Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Access-based Lightweight Physical Layer Authentication for the Internet of Things Devices

Saud Khan, Chandra Thapa, Salman Durrani, Seyit Camtepe

TL;DR

This work addresses IoT authentication in resource-constrained environments by proposing an access-based, continuous authentication scheme that leverages pre-arranged access time slots and spreading pools within grant-free NOMA. It replaces seed-based channel-reciprocity approaches with a four-process framework (access-time-slot generation, spreading-pool construction, seed generation, and authentication decision) that eliminates seed reconciliation and channel probing. The method yields higher entropy and larger effective key space, achieving near-zero false alarms and roughly a threefold reduction in misdetection, with lower computational cost than SVM or BHT-based channel approaches. The approach is scalable to hundreds of devices, robust to channel variations, and practical for IoT deployments, with potential extension to satellite-IoT and formal security analyses in future work.

Abstract

Physical-layer authentication is a popular alternative to the conventional key-based authentication for internet of things (IoT) devices due to their limited computational capacity and battery power. However, this approach has limitations due to poor robustness under channel fluctuations, reconciliation overhead, and no clear safeguard distance to ensure the secrecy of the generated authentication keys. In this regard, we propose a novel, secure, and lightweight continuous authentication scheme for IoT device authentication. Our scheme utilizes the inherent properties of the IoT devices' transmission model as its source for seed generation and device authentication. Specifically, our proposed scheme provides continuous authentication by checking the access time slots and spreading sequences of the IoT devices instead of repeatedly generating and verifying shared keys. Due to this, access to a coherent key is not required in our proposed scheme, resulting in the concealment of the seed information from attackers. Our proposed authentication scheme for IoT devices demonstrates improved performance compared to the benchmark schemes relying on physical channels. Our empirical results find a near threefold decrease in the misdetection rate of illegitimate devices and close to zero false alarm rate in various system settings with varied numbers of active devices up to 200 and signal-to-noise ratio from 0 dB to 25 dB. Our proposed authentication scheme also has a lower computational complexity of at least half the computational cost of the benchmark schemes based on support vector machine and binary hypothesis testing in our studies. This further corroborates the practicality of our scheme for IoT deployments.

Access-based Lightweight Physical Layer Authentication for the Internet of Things Devices

TL;DR

This work addresses IoT authentication in resource-constrained environments by proposing an access-based, continuous authentication scheme that leverages pre-arranged access time slots and spreading pools within grant-free NOMA. It replaces seed-based channel-reciprocity approaches with a four-process framework (access-time-slot generation, spreading-pool construction, seed generation, and authentication decision) that eliminates seed reconciliation and channel probing. The method yields higher entropy and larger effective key space, achieving near-zero false alarms and roughly a threefold reduction in misdetection, with lower computational cost than SVM or BHT-based channel approaches. The approach is scalable to hundreds of devices, robust to channel variations, and practical for IoT deployments, with potential extension to satellite-IoT and formal security analyses in future work.

Abstract

Physical-layer authentication is a popular alternative to the conventional key-based authentication for internet of things (IoT) devices due to their limited computational capacity and battery power. However, this approach has limitations due to poor robustness under channel fluctuations, reconciliation overhead, and no clear safeguard distance to ensure the secrecy of the generated authentication keys. In this regard, we propose a novel, secure, and lightweight continuous authentication scheme for IoT device authentication. Our scheme utilizes the inherent properties of the IoT devices' transmission model as its source for seed generation and device authentication. Specifically, our proposed scheme provides continuous authentication by checking the access time slots and spreading sequences of the IoT devices instead of repeatedly generating and verifying shared keys. Due to this, access to a coherent key is not required in our proposed scheme, resulting in the concealment of the seed information from attackers. Our proposed authentication scheme for IoT devices demonstrates improved performance compared to the benchmark schemes relying on physical channels. Our empirical results find a near threefold decrease in the misdetection rate of illegitimate devices and close to zero false alarm rate in various system settings with varied numbers of active devices up to 200 and signal-to-noise ratio from 0 dB to 25 dB. Our proposed authentication scheme also has a lower computational complexity of at least half the computational cost of the benchmark schemes based on support vector machine and binary hypothesis testing in our studies. This further corroborates the practicality of our scheme for IoT deployments.
Paper Structure (23 sections, 2 theorems, 21 equations, 9 figures, 3 tables, 1 algorithm)

This paper contains 23 sections, 2 theorems, 21 equations, 9 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Contributions
  3. Related Works
  4. System Model
  5. Threat Model
  6. Signal Model
  7. Transmission Model
  8. Problem Statement
  9. Proposed Authentication Scheme
  10. Access Time Slots Generation
  11. Spreading Pool Construction
  12. Seed Generation
  13. Authentication Decision
  14. Security Performance Analysis
  15. Entropy
  16. ...and 8 more sections

Key Result

Lemma 1

The entropy of the proposed authentication scheme is higher than that of the physical-channel key generation schemes of wang2015surveywilhelm2013secureedman2016securityzhang2016efficient.

Figures (9)

  • Figure 1: Illustration of our system model. The transmission between the IoT devices and the AP is carried out by following the pre-agreed access time slots.
  • Figure 2: Proposed authentication scheme comprises four processes: access time slots generation, spreading pool construction, seed generation, and authentication decision.
  • Figure 3: Flowchart of proposed authentication scheme and its interaction with grant-free NOMA system model considered in this work.
  • Figure 4: False alarm rate, $\rho_{\mathrm{fa}}$, versus the time between updates (sec), with the total number of potential devices $K = 200$, the number of resources $N = 100$, and the number of active devices $S = 20$.
  • Figure 5: Misdetection rate, $\rho_{\mathrm{md}}$, versus SNR (dB), with the total number of potential devices $K = 200$, the number of resources $N = 100$, and the number of active devices $S = 20$.
  • ...and 4 more figures

Theorems & Definitions (2)

  • Lemma 1
  • Lemma 2