a highly challenging task in conventional authentication techniques. To resolve these challenges in authenticating the users, retaining users’ privacy, a new SVD (singular value decomposition) based Privacy Preserved Location Authentication Scheme (SPPLAS) has been proposed. In this proposed method, physical layer signatures such as channel state information (CSI) and carrier frequency offset (CFO) are used for generating secret key required for encrypting the user’s location and identity information, and thus encrypted user’s information is sent to service provider for authentication. Secret key is generated by applying SVD on CSI vector. The proposed scheme aids in authenticating the user through location information while protecting the user’s privacy. The performance of the proposed method is evaluated in terms of bit mismatch, leakage and bit error rate performance of receiver and adversary. The simulation results show that the proposed scheme achieves better robustness and security than the existing location-based authentication techniques.

Improving the covertness in the physical-layer authentication

A well-designed Physical-Layer Authentication (PLA) scheme should consider three properties: covertness, robustness, and security. However, the three properties always cause some dilemmas, e.g., higher covertness leading to lower robustness. This paper concerns the problem of improving the covert- ness without sacrificing the robustness. This problem is important because of the following reasons: reducing the errors in recovered source message, improving the security, and ease of constructing a multi-factor authentication system. In this paper, we propose three covert PLA schemes to address the problem. In the first scheme, we improve the covertness by reducing the modification ratio on the source message based on an encoding mechanism. In the second scheme, we improve the covertness by optimizing the superimposing angle, which maximizes the minimum distance between the tagged symbols and the boundary line of the demodulation decision for the source message. In the third scheme, referred to as the hybrid scheme, we further improve the covertness by jointly using the advantages of both the above two schemes. Our experimental results show that when the SNR at a legitimate receiver is 25 dB, as compared with the prior scheme, the first scheme improves the covertness by 17.74%, the second scheme improves the covertness by 28.79%, and the third scheme improves the covertness by 32.09%, while they have similar robustness as that of the prior scheme.

Multiple Correlated Attributes Based Physical Layer Authentication in Wireless Networks

Physical (PHY) layer authentication has been a significant trend towards ensuring the identity security of terminals in wireless networks due to the high security and low complexity. However, the independence assumption of existing literature ignores the inherent correlation of the PHY-layer attributes, which limits its generality. In this paper, we propose a multi-attribute-based PHY-layer authentication scheme by taking the correlation into account. To cope with the exponential growth of computational complexity in correlated analysis, this paper studies the reconstruction and heuristic algorithm to find a suboptimal authentication solution with low complexity. Specific to the inherent volatility nature of the PHY-layer attributes, we propose an unsupervised machine learning (ML) based non-parametric clustering algorithm to enhance the reliability of PHY-layer authentication. Unlike existing PHY-layer authentication schemes based on ML, the proposed PHY-layer authentication scheme does not require any prior information or the training set, which has a more potent universality. Extensive simulations are performed under both synthetic and real data sets, and the figures verify that the proposed authentication scheme can achieve a reliable and robust performance with low complexity.

Physical-Layer Authentication Using Multiple Channel-Based Features

This paper concerns the problem of authenticating the transmitter without a secret key. In comparison with traditional cryptographic-based authentication mechanisms, the Physical-Layer Authentication (PLA) has the following advantages: high security, low complexity, and high compatibility, since it exploits intrinsic and unique features of the physical layer to authenticate the transmitter rather than using a secret key. The prior channel-based PLA schemes use a quantization algorithm to deal with multiple channel-based features for simplicity. However, there are two main limitations in the prior schemes: performance loss due to quantization error and the difficulty of obtaining the optimal thresholds in closed-form. In this paper, we propose two multiple Channel Impulse Response (CIR) based PLA schemes to effectively overcome the aforementioned limitations of the prior schemes. The first scheme uses multiple CIRs to realize the PLA, which is named as the Multiple CIRs PLA (MCP) scheme. The MCP scheme has better authentication performance than the prior schemes, since it avoids to use a quantization algorithm. The second scheme further improves the authentication performance by exploiting the channel correlation coefficient, which is named as the Enhanced Multiple CIRs PLA (EMCP) scheme. We provide rigorous performance analysis of two proposed schemes. We implemented the proposed schemes and conducted extensive performance comparisons through simulations. Our experimental results show that the closed-form expressions of the theoretical results of the proposed schemes perfectly match the corresponding simulation results. The EMCP scheme has the best authentication performance and the MCP scheme is the second one, whereas the prior scheme is the worst one. As the SNR or the channel correlation coefficient declines, the performance gap among various schemes gradually increases.

