Physical Layer Authentication With Channel Knowledge Maps in Indoor Environments

Physical layer authentication (PLA) allows to authenticate the user by comparing measurements over time, assuming their time consistency or by modeling their evolution. However, these assumptions become problematic when devices are in motion and in indoor environments due to multipath propagation and obstructions. In this paper, we propose a PLA mechanism for moving devices in indoor environments, where multiple access points (APs) estimate the dominant channel tap path loss (PL) and angle of arrival (AoA) from the received signals and compare them with previously collected channel knowledge maps (CKMs). Specifically, the measurements are compared to those in the neighborhood of the previously known position obtained from CKMs. A comprehensive security analysis is conducted under both random and optimal attacks. Numerical results in a representative indoor scenario, with CKM obtained via ray tracing, validate the effectiveness of the proposed PLA approach.

Lightweight Pilot Estimation on LEO Satellite Signals for Enhanced SOP Navigation

The computation of positioning, navigation and timing (PNT) via signal of opportunity (SOP), where signals originally transmitted for communication, such as 5G, Wi-Fi, or DVB-S, are exploited due to their ubiquity and spectral characteristics, is an emerging research field. However, relying on these signals presents challenges, including limited knowledge of the signal modulation and the need to identify recurring sequences for correlation. We offer a guide to implement a receiver capable of capturing broadband downlink Ku-band signals from low Earth orbit (LEO) satellites (e.g., Starlink and OneWeb) and estimating the recurring symbols for SOP measurements. The methodology integrates recent approaches in the literature, highlighting the most effective aspects while guiding the replication of experiments even under limitations on the front-end gain and bandwidth. Using the proposed model, we can identify recurring symbols transmitted by Starlink satellites, which are then used to collect Doppler shift measurements over a 600 s interval. A position, velocity, and time (PVT) solution is also computed via least squares (LS), which achieves a positioning error of approximately 268 m after a post-fit refinement.

Physical Layer-Based Device Fingerprinting for Wireless Security: From Theory to Practice

The identification of the devices from which a message is received is part of security mechanisms to ensure authentication in wireless communications. Conventional authentication approaches are cryptography-based, which, however, are usually computationally expensive and not adequate in the Internet of Things (IoT), where devices tend to be low-cost and with limited resources. This paper provides a comprehensive survey of physical layer-based device fingerprinting, which is an emerging device authentication for wireless security. In particular, this article focuses on hardware impairment-based identity authentication and channel features-based authentication. They are passive techniques that are readily applicable to legacy IoT devices. Their intrinsic hardware and channel features, algorithm design methodologies, application scenarios, and key research questions are extensively reviewed here. The remaining research challenges are discussed, and future work is suggested that can further enhance the physical layer-based device fingerprinting.

Crystal Oscillators in OSNMA-Enabled Receivers: An Implementation View for Automotive Applications

To ensure the authenticity of navigation data, Galileo Open Service navigation message authentication (OSNMA) requires loose synchronization between the receiver clock and the system time. This means that during the period between clock calibrations, the receiver clock error needs to be smaller than a pre-defined threshold, currently up to 165s for OSNMA. On the other hand, relying on the PVT solution to steer the receiver clock or correct its bias may not be possible since this would depend on the very same signals we intend to authenticate. This work aims to investigate the causes of the frequency accuracy loss leading to clock errors and to build a model that, from the datasheet of a real-time clock (RTC) device, allows to bound the error clock during a certain period. The model's main contributors are temperature changes, long-term aging, and offset at calibration, but it includes other factors. We then apply the model to several RTCs from different manufacturers and bound the maximum error for certain periods, with a focus on the two-year between-calibration period expected for the smart tachograph, an automotive application that will integrate OSNMA.

Authentication by Location Tracking in Underwater Acoustic Networks

Physical layer message authentication in underwater acoustic networks (UWANs) leverages the characteristics of the underwater acoustic channel (UWAC) as a fingerprint of the transmitting device. However, as the device moves its UWAC changes, and the authentication mechanism must track such variations. In this paper, we propose a context-based authentication mechanism operating in two steps: first, we estimate the position of the underwater device, then we predict its future position based on the previously estimated ones. To check the authenticity of the transmission, we compare the estimated and the predicted position. The location is estimated using a convolutional neural network taking as input the sample covariance matrix of the estimated UWACs. The prediction uses either a Kalman filter or a recurrent neural network (RNN). The authentication check is performed on the squared error between the predicted and estimated positions. The solution based on the Kalman filter outperforms that built on the RNN when the device moves according to a correlated Gauss-Markov mobility model, which reproduces a typical underwater motion.

