Feature-based physical layer authentication (PLA) schemes, using position-specific channel characteristics as identifying features, can provide lightweight protection against impersonation attacks in overhead-limited applications like e.g., mission-critical and low-latency scenarios. However, with PLA-aware attack strategies, an attacker can maximize the probability of successfully impersonating the legitimate devices. In this paper, we provide worst-case detection performance bounds under such strategies for a distributed PLA scheme that is based on the channel-state information (CSI) observed at multiple distributed remote radio-heads. This distributed setup exploits the multiple-channel diversity for enhanced detection performance and mimics distributed antenna architectures considered for 4G and 5G radio access networks. We consider (i) a power manipulation attack, in which a single-antenna attacker adopts optimal transmit power and phase; and (ii) an optimal spatial position attack. Interestingly, our results show that the attacker can achieve close-to-optimal success probability with only statistical CSI, which significantly strengthens the relevance of our results for practical scenarios. Furthermore, our results show that, by distributing antennas to multiple radio-heads, the worst-case missed detection probability can be reduced by 4 orders of magnitude without increasing the total number of antennas, illustrating the superiority of distributed PLA over a co-located antenna setup. 

5G and beyond 5G low power wireless networks make Internet of Things (IoT) and Cyber-Physical Systems (CPS) applications capable of serving massive amounts of devices and machines. Due to the broadcast nature of wireless networks, it is crucial to secure the communication between these devices and machines from spoofing and interception attacks. This paper is concerned with the security of carrier frequency offset (CFO) based continuous physical layer authentication. The interaction between an attacker and a defender is modeled as a dynamic discrete leader-follower game with imperfect information. In the considered model, a legitimate user (Alice) communicates with the defender/operator (Bob) and is authorized by her CFO continuously. The attacker (Eve), by listening/eavesdropping the communication between Alice and Bob, tries to learn the CFO characteristics of Alice and aims to inject malicious packets to Bob by impersonating Alice. First, by showing that the optimal attacker strategy is a threshold policy, an optimization problem of the attacker with exponentially growing action space is reduced to a tractable integer optimization problem with a single parameter, then the corresponding defender cost is derived. Extensive simulations illustrate the characteristics of optimal strategies/utilities of the players depending on the actions, and show that the defender's optimal false positive rate causes attack success probabilities to be in the order of 0.99. The results show the importance of the parameters while finding the balance between system security and efficiency.

Physical layer authentication (PLA) has recently been discussed in the context of URLLC due to its low complexity and low overhead. Nevertheless, these schemes also introduce additional sources of error through missed detections and false alarms. The trade-offs of these characteristics are strongly dependent on the deployment scenario as well as the processing architecture. Thus, considering a feature-based PLA scheme utilizing channel-state information at multiple distributed radio-heads, we study these trade-offs analytically. We model and analyze different scenarios of centralized and decentralized decision-making and decoding, as well as the impacts of a single-antenna attacker launching a Sybil attack. Based on stochastic network calculus, we provide worst-case performance bounds on the system-level delay for the considered distributed scenarios under a Sybil attack. Results show that the arrival-rate capacity for a given latency deadline is increased for the distributed scenarios. For a clustered sensor deployment, we find that the distributed approach provides 23% higher capacity when compared to the centralized scenario.

This paper analyzes the worst-case detection performance of a feature-based physical layer authentication (PLA) scheme subject to optimal multiple-antenna impersonation attacks. The PLA scheme is based on the location-specific channel in the uplink towards a multiple-antenna receiver, and the attacker is using pre-coding with the objective of maximizing the missed detection probability. We solve the optimal attack strategy problem under perfect channel-state information (CSI) at the attacker, imperfect CSI at the attacker, and for a power constrained attacker. As a counter strategy, we propose to reserve a subset of silent receive antennas for reception only, in order to limit the CSI that an attacker can extract from overhearing downlink transmissions. We evaluate the performance under the attack- and counter-strategies, both analytically and for recorded real-world channel traces, and show that the worst-case performance is determined by the feature-energy outside the attacker's channel range and the attack-power constraints. Results indicate that an unconstrained attacker with favorable conditions can achieve a success probability close to 1; however, under more realistic channel constraints, detection performance guarantees in the order of 10(-6) - 10(-4) can be obtained. Moreover, we find that performance can be improved by 1-2 orders of magnitude through the proposed counter strategy.