Secure Physical Layer Transmission and Authentication Mechanism Based on Compressed Sensing of Multiple Antenna Arrays

Large‐scale antenna technology has become one of the most promising technologies in 5G because of its ability to effectively improve the spectral efficiency and energy efficiency of the system, as well as its better robustness. In this paper, a large amount of CSI (channel state information) data is characterized by feature mining and law analysis, and a large number of channel characteristics of the physical layer have the advantages of randomness and uniqueness, etc. From the perspective of improving the security of the authentication mechanism and reducing the computational complexity of the authentication mechanism, the physical layer security authentication model is analyzed, and the signal security transmission path, signal authenticity, and channel estimation are used to propose an effective physical layer secure transmission and authentication mechanism, which can be used as a security enhancement and lightweight authentication mechanism for existing authentication mechanisms. In this paper, we analyze the security advantage mechanism of physical layer authentication and prove the security performance boundary; propose an authentication security enhancement method based on the channel feature generation key, a message authentication method based on superimposed tag signals; and propose a method based on private guide frequency for high‐speed service data authentication.

Differential Contour Stellar-Based Radio Frequency Fingerprint Identification for Internet of Things

Data attacks from illegal access devices of the Internet of Things will cause serious interference and threats to the entire network. It is difficult to ensure the security of the communication system only by relying on traditional application layer password authentication methods. Therefore, it is of great significance to design an effective physical layer authentication system based on radio frequency fingerprints. Regarding the issue above, this paper proposes a novel physical layer authentication method for Internet of Things based on differential contour stellar. Through the test of identification and authentication of 20 WiFi network card devices from same manufacturer, same type and same batch, the recognition accuracy rate can reach 98.6% by the proposed method. The proposed method can improve the effect of radio frequency fingerprint identification from three aspects: i. The differential processing can effectively reduce the negative influence of phase rotation caused by carrier frequency offset and Doppler effects; ii. The color processing can effectively reduce the negative influence of random noise caused by channel noise; iii. It is suitable for processing large-scale networks and the massive data they bring.

Safeguarding Cluster Heads in UAV Swarm Using Edge Intelligence: Linear Discriminant Analysis-Based Cross-Layer Authentication

While the unmanned aerial vehicles (UAVs) swarm travels under a dynamic environment, the cluster head (CH) switching is unavoidable due to the mitigation of mobility, quality of service, and energy consumption. If an attacker becomes the new CH, the entire swarm will be controlled and the sensitive data will be leaked. Unlike the other mobile networks with constant network connectivity, the authentication in the UAV swarm suffers from intermittent connection with the ground station under a hostile environment or spectrum constraint condition. Hence, this paper proposes a novel CH safeguarding mechanism enabled by edge intelligence utilizing a situational-aware authentication scheme. This low-latency mechanism provides extra security at the CH selection and switching without cloud server support. By adopting the unique cross-layer attributes, the system security is significantly improved based on the extracted multi-dimensional information. The Linear Discriminant Analysis (LDA) algorithm fuses the authentication decision accurately by projecting the high dimensional estimations into a low dimensional space for maximum separability by only keeping the necessary attributes. A situation-aware cross-layer attribute selection algorithm is developed to select a minimum number of attributes so that the time required for attribute estimation and computation overhead of authentication can be reduced. The simulation results demonstrate that our scheme performs better under a dynamic environment compared with the physical layer authentication scheme and some existing state-of-the-art authentication techniques.

