Physical Layer Authentication With Channel Knowledge Maps in Indoor Environments

Physical layer authentication (PLA) allows to authenticate the user by comparing measurements over time, assuming their time consistency or by modeling their evolution. However, these assumptions become problematic when devices are in motion and in indoor environments due to multipath propagation and obstructions. In this paper, we propose a PLA mechanism for moving devices in indoor environments, where multiple access points (APs) estimate the dominant channel tap path loss (PL) and angle of arrival (AoA) from the received signals and compare them with previously collected channel knowledge maps (CKMs). Specifically, the measurements are compared to those in the neighborhood of the previously known position obtained from CKMs. A comprehensive security analysis is conducted under both random and optimal attacks. Numerical results in a representative indoor scenario, with CKM obtained via ray tracing, validate the effectiveness of the proposed PLA approach.

ISAC Privacy: Challenges and Solutions for 6G

Integrated sensing and communication (ISAC) is a promising feature of future communication networks. While spatial sensing can improve network performance and enable external services, it also creates privacy challenges that go beyond the confidentiality of communication content. Future networks using millimeter-wave (mmWave) and sub-terahertz (THz) frequencies may collect or infer detailed information about people, devices, bystanders, passive objects, and environments in a sixth-generation (6G) deployment area. Such sensing can reveal location and environment data, support behavioral profiling such as movement or activity recognition, and, in advanced cases, expose physiological information such as breathing frequency or heart-rate-related data. Thus, the capabilities of spatial sensing must be controlled to satisfy privacy requirements. In this work, we organize privacy-sensitive ISAC data into three sensing levels: location and environment data, behavioral data, and physiological data, and use this classification as the organizing principle throughout the paper. Based on this classification, we discuss internal and external ISAC applications, identify privacy challenges related to consent, transparency, data ownership, profiling, bystander exposure, and sensitive sensing data, review representative solution directions, and outline future research directions for privacy-preserving ISAC.

Challenge-Response Authentication for LEO Satellite Channels: Exploiting Orbit-Specific Uniqueness

The number of low Earth orbit (LEO) satellite constellations has grown rapidly in recent years, bringing a major change to global wireless communications. As LEO satellite links take on a growing role in critical services such as emergency communications, navigation, wide-area data collection, and military operations, keeping these links secure has become an important concern. In particular, verifying the identity of a satellite transmitter is now a basic requirement for protecting the services that rely on satellite access. In this article, we propose an active challenge-response authentication framework in which the verifier checks the satellite at randomly chosen times that are not known in advance, removing the fixed measurement window that existing passive methods expose to adversaries. The proposed framework uses the deterministic yet unpredictably sampled nature of orbital observables to establish a physics based root of trust for satellite identity authentication. This approach transforms satellite authentication from static feature matching into a spatiotemporal consistency verification problem inherently constrained by orbital dynamics, providing robust protection even against trajectory-aware spoofing attacks.

Model-Driven Learning-Based Physical Layer Authentication for Mobile Wi-Fi Devices

The rise of wireless technologies has made the Internet of Things (IoT) ubiquitous, but the broadcast nature of wireless communications exposes IoT to authentication risks. Physical layer authentication (PLA) offers a promising solution by leveraging unique characteristics of wireless channels. As a common approach in PLA, hypothesis testing yields a theoretically optimal Neyman-Pearson (NP) detector, but its reliance on channel statistics limits its practicality in real-world scenarios. In contrast, deep learning-based PLA approaches are practical but tend to be not optimal. To address these challenges, we proposed a learning-based PLA scheme driven by hypothesis testing and conducted extensive simulations and experimental evaluations using Wi-Fi. Specifically, we incorporated conditional statistical models into the hypothesis testing framework to derive a theoretically optimal NP detector. Building on this, we developed LiteNP-Net, a lightweight neural network driven by the NP detector. Simulation results demonstrated that LiteNP-Net could approach the performance of the NP detector even without prior knowledge of the channel statistics. To further assess its effectiveness in practical environments, we deployed an experimental testbed using Wi-Fi IoT development kits in various real-world scenarios. Experimental results demonstrated that the LiteNP-Net outperformed the conventional correlation-based method as well as state-of-the-art Siamese-based methods.