Recent studies proved that optimized multi-tone signals can significantly enhance the performance of wireless power transfer (WPT) systems. However, optimizing the power allocation for multi-tone signals in order to maximize the efficiency of WPT is a computationally complex task. In this paper, a novel low-complexity algorithm, the truncated maximum-ratio transmission (TMRT) algorithm, for allocating power to multitone signals for WPT is proposed. The algorithm exploits the fact that optimal algorithms tend to allocate power to tones having the strongest channels and no power to weaker channels, and therefore, performs maximum ratio transmission power allocation on the subset of the m strongest channels. In this way, the power allocation problem is reduced to finding the optimal m that maximizes the efficiency. Simulation results confirm that the proposed TMRT algorithm achieves a performance very close to the optimal power allocation, despite its very low complexity, and significantly outperforms other low-complexity solutions.

This paper proposes a new approach for physical layer authentication where transmissions are authenticated based on the single-input/multiple-output channel-states observed at multiple distributed antenna-arrays. The receiver operating characteristics (ROC) are derived in terms of closed form expressions for the false alarm and missed detection probability in order to evaluate the effectiveness compared to single-array authentication. To this end, we study the worst-case missed detection probability based on the optimal attacker position. Finally, we apply our previously developed queueing analytical tools, based on stochastic network calculus, in order to assess the delay performance impacts of the physical layer authentication scheme in a mission-critical communication scenario. Our results show that the distributed approach significantly outperforms single-array authentication in terms of worst-case missed detection probability and that this can help mitigating the delay performance impacts of authentication false alarms.

We study the detection and delay performance impacts of a feature-based physical layer authentication (PLA) protocol in mission-critical machine-type communication (MTC) networks. The PLA protocol uses generalized likelihood-ratio testing based on the line-of-sight (LOS), single-input multiple- output channel-state information in order to mitigate imper- sonation attempts from an adversary node. We study the de- tection performance, develop a queueing model that captures the delay impacts of erroneous decisions in the PLA (i.e., the false alarms and missed detections), and model three different adversary strategies: data injection, disassociation, and Sybil attacks. Our main contribution is the derivation of analytical delay performance bounds that allow us to quantify the delay introduced by PLA that potentially can degrade the performance in mission-critical MTC networks. For the delay analysis, we utilize tools from stochastic network calculus. Our results show that with a sufficient number of receive antennas (approx. 4-8) and sufficiently strong LOS components from legitimate devices, PLA is a viable option for securing mission-critical MTC systems, despite the low latency requirements associated to corresponding use cases. Furthermore, we find that PLA can be very effective in detecting the considered attacks, and in particular, it can significantly reduce the delay impacts of disassociation and Sybil attacks.

Feature-based authentication schemes that verify wireless transmitter identities based on physical-layer features allow for fast and efficient authentication with minimal overhead. Hence, they are interesting to consider for safety-critical applications where low latency and high reliability is required. However, as erroneous authentication decisions will introduce delays, we propose to study the impact of feature-based schemes on the system-level performance. In this paper, we therefore study the queuing performance of a line-of-sight wireless link that employs a feature-based authentication scheme based on the complex channel gain. Using stochastic networks calculus, we provide bounds on the delay performance which are validated by numerical simulations. The results show that the delay and authentication performance is highly dependent on the SNR and Rice factor. However, under good channel conditions, a missed-detection rate of 10(-8) can be achieved without introducing excessive delays in the system.

We study a multi-user up-link scenario where an attacker tries to impersonate the legitimate transmitters. We present a new framework for deriving a posteriori attack probabilities from the channel observations at the access point, which enables fast intrusion detection and authentication at the physical layer and can be exploited to reduce the security overhead by offtoading higher-layer authentication schemes. This is highly relevant for delay-sensitive applications that are targeted in 5G where the security overhead may limit the real-time performance. We take a factor-graph approach that can easily be extended to take into account other features, channel models, and radio access schemes. While related works only consider single-link scenarios, the multi-user approach in this paper allows us to exploit the cross-channel correlation of the large-scale fading parameters that is due to the propagation environment for improving the detection performance. As numerical results show, especially for slowly changing channels with high correlation our approach provides significant performance gains.

Physical layer authentication (PLA) has recently been discussed in the context of URLLC due to its low complexity and low overhead. Nevertheless, these schemes also introduce additional sources of error through missed de- tections and false alarms. The trade-offs of these characteristics are strongly dependent on the deployment scenario as well as the processing architec- ture. Thus, considering a feature-based PLA scheme utilizing channel-state information at multiple distributed radio-heads, we study these trade-offs analytically. We model and analyze different scenarios of centralized and de- centralized decision-making and decoding, as well as the impacts of a single- antenna attacker launching a Sybil attack. Based on stochastic network cal- culus, we provide worst-case performance bounds on the system-level delay for the considered distributed scenarios under a Sybil attack. Results show that the arrival-rate capacity for a given latency deadline is increased for the distributed scenarios. For a clustered sensor deployment, we find that the distributed approach provides 23% higher capacity when compared to the centralized scenario.