AoA-Based Physical Layer Authentication in Analog Arrays under Impersonation Attacks

TL;DR

The paper addresses the security of AoA-based physical-layer authentication in analog-array MIMO against impersonation by active attackers. It combines a maximum-likelihood AoA estimator with a one-class SVM classifier to authenticate legitimate users using AoA features derived from certified pilots. Through modeling three impersonation strategies—random, code-based, and location-based—and extensive simulations, it demonstrates that location-based and code-based attacks can effectively spoof AoA estimates and degrade classifier performance, while random attacks mainly degrade estimation without impersonation. The findings highlight the vulnerability of analog-array PLA to informed adversaries and emphasize the need for defenses that account for attacker location and beam-pattern interactions in practical deployments.

Abstract

We discuss the use of angle of arrival (AoA) as an authentication measure in analog array multiple-input multiple-output (MIMO) systems. A base station equipped with an analog array authenticates users based on the AoA estimated from certified pilot transmissions, while active attackers manipulate their transmitted signals to mount impersonation attacks. We study several attacks of increasing intensity (captured through the availability of side information at the attackers) and assess the performance of AoA-based authentication using one-class classifiers. Our results show that some attack techniques with knowledge of the combiners at the verifier are effective in falsifying the AoA and compromising the security of the considered type of physical layer authentication.

Figures (5)

• Figure 1: Considered physical layer authentication scenario: (a) Offline Training phase: Alice's transmission is guaranteed to be authentic, the corresponding signal is acquired by Bob and associated with her identity (b) Online classification phase: Alice is recognized by the classifier through comparison of the newly acquired signal with her original signal, collected during training (c) Authentication system under successful impersonation attack: Eve transmits a precoded signal with the aim to confuse Bob's classifier and make it recognize the received signal as being transmitted by Alice.
• Figure 2: Negative log-likelihood cost function \ref{['eq:ML']} as a function of the AoA for different attacks for $d^{\text{E}}= 10~$m.
• Figure 3: RMSE in estimated angle in degrees vs distance of Eve from Bob and various AoA of Eve.
• Figure 4: Comparison of accuracy under code-based attack (CBA) and location-based attack (LBA), using OC-SVM, $\theta^{\text{A}} = 0\degree$.
• Figure 5: Comparison of the probability of MD under code-based attack (CBA) and location-based attack (LBA), using OC-SVM , $\theta^{\text{A}} = 0\degree$.