Challenge-Response to Authenticate Drone Communications: A Game Theoretic Approach

In this paper, we propose a novel strategy for physical layer authentications based on the challenge-response concept for a transmitting drone (Alice). In a preliminary training phase, Alice moves over several positions, and Bob (either a drone or a ground device) estimates the Alice-Bob channel gains. Then Alice transmits its message from different random positions (challenge) and Bob, upon receiving the messages, authenticates the sender via a log-likelihood test on the estimated channel gains (response). In turn, the intruder Trudy selects random positions on which she transmits messages on behalf of Alice to Bob. In this paper, we design the probability mass distribution of Alice's challenge positions and the Trudy response positions by modeling the problem as a zero-sum game between Bob and Trudy, where the payoff of Trudy is the missed detection probability. Moreover, we propose three different approaches that minimize the energy spent by Alice without sacrificing security, which differ in computational complexity and resulting energy consumption. Finally, we test the proposed technique via numerical simulations, which include a realistic model of both Alice-Bob and Trudy-Bob fading channels, affected by shadowing.

Performance Limits for Signals of Opportunity-Based Navigation

This paper investigates the potential of non-terrestrial and terrestrial signals of opportunity (SOOP) for navigation applications. Non-terrestrial SOOP analysis employs modified Cram\`er-Rao lower bound (MCRLB) to establish a relationship between SOOP characteristics and the accuracy of ranging information. This approach evaluates hybrid navigation module performance without direct signal simulation. The MCRLB is computed for ranging accuracy, considering factors like propagation delay, frequency offset, phase offset, and angle-of-arrival (AOA), across diverse non-terrestrial SOOP candidates. Additionally, Geometric Dilution of Precision (GDOP) and low earth orbit (LEO) SOOP availability are assessed. Validation involves comparing MCRLB predictions with actual ranging measurements obtained in a realistic simulated scenario. Furthermore, a qualitative evaluation examines terrestrial SOOP, considering signal availability, accuracy attainability, and infrastructure demands.

One-Class Classification as GLRT for Jamming Detection in Private 5G Networks

5G mobile networks are vulnerable to jamming attacks that may jeopardize valuable applications such as industry automation. In this paper, we propose to analyze radio signals with a dedicated device to detect jamming attacks. We pursue a learning approach, with the detector being a CNN implementing a GLRT. To this end, the CNN is trained as a two-class classifier using two datasets: one of real legitimate signals and another generated artificially so that the resulting classifier implements the GLRT. The artificial dataset is generated mimicking different types of jamming signals. We evaluate the performance of this detector using experimental data obtained from a private 5G network and several jamming signals, showing the technique's effectiveness in detecting the attacks.

Energy-Based Optimization of Physical-Layer Challenge-Response Authentication with Drones

Drones are expected to be used for many tasks in the future and require secure communication protocols. In this work, we propose a novel physical layer authentication (PLA)-based challenge-response (CR) protocol in which a drone Bob authenticates the sender (either on the ground or air) by exploiting his prior knowledge of the wireless channel statistic (fading, path loss, and shadowing). In particular, Bob will move to a set of positions in the space, and by estimating the attenuations of the received signals he will authenticate the sender. We take into account the energy consumption in the design and provide three solutions: a purely greedy solution (PG), an optimal Bellman iterative solution (BI), and a heuristic solution based on the evaluation of the standard deviation of the attenuations in the space. Finally, we demonstrate the effectiveness of our approach through numerical simulations.

Secret-Key-Agreement Advantage Distillation With Quantization Correction

We propose a novel advantage distillation strategy for physical layer-based secret-key-agreement (SKA). We consider a scenario where Alice and Bob aim at extracting a common bit sequence, which should remain secret to Eve, by quantizing a random number obtained from measurements at their communication channel. We propose an asymmetric advantage distillation protocol with two novel features: i) Alice quantizes her measurement and sends partial information on it over an authenticated public side channel, and ii) Bob quantizes his measurement by exploiting the partial information. The partial information on the position of the measurement in the quantization interval and its sharing allows Bob to obtain a quantized value closer to that of Alice. Both strategies increase the lower bound of the secret key rate.