PERFORMANCE INVESTIGATION OF PHYSICAL LAYER AUTHENTICATION BASED ON STATISTICAL DECISION STRATEGIES

In this paper, physical layer authentication based on the estimated channel state information (CSI) over the subcarriers of wireless orthogonal frequency division multiplexing (OFDM) systems has been studied to provide reliable and augmented authentication solutions for wireless communication devices. The binary hypothesis test with channel-discriminative functions that are based on measuring the difference between channel features and CSI profile clustering is investigated. A comprehensive performance evaluation for the considered channel-discriminative functions in frequency-selective fading channels is presented. Simulation results demonstrated that the security performance depends on the channel frequency selectivity. The decision metrics that measure the difference between the channel features demonstrated improved performance with the increase of channel variation over the subcarriers. In contrast, the CSI profile clustering method exhibited significant degradation in the performance for moderate and severe frequency selectivity conditions. Therefore, for the clustering method the channel fingerprint should be extracted from the neighboring subcarriers, while in other methods the channel features should be extracted from disjoint pilots in order to optimize the security performance over frequency-selective channels.

A Generalizable Model-and-Data Driven Approach for Open-Set RFF Authentication

Radio-frequency fingerprints (RFFs) are promising solutions for realizing low-cost physical layer authentication. Machine learning-based methods have been proposed for RFF extraction and discrimination. However, most existing methods are designed for the closed-set scenario where the set of devices is remains unchanged. These methods can not be generalized to the RFF discrimination of unknown devices. To enable the discrimination of RFF from both known and unknown devices, we propose a new end-to-end deep learning framework for extracting RFFs from raw received signals. The proposed framework comprises a novel preprocessing module, called neural synchronization (NS), which incorporates the data-driven learning with signal processing priors as an inductive bias from communication-model based processing. Compared to traditional carrier synchronization techniques, which are static, this module estimates offsets by two learnable deep neural networks jointly trained by the RFF extractor. Additionally, a hypersphere representation is proposed to further improve the discrimination of RFF. Theoretical analysis shows that such a data-and-model framework can better optimize the mutual information between device identity and the RFF, which naturally leads to better performance. Experimental results verify that the proposed RFF significantly outperforms purely data-driven DNN-design and existing handcrafted RFF methods in terms of both discrimination and network generalizability.

Differential Complex-Valued Convolutional Neural Network-Based Individual Recognition of Communication Radiation Sources

Data assaults from unauthorized access to the Internet of Things will induce severe intrusion and hazard to the whole network. Employing only traditional application layer password authentication approaches cannot guarantee the security of the communication system. Therefore, it is critical to develop a capable and efficient radio frequency fingerprints based physical layer authentication system. To incorporate the domain knowledge in more capable feature extracting and reduce information loss caused by converting RF baseband I/Q signals, we propose a novel differential complex-valued convolutional neural network based individual recognition approach of communication radiation sources in the paper. The proposed method can fully capture the nonlinearity of the RF baseband I/Q signals while decreasing the unfavorable impact of phase rotation induced by carrier frequency offset, which also significantly reduces the required data length of the collected steady-state data transmission section. The recognition performance evaluation on 20 wireless network card devices with duplicate batch, type, and manufacturer shows that the proposed approach has the best recognition performance compared with two conventional approaches whose recognition accuracies are lower than 95%, achieving the total recognition accuracy of 99.7%. Moreover, compared with constellation based approaches, which require at least 5,000 to 10,000 data points as input parameters, the proposed method can reduce the required data length of the collected steady-state data transmission section effectively, which is easier to implement in practical applications.

Channel Prediction and Transmitter Authentication With Adversarially-Trained Recurrent Neural Networks

As wireless communications and interconnected networks become ubiquitous and relied upon, they must also remain secure. Advanced communication systems that use techniques to improve data throughput and minimize latency lend themselves to physical-layer authentication. The stochastic and dynamic nature of the wireless mobile channel provides features that can be extracted through deep learning. We propose a novel method to authenticate transmitters at the physical layer by leveraging channel state information to predict future channel impulse responses. Specifically, we compare the use of recurrent neural networks (RNNs) using long-short term memory (LSTM) and gated recurrent unit (GRU) cells with variations of a conditional generative adversarial network (CGAN) to authenticate transmitters in a mobile environment. Our evaluation shows that standalone RNNs using LSTM and GRU cells are adept at predicting future channel responses, however a CGAN-trained discriminator using GRU cells is able to match the authentication accuracy of a standalone network without using a predefined channel prediction error threshold. Using a discriminator trained by a CGAN with binary cross entropy loss in the discriminator and mean squared error loss in the generator, the neural network was able to authenticate at a 98.5% rate.