Digital Twin-Based Beamforming for Interference Mitigation in AF Relay MIMO Systems

Beamforming in multiple-input multiple-output (MIMO) systems should take interference mitigation into account. However, for beamform design, accurate channel state information (CSI) is needed, which is often difficult to obtain due to channel variability, feedback overhead, or hardware constraints. For example, amplify-and-forward (AF) relays passively forward signals without measurement, precluding full CSI acquisition to and from the relay. To address these issues, this paper introduces a novel prediction-assisted optimization (PAO) framework for beamform design in AF relay-assisted multiuser MIMO systems. The proposed solution in the AF relay aims at maximizing the signal-plus-interference-to-noise ratio (SINR). Unlike other methods, PAO relies solely on received power measurements, making it suitable for scenarios where CSI is unreliable or unavailable. PAO consists of two stages: a supervised-learning-based neural network (NN) that predicts the positions of transmitters using signal observations, and an optimization algorithm, guided by a digital twin (DT), that iteratively refines the beam direction of the relay in a simulated radio environment. As a key contribution, we validate the proposed framework using realistic measurements collected on a custom-built experimental millimeter wave (mmWave) platform, which enables training of the NN model under practical wireless conditions. The estimated information is then used to update the digital twin with knowledge of the surrounding environment, enabling online optimization. Numerical results show the trade-off between localization accuracy and beamforming performance and confirm that PAO maintains robustness even in the presence of localization errors while reducing the need for real-world measurements.

BRISC: A Dataset of Channel Measurements at 5 GHz With a Reflective Intelligent Surface

We introduce the broadband reconfigurable intelligent surface (RIS) channel (BRISC) dataset. The dataset comprises measurements of channel state information (CSI) collected at 5.53 GHz using a 256-element RIS with binary states. In the measurement campaign, the transmitter and receiver are two software defined radios (SDRs), phase-synchronized via an OctoClock, where the transmitter (receiver) is equipped with one (two) antenna(s). To manage complexity, the RIS elements are grouped into blocks of different sizes, where all elements within a block share the same state. CSIs have been captured for multiple a) transmitter positions (and fixed receiver location), b) pilot block sizes, and c) state configurations. Furthermore, we calibrated the parameters of state-of-the-art RIS channel models to fit the measured CSI. With approximately 10000 configurations explored per transmitting position, BRISC serves as a robust benchmark in communication applications. We also show here an example of its use for physical-layer authentication.

Lightweight Pilot Estimation on LEO Satellite Signals for Enhanced SOP Navigation

The computation of positioning, navigation and timing (PNT) via signal of opportunity (SOP), where signals originally transmitted for communication, such as 5G, Wi-Fi, or DVB-S, are exploited due to their ubiquity and spectral characteristics, is an emerging research field. However, relying on these signals presents challenges, including limited knowledge of the signal modulation and the need to identify recurring sequences for correlation. We offer a guide to implement a receiver capable of capturing broadband downlink Ku-band signals from low Earth orbit (LEO) satellites (e.g., Starlink and OneWeb) and estimating the recurring symbols for SOP measurements. The methodology integrates recent approaches in the literature, highlighting the most effective aspects while guiding the replication of experiments even under limitations on the front-end gain and bandwidth. Using the proposed model, we can identify recurring symbols transmitted by Starlink satellites, which are then used to collect Doppler shift measurements over a 600 s interval. A position, velocity, and time (PVT) solution is also computed via least squares (LS), which achieves a positioning error of approximately 268 m after a post-fit refinement.

Physical Layer-Based Device Fingerprinting for Wireless Security: From Theory to Practice

The identification of the devices from which a message is received is part of security mechanisms to ensure authentication in wireless communications. Conventional authentication approaches are cryptography-based, which, however, are usually computationally expensive and not adequate in the Internet of Things (IoT), where devices tend to be low-cost and with limited resources. This paper provides a comprehensive survey of physical layer-based device fingerprinting, which is an emerging device authentication for wireless security. In particular, this article focuses on hardware impairment-based identity authentication and channel features-based authentication. They are passive techniques that are readily applicable to legacy IoT devices. Their intrinsic hardware and channel features, algorithm design methodologies, application scenarios, and key research questions are extensively reviewed here. The remaining research challenges are discussed, and future work is suggested that can further enhance the physical layer-based device fingerprinting.

Physical Layer Authentication With Colored RIS in Visible Light Communications

We study a visible light communication (VLC) system that employs a colored reconfigurable intelligent surface (CRIS) based on dichroic mirrors that reflect light at tunable frequencies. A verifier can use the CRIS to authenticate transmissions by comparing received multicolor power profiles with expected patterns. Four CRIS configuration strategies are evaluated: a deterministic cyclic pattern, static random reflectance, dynamic random reflectance, and dynamic random permutation of fixed profiles. Randomized configurations, especially dynamic ones, achieve superior authentication, enabling a novel challenge-response physical-layer authentication scheme over CRIS.

Hybrid Channel- and Coding-Based Challenge-Response Physical-Layer Authentication

This letter proposes a new physical layer authentication mechanism operating at the physical layer of a communication system where the receiver has partial control of the channel conditions (e.g., using an intelligent reflecting surface). We aim to exploit both instantaneous channel state information (CSI) and a secret shared key for authentication. This is achieved by both transmitting an identifying key by wiretap coding (to conceal the key from the attacker) and checking that the instantaneous CSI corresponds to the channel configuration randomly selected by the receiver. We investigate the trade-off between the pilot signals used for CSI estimation and the coding rate (or key length) to improve the overall security of the authentication procedure.