WS25 IEEE ICC 2024 Nineth Workshop on NextG (6G and beyond) Wireless Security

Physical-Layer Challenge-Response Authentication

with IRS and Single-Antenna Devices
2024 IEEE International Conference on Communications Workshops (ICC Workshops) | 979-8-3503-0405-3/24/$31.00 ©2024 IEEE | DOI: 10.1109/ICCWORKSHOPS59551.2024.10615677

Anna V. Guglielmi, Laura Crosara, Stefano Tomasin, and Nicola Laurenti

Dept. of Information Engineering (DEI), University of Padova, Italy
email: {annavaleria.guglielmi@ , laura.crosara.1@phd. , nicola.laurenti@, stefano.tomasin@ }unipd.it

Abstract—This paper focuses on a novel challenge-response two are consistently similar (considering that they are both
physical layer authentication (CR-PLA) mechanism for wireless affected by noise), the received message is stated as authentic,
communications. It integrates an intelligent reflecting surface otherwise, it is assumed fake. Several technologies, including
(IRS) under the control of the receiver, which operates as a
verifier for the identity of the transmitter. In CR-PLA, the verifier orthogonal frequency division multiplexing (OFDM), multiple-
randomly configures the IRS and then checks that the resulting input multiple-output (MIMO) [2], [3] and underwater acoustic
estimated channel is correspondingly modified. We address the communications [4], employed PLA, using different testing
trade-off between communication and security performance, in techniques, from Neyman-Pearson tests [5] to machine learn-
terms of average signal-to-noise ratio (SNR) and missed detection ing approaches [6]. For an overview on PLA, we refer the
(MD) probability of an impersonation attack, respectively. In
particular, we design the probability distribution of the random reader to [7], [8].
IRS configuration that maximizes the average receiver SNR under Recently, the controllable nature of wireless channels pro-
an upper bound constraint on the MD and false alarm (FA)
probabilities, for the special case where both the transmitter and
vided by new communication technologies has been exploited
the receiver are equipped with a single antenna. Numerical results for further improvement of PLA. Specifically, the propagation
demonstrate effective balancing of communication metrics and of wireless signals can be modified using intelligent reflecting
security requirements, suggesting that CR-PLA is a promising surfaces (IRSs), i.e., controllable devices, where the phase shift
solution for future secure wireless communication. introduced by each element can be changed. Indeed, when the
Index Terms—Authentication, Challenge-response, Intelligent
Reflecting Surfaces, Physical-Layer Security.
verifier controls the IRS, he can set a random configuration of
the IRS which remains secret to the attacker, and verify that
I. I NTRODUCTION the channel estimated from a received message corresponds
Establishing whether a received message truly comes from to the predicted channel according to the set configuration,
the legitimate sender or has been forged by an impersonating [9]. Such an approach provides a challenge response PLA
attacker describes the user authentication problem. If unau- (CR-PLA) mechanism, where the random configuration is the
thenticated messages are accepted, several risks might occur challenge and the predicted channel is the expected response.
that go from denial of service to privacy or the loss of control Such an approach can be applied also when other controllable
of devices, e.g., in Internet of Things (IoT) contexts. channels are available, e.g., when Bob is a drone that changes
In the literature, several authentication mechanisms have its position to pose a challenge [10].
been proposed, mostly operating at the application layer and In this paper, we aim to design the random IRS configuration
using cryptographic approaches. Here, we exploit the propa- of the CR-PLA mechanism. We focus on the simple scenario
gation characteristics of the physical channel as a signature where both the legitimate transmitter and the verifier are
of the communication link or the transmitting device, in what equipped with a single antenna, and the number of elements
is known as physical layer authentication (PLA). In [1], the in the IRS is large. First, we observe that the random IRS
basic approach is introduced: it consists of two phases, i.e., configuration affects the data rate of the communication link
the identification acquisition and the identification verification between the user equipment (UE) and base station (BS). In
phases. In the first phase, the receiver Bob (verifier) estimates particular, increasing its randomness yields in general a lower
the channel from signals transmitted by Alice (the authentic missed detection (MD) probability while also lowering the
source). Higher-layer mechanisms, e.g., based on cryptogra- communication performance. To measure the communication
phy, are used to authenticate the signals. In the second phase, performance we consider the signal-to-noise ratio (SNR) aver-
whenever Bob receives a new message, he also estimates the aged over the random IRS configuration. Then, we consider a
channel over which the transmitted signal has propagated and generalized likelihood ratio test (GLRT) at the verifier to make
compares this estimate with that in the first phase. If the the decision about the authenticity of the message and analyze
the performance of the CR-PLA scheme in terms of both false
This work has been funded in part by the European Commission through
the Horizon Europe/JU SNS project ROBUST-6G (Grant Agreement no. alarm (FA) and MD probabilities. Lastly, we design the prob-
101139068). ability distribution of the randomly selected phase shifts that