Physical layer authentication for automotive cyber physical systems based on modified HB protocol

Automotive cyber physical systems (CPSs) are ever more utilizing wireless technology for V2X communication as a potential way out for challenges regarding collision detection, wire strap up troubles and collision avoidance. However, security is constrained as a result of the energy and performance limitations of modern wireless systems. Accordingly, the need for efficient secret key generation and management mechanism for secured communication among computationally weak wireless devices has motivated the introduction of new authentication protocols. Recently, there has been a great interest in physical layer based secret key generation schemes by utilizing channel reciprocity. Consequently, it is observed that the sequence generated by two communicating parties contain mismatched bits which need to be reconciled by exchanging information over a public channel. This can be an immense security threat as it may let an adversary attain and recover segments of the key in known channel conditions. We proposed Hopper-Blum based physical layer (HB-PL) authentication scheme in which an enhanced physical layer key generation method integrates the Hopper-Blum (HB) authentication protocol. The information collected from the shared channel is used as secret keys for the HB protocol and the mismatched bits are used as the induced noise for learning parity with noise (LPN) problem. The proposed scheme aims to provide a way out for bit reconciliation process without leakage of information over a public channel. Moreover, HB protocol is computationally efficient and simple which helps to reduce the number of exchange messages during the authentication process. We have performed several experiments which show that our proposed design can generate secret keys with improved security strength and high performance in comparison to the current authentication techniques. Our scheme requires less than 55 exchange messages to achieve more than 95% of correct authentication.

A Survey of Physical-Layer Authentication in Wireless Communications

Authentication is an important issue in wireless communications because the open nature of the wireless medium provides more security vulnerabilities. Recently, Physical-Layer Authentication (PLA) attracts many research interests because it provides information-theory security and low complexity. Although many researchers focus on the PLA and exploit its potential in enhancing wireless security, the literature is surprisingly sparse with no comprehensive overview of the state-of-the-art PLA and the key fundamentals involved. Thus, this article provides a detailed survey of features and techniques that can be used in the PLA. We categorize the existing PLA schemes into two categories: passive and active schemes. In the passive schemes, a receiver authenticates the transmitter based on the physical-layer features of the received signals. We further divide the passive schemes into two sub-categories: device-based features and channel-based features. In the active schemes, a transmitter generates a tag based on a secret key and embeds it into a source message. Then, a receiver authenticates the transmitter based on the tag whether it exists in the received signal. We further divide active schemes into two sub-categories: non-covert schemes and covert schemes. Moreover, we also provide some future research directions.

Initial Satellite Access Authentication Based on Doppler Frequency Shift

The future mobile system shall be able to support satellite access to provide an ubiquitous wireless connection service. Satellite communication is vulnerable to spoofing attacks due to the open nature of wireless channels, especially for the downlink satellite system information signalling (SIS) which has not been authenticated yet before initial access. SIS spoofing attacks would cause interferences as well as access failures or even denial of services (DoS) to the legitimate users. Thanks to the knowledge of satellite ephemeris as well as the global navigation satellite system (GNSS), Doppler frequency shift as an available physical attribute can be exploited to identify the source of SIS before the random access procedure. A physical layer authentication (PLA) approach based on Doppler frequency shift is proposed to determine whether the received SIS is from the legitimate communication satellite. Simulations show that the performance of the proposed method outperforms the channel state information (CSI) based PLA scheme.

Physical Layer Authentication for 5G Communications: Opportunities and Road Ahead

Resorting to the exploitation of physical attributes, physical-layer authentication (PLA) is a promising technology to supplement and enhance current cryptography-based security mechanisms in wireless communications. in the fifth-generation (5G) communications, many disruptive technologies spring up, such as millimeter-wave communication (mmWave), massive multiple-input and multiple-output (MiMO) and non-orthogonal- multiple-access (NOMA). PLA schemes in 5G networks are facing challenges while exposed to opportunities at the same time. This article seeks to identify the critical technology gaps as well as the feasible enablers in terms of the unique characteristics of 5G networks. The investigation consists of four hierarchical parts. in the first section, existing PLA schemes are reviewed, and the corresponding challenges are discussed in the next section. in the third section, we investigate potential enablers based on the unique characteristics of 5G networks and provide three corresponding PLA case studies. Open problems and research directions on PLA for 5G and beyond are discussed in the last section, including waveform design, feature learning, mobile users, and terahertz communications.

