Leveraging Angle of Arrival Estimation against Impersonation Attacks in Physical Layer Authentication

TL;DR

This work evaluates the use of angle of arrival (AoA) as a feature for physical layer authentication (PLA) in 6G IoT scenarios. It develops a theoretical framework showing impersonation is feasible only when the attacker's AoA matches the legitimate user's AoA, and that adding more antennas to the attacker yields no meaningful advantage; these insights are supported by MUSIC-based AoA estimation and extensive simulations. The paper extends analysis from single- to multi-antenna attacker models and proposes practical applications, including continuous authentication, automatic device enrollment, and PHY-AKA that leverages AoA for fast key agreement. The results demonstrate AoA-based PLA as a robust, low-overhead authentication mechanism for digital-array MIMO systems, with discussed countermeasures to address remaining vulnerabilities and potential multi-factor enhancements for real-world deployments.

Abstract

In this paper, we investigate the utilization of the angle of arrival (AoA) as a feature for robust physical layer authentication (PLA). While most of the existing approaches to PLA focus on common features of the physical layer of communication channels, such as channel frequency response, channel impulse response or received signal strength, the use of AoA in this domain has not yet been studied in depth, particularly regarding the ability to thwart impersonation attacks. In this work, we demonstrate that an impersonation attack targeting AoA based PLA is only feasible under strict conditions on the attacker's location and hardware capabilities, which highlights the AoA's potential as a strong feature for PLA. We extend previous works considering a single-antenna attacker to the case of a multiple-antenna attacker, and we develop a theoretical characterization of the conditions in which a successful impersonation attack can be mounted. Furthermore, we leverage extensive simulations in support of theoretical analyses, to validate the robustness of AoA-based PLA.

Figures (8)

• Figure 1: System model considered, in which Alice is equipped with a single antenna while both Bob and Eve are equipped with an array of antennas.
• Figure 2: Estimated AoA using MUSIC algorithm with 2,000 samples. Alice's AoA $\theta = 0.4$ rad, AoAs of Eve's antennas $\hat{\theta}_0 = 0.2$ rad, $\hat{\theta}_i = 0.2$ rad and phases of Eve's precoding factors $\phi_i = 0$$\forall i \in [0, L-1]$, sum of amplitudes of Eve's precoding factors $\sum_{i=0}^{L-1}\beta_i = 1$.
• Figure 3: MSE under special case scenario where AoAs of Eve's antennas are identical $\hat{\theta}_0 = \hat{\theta}_1 = 0.4$ rad, the phases of Eve's precoding factors $\phi_1 = \phi_0$, Alice's AoA $\theta = 0.4$ rad, SNR = 15 dB.
• Figure 4: MSE under special case scenario, with SNR = 15 dB. Alice's AoA $\theta = 0.4$ rad. a) Eve's antennas have the same AoA, $\hat{\theta}_0 = \hat{\theta}_1 = 0.4$ rad. b) Eve's antennas have different AoAs, $\hat{\theta}_0 = 0.39$ rad, $\hat{\theta}_1 = 0.41$ rad.
• Figure 5: MSE vs SNR at Eve, with SNR at Alice equal to 15 dB, number of Bob's antennas $M = 16$, Alice's AoA $\theta = 0.4$ rad.

Theorems & Definitions (2)

• Proposition 1
• proof