979-8-3503-0405-3/24/$31.00 ©2024 IEEE 560

Authorized licensed use limited to: Somaiya University. Downloaded on March 31,2025 at 14:51:40 UTC from IEEE Xplore. Restrictions apply.
 WS25 IEEE ICC 2024 Nineth Workshop on NextG (6G and beyond) Wireless Security

the channel from IRS to Bob. The resulting Alice-IRS-Bob

cascade channel random gain is

𝜙 QAIB = HΦG . (2)

𝑮 𝑯
In the considered scenario, Eve can transmit messages to
Bob through a direct channel with gain C ∈ C.
𝑪 All channels are assumed to be time-invariant, while the
IRS configuration (i.e., the matrix Φ) is under Bob’s control
and can be changed over time, making the cascade channels
controllable. We consider correlated Rayleigh fading channels,
Fig. 1. Communication scenario. thus all entries of the channel vectors H and G are zero-mean
complex Gaussian with unitary power and identity correlation
matrix. However, most of the obtained derivations could be
maximize the average SNR under an upper bound constraint on applied to a more general channel model.
the MD probability for a desired FA probability. In particular,
A. CR-PLA Mechanism
we identify two statistical properties (represented by two real
numbers) that capture the effects of the probability density The CR-PLA mechanism [9] works as follows. In the
function (pdf) on both the communication and the security identification association phase, Alice transmits authenticated
metrics, so that the pdf design problem boils down to the pilot signals to Bob who, in turn, estimates the cascade channel
optimization of these two parameters, under other constraints. QAIB for several IRS configurations. Such an estimate will
In the design, we consider the worst-case scenario for the then enable Bob to obtain a reference estimate of the cascade
defense, by assuming that the attacker has complete channel channel for any IRS configuration Φ
knowledge, which is a challenging condition in practice. QAIB (Φ) = QAIB (Φ) + W , (3)
The rest of the paper is organized as follows. Section II
presents the system model and the CR-PLA mechanism. Then, where W is the estimation error at Bob, modeled as additive
2
the authentication strategy design is detailed in Section III. white Gaussian noise (AWGN) with zero mean and power σB .
In particular, in Section III-A and Sections III-B III-C the In the identification verification phase, Bob sets a random
communication and the security performance are introduced, configuration of the IRS (that constitutes the challenge),
respectively; whereas in Section III-D, the design of probabil- according to the pdf pΦ (Φ), and whenever he receives a
ity distribution of the randomly selected IRS phase shifts is message, he estimates the cascade channel Q̂AIB (Φ) and
presented. Numerical results are discussed in Section IV and, checks if it corresponds to the expected channel QAIB (Φ).
finally, conclusions are drawn in Section V. Under legitimate conditions, when Alice is transmitting Bob
estimates the Alice-IRS-Bob cascade channel, i.e.,
II. S YSTEM M ODEL
Q̂AIB = QAIB + WB , (4)
We analyze the scenario depicted in Fig. 1, where Bob, the
receive BS, authenticates messages from the UE Alice, the where WB is the estimation error at Bob, modeled as AWGN
2
legitimate transmitter. An attacker Eve aims to impersonate with zero mean and power σB .
Alice by forging messages and transmitting them to Bob. We B. Attacker Model
assume that all devices (Alice, Bob, and Eve) have a single We consider a perfect channel knowledge scenario in which
antenna each. Eve knows the realizations of H, G and C. This assump-
The communication between Alice and Bob is supported by tion, although being generous to Eve, constitutes a worst-
an IRS with N reflecting elements, each acting as a receive case situation for the legitimate receiver. Consequently, it
and transmit antenna. In particular, each element has unitary is a conservative approach when investigating authentication
gain and introduces a phase shift ϕn = ejθn , n = 1, 2, . . . , N , mechanisms.
on the equivalent baseband signal. We define vector ϕ and Moreover, we assume that for the attack Eve transmits
matrix Φ as directly to Bob and she can precode the transmitted pilot to
Φ = diag{ϕ} = diag{[ϕ1 , ϕ2 , . . . , ϕN ]}. (1) induce any channel estimate to Bob apart from the estimation
noise. Thus, when under attack, Bob estimates
Bob controls the IRS by choosing the phase control matrix Φ
V = V0 + W B . (5)
using a secure dedicated channel not accessible to Eve.
We assume that communication between Alice and Bob where V0 is the channel forged by Eve. Note that, since gain
only happens through the IRS without any additional direct C is known to Eve, she can pre-compensate it before trans-
link (for instance, because a direct link is not available). We mission, thus it becomes irrelevant in our scenario. Moreover,
define G ∈ CN ×1 as the vector for the baseband equivalent assuming that Eve is equipped with more antennas is also
channel from Alice to IRS, and H ∈ C1×N as the vector of irrelevant, as Bob has a single antenna.