Rollout algorithm for light‐weight physical‐layer authentication in cognitive radio networks

Cognitive radio networks (CRNs) are vulnerable to spoofing attacks due to their wireless and cognitive nature. Since the traditional cryptographic authentication can hardly prevent such attacks in CRNs, the physical-layer authentication has been investigated for recent years. To achieve a light-weight physical-layer authentication, a rollout partially observable Markov decision process-based algorithm, named RoPOMDP, is proposed in this study. In general, RoPOMDP formulates the physical-layer authentication as a zero-sum game, based on which a hypothesis test upon channel vectors is developed. That allows us to design the gains for both spoofers and receivers based on Bayesian risks for the game, in which the spoofing attack probability is predicted by a non-linear function approximation utilising v-support vector regression. Then, a RoPOMDP is employed to estimate the optimal threshold for the test statistic such that spoofing attacks can be detected. The theoretical analysis and simulations indicate that: (i) RoPOMDP improves the spoofing detection accuracy; (ii) as a light-weight algorithm, the complexity of RoPOMDP is lower than contemporary ones.

Pilot-Based Physical-Layer Authentication with High Covertness

This article concerns the problem of generating an appropriate tag for the covert Physical-Layer Authentication (PLA) schemes. This problem is important because an inappropriate tag introduces the following limitations: low covertness, low robustness, high complexity, and security vulnerabilities to active attacks. In this article, we compare the performance of two ways of generating an appropriate tag in prior covert schemes: message-based and pilot-based. Then, we propose an enhanced Pilot-based Covert (PC) scheme that not only effectively defends against replay attacks but also overcomes the limitations of prior covert schemes. Our experimental results show that the enhanced PC scheme has better covertness and robustness than both the Message-based Covert (MC) and PC schemes for defending against an impersonation attack. Moreover, both the enhanced PC and MC schemes have much better robustness than the PC scheme for defending against a replay attack but the enhanced PC scheme has a lower store requirement than the MC scheme.

An area based physical layer authentication framework to detect spoofing attacks

In this paper, we propose an area-oriented authentication framework, which aims to provide a light-weight first authentication by reducing the complexity in acquiring and maintaining many different reference vectors as in the traditional one-by-one authentication framework. Under the proposed framework, we first derive the missing detection probability and the false alarm probability, respectively. Then we quantitatively evaluate the average risks that a spoofer is successfully detected or a legitimate user is falsely alarmed, at any position in a certain area. And correspondingly three kinds of areas are defined as the clear area where the spoofers prefer not to attack, the danger area where the spoofers have pretty high probabilities to attack successfully, and the warning area where the legitimate users are much likely to be falsely reported as attackers. These results depict the security situation distribution of a region, and provide useful insights for network operators to take proper following strategies. Finally, simulations are given to verify our analytical derivations and show the impacts of system parameters.

Comparison of Statistical and Machine Learning Techniques for Physical Layer Authentication

In this paper we consider authentication at the physical layer, in which the authenticator aims at distinguishing a legitimate supplicant from an attacker on the basis of the characteristics of a set of parallel wireless channels, which are affected by time-varying fading. Moreover, the attacker's channel has a spatial correlation with the supplicant's one. In this setting, we assess and compare the performance achieved by different approaches under different channel conditions. We first consider the use of two different statistical decision methods, and we prove that using a large number of references (in the form of channel estimates) affected by different levels of time-varying fading is not beneficial from a security point of view. We then consider classification methods based on machine learning. In order to face the worst case scenario of an authenticator provided with no forged messages during training, we consider one-class classifiers. When instead the training set includes some forged messages, we resort to more conventional binary classifiers, considering the cases in which such messages are either labelled or not. For the latter case, we exploit clustering algorithms to label the training set. The performance of both nearest neighbor (NN) and support vector machine (SVM) classification techniques is evaluated. Through numerical examples, we show that under the same probability of false alarm, one-class classification (OCC) algorithms achieve the lowest probability of missed detection when a small spatial correlation exists between the main channel and the adversary one, while statistical methods are advantageous when the spatial correlation between the two channels is large.