561
Authorized licensed use limited to: Somaiya University. Downloaded on March 31,2025 at 14:51:40 UTC from IEEE Xplore. Restrictions apply.
 WS25 IEEE ICC 2024 Nineth Workshop on NextG (6G and beyond) Wireless Security

C. Authentication Test A. Communication Performance

When performing the authentication check, Bob leverages Having assumed a single-antenna transmitter and receiver,
his knowledge of QAIB . Let the channel estimate at Bob be the communication-optimal IRS configuration can be ex-
( pressed in closed form. Indeed, the communication-optimal
Q̂AIB if Alice is transmitting (b = 0) , IRS configuration maximizing the SNR at the receiver is
R= (6)
V if Eve is transmitting (b = 1) ,
θn = α − ∠Hn − ∠Gn , (13)
with b indicating the legitimate/attack state. The purpose of
Bob is to figure out whether the estimated channel R corre- with n = 0, . . . , N − 1 and α the angle common to all the IRS
sponds to the authentic one Q̂AIB , or to a forged channel V , by elements. To simplify the following computation, we consider
using his knowledge of QAIB . Thus, Bob performs an authen- α = 0 without loss of generality.
tication test, wherein, given QAIB and R, he chooses between For a given IRS configuration Φ, the resulting achievable
two hypotheses, i.e., H0 if the message is from Alice, and rate of the Alice-Bob channel is
H1 if the message is from Eve. Therefore, the authentication PN −1 !
procedure outputs a Boolean value b̂, and correct verification | n=0 Hn Gn ejθn |2
CA,B (Φ) = log2 1 + 2 , (14)
is achieved if b̂ = b. σB
Since Eve can perform a variety of attacks V0 , we consider
that the receiver employs a GLRT, which is appropriate in case which depends on the instantaneous SNR
of unknown V statistics. Let fQ̂|H0 be the pdf of Q̂ under PN −1
| n=0 Hn Gn ejθn |2
hypothesis H0 . The generalized log-likelihood function is ω= 2 . (15)
σB
Ψ = log fQ̂|H0 (R). (7)
In the identification phase, we assume that Bob modifies
Under hypothesis H0 , and conditioned on the configuration the IRS configuration around the optimal one, obtaining a new
Φ′ chosen by Bob, R has a Gaussian distribution with mean phase shift as
QAIB θn = θn + ϵn , (16)
R = QAIB (Φ′ ) + WB − W . (8)
with ϵn a random variable. Moreover, we assume that ϵn are
Let W = WB − W represents the overall noise with per-entry independent and identically distributed for all the IRS elements
variance σ 2 = 2σB
2
. Thus, (7) becomes and that the pdf of ϵn is even. This simplifies the design of
2 the defense strategy, so more complex solutions where ϵn are
Ψ= |R − QAIB (Φ′ )|2 , (9) correlated and may have different statistics are left for future
σ2
study. Under these assumptions, the problem of designing
neglecting irrelevant constants. According to GLRT, Ψ is then pΦ (Φ) becomes the problem of designing the pdf pϵ of ϵn .
compared with respect to a threshold τ , and the authentication For communication performance evaluation we consider the
procedure outputs average SNR Ω = E[ω], for which we now derive an approx-
(
0 Ψ<τ, imate expression depending on some statistical properties of
b̂ = (10) ϵn .
1 Ψ≥τ.
In particular, let us consider the asymptotic case N → ∞.
III. AUTHENTICATION S TRATEGY D ESIGN Then, let us define
To perform the CR-PLA mechanism, Bob needs to randomly m = E[ejϵn ] = E[cos ϵn ] + jE[sin ϵn ]. (17)
select the IRS configuration to generate the challenge. How-
ever, the random IRS configuration selected in the identifica- Assuming that pϵ is even, the second term vanishes and
tion phase, while providing authentication capabilities, affects
the data rate of the communication link between Alice and m = E[cos ϵn ]. (18)
Bob. Therefore, we aim to properly design the pdf of the IRS
Similarly, we define
configuration pΦ (Φ) to get a tradeoff between the security
metrics and the resulting achievable rate of the legitimate s = sR + jsI = E[cos2 ϵn ] + jE[sin2 ϵn ] (19)
channel. First, note that under the two hypotheses (7) can be
written as and we have E[cos ϵn sin ϵn ] = 0 for symmetry reasons.
2
Ψ = 2 |δ|2 , (11) The mean of each term of the sum in (14) can then be
σ written as
with
( µsec =E[Hn Gn ejθn ] = E[|Hn Gn |ejϵn ]
W, under hypothesis H0 π (20)
δ= (12) =E[|Hn |]E[|Gn |]E[ejϵn ] = m
V0 − HΦG + W , under hypothesis H1 . 4

562
Authorized licensed use limited to: Somaiya University. Downloaded on March 31,2025 at 14:51:40 UTC from IEEE Xplore. Restrictions apply.
 WS25 IEEE ICC 2024 Nineth Workshop on NextG (6G and beyond) Wireless Security

with variance Under hypothesis H1 with attack V0 , using (6) and replacing
2
σsec =E[|Hn Gn e jθn
− µsec | ] 2 (5) in (9), Ψ becomes a non-central chi-square random variable
(21) with 2 degrees of freedom and non-centrality parameter
π2 2
=1 − µ2sec =1− m , 2
16 ζ(V, Φ′ ) = 2 ||V − QAIB (Φ′ )||2 , (26)
σ
since Hn , Gn , and ejθn are independent and |Hn |, |Gn | are for a given IRS configuration Φ′ . The PMD represents the
Rayleigh variables with zero mean and variance 12 . By using CDF of this variable evaluated at τ , that is
the central limit theorem, we approximate the sum in (14) as
2
Gaussian distributed, with mean1 N µsec and variance N σsec . PMD (ζ(V, Φ′ )) = Fχ2 ,ζ(V,Φ′ ) (τ ). (27)
Therefore, the average SNR depends on m and goes to ∞ It is worth noting that the choice of τ is typically set to
as reach a desired PFA , i.e.,
2
2N 2 µ2sec τ = Fχ−1
2 ,0 (1 − PFA ), (28)
 
N σsec N
Ω≈ 2 2 + 2
= 2 (N µ2sec + σsec
2
)
2σB N σsec σB and the MD probability becomes
π2
 
N PMD (ζ(V, Φ′ )) = Fχ2 ,ζ(V,Φ′ ) (Fχ−1
= 2 (N − 1) m2 + 1 = Ω(m). (22) 2 ,0 (1 − PFA )). (29)
σB 16
In the following, we consider the average PMD , i.e., P MD =
Due to the relation between the achievable rate and the SNR, E[Fχ2 ,ζ(V,Φ′ ) (τ )], assuming that V is fixed (i.e., Eve performs
for ease of computation, we refer to the asymptotic approxi- a deterministic attack), whereas Φ′ is random. Note that the
mate average SNR Ω(m) as the communication performance. expectation is done with respect to the distribution of ϕn , n =
0, . . . , N − 1.
B. Security Performance
The two possible error events of the authentication mecha- C. Average MD Probability
nism are FAs when Bob discards a message as forged by Eve We now derive the MD probability under a specific attack by
while it is coming from Alice, and MDs when Bob accepts Eve and we express it as a function of key statistical parameters
a message coming from Eve as legitimate. Specifically, an for ϵn , similarly to what we did for the average SNR.
FA occurs when, under hypothesis b = 0, Ψ ≥ τ , whereas, Attack Strategy: Since Eve does not know the IRS
an MD occurs when, under hypothesis b = 1, Ψ < τ . As configuration, we assume here that Eve uses as attack the
security metrics of the CR-PLA mechanism, we then consider average channel seen by Bob when Alice is transmitting, i.e.,
the probabilities of FA and MD. she sets the attack channel as V0 = E[QAIB ], where the mean
In formulas, for a given Alice-IRS-Bob channel and any is evaluated with respect to the random IRS configuration. So,
configuration Φ′ , we define then the probability of FA and V0 = HE[Φ]G = HΦE[diag{ejϵn }]G = mHΦG. (30)
MD respectively as
Test Variable: Under attack V0 (12) becomes
PFA = P [Ψ ≥ τ |b̂ = 0] , (23)
δ = mHΦG − HΦ′ G + W
PMD (ζ(V, Φ′ )) = P [Ψ < τ |b̂ = 1] . (24) N −1
X
Under the legitimate condition H0 , by plugging (8) into (9), = Hn ejθn [m − ejϵn ]Gn + W. (31)
n=0
we have that Ψ becomes a central chi-square random variable
with 2 degrees of freedom and MD Probability: Under attack V0 the probability P MD
can be written as
PFA = 1 − Fχ2 ,0 (τ ), (25) 
2

P MD = P 2 |δ|2 < τ , (32)
denoting with Fχ2 ,a (·) the cumulative distribution function σ
(CDF) of a non-central chi-square variable with 2 degrees of and we then investigate the statistics of each term of the sum
freedom and non-centrality parameter a. in (31) to derive an expression for P MD .
Specifically, due to the Rayleigh scenario, and from the
1 Note that for a circularly symmetric complex random variable y with non
symmetry of h pϵ , the terms in thei sum of (31) are i.i.d
zero complex mean M = Mr + jMI and real variance S 2 , the mean of |y|2
is with mean E Hn ejθn [m − ejϵn ]Gn = 0, and with real and
 √ !2 √ !2  imaginary parts of the variance defined as
2 S2  2 √ 2 √  n o2 
E[|M +Sw| ] = E MR + 2wR + MI + 2wI 
2 S S 2 jθ n jϵn
σR = E Re Hn e [m − e ]Gn
(33)
S2
= E (m − cos ϵn )2 = −m2 + sR
 
= (2 + λ),
2  n o2 
2|M |2
with λ = S 2 and assuming w = wR +jwI circularly symmetric complex σI2 = E Im Hn ejθn [m − ejϵn ]Gn = sI (34)
Gaussian random variable with zero mean and unitary variance.

563
Authorized licensed use limited to: Somaiya University. Downloaded on March 31,2025 at 14:51:40 UTC from IEEE Xplore. Restrictions apply.
 WS25 IEEE ICC 2024 Nineth Workshop on NextG (6G and beyond) Wireless Security

where sR = E[cos2 ϵn ] and sI = E[sin2 ϵn ]. The correspond- 0.3

ing cross-correlation is
h n  o 0.25
E Re Hn ejθn m − ejϵn Gn ×

n  oi
Im Hn ejθn m − ejϵn Gn

(35) 0.2

= E [(m − cos ϵn ) (− sin ϵn )] = E [cos ϵn sin ϵn ] = 0.

0.15
By the Central Limit Theorem, for N →∞, δ = δR + jδI has
a complex zero-mean Gaussian distribution with independent 0.1
2
2
real and imaginary parts with variances σδ,R 2
= N σR + σ2 and
2
2
σδ,I = N σI2 + σ2 , respectively, which are functions of m and 0.05
sR through (33) and (34). Finally, from (32) and the results
in (33)-(35), we approximate P MD as
0
0.2 0.4 0.6 0.8 1
σ2 τ
 
2 2
P MD = P δR + δI ≤
2
σ2 τ Fig. 2. Probability distribution of ϵn considering P FA = 10−3 , N = 100,
 
2
≈ P σδ,R g12 + σδ,I
2
g22 ≤ , (36) σB = 0.6, and η ∈ T ={0.149, 0.1516, 0.1542, 0.1568, 0.1594, 0.162}.
2
where g1 and g2 are real Gaussian variables with zero mean
and unitary variance. Still P MD depends on m, sR , and the Thus, we consider the following optimization problem
Z ∞
desired P FA = PFA (τ ), i.e., P MD (m, sR , τ ).
arg max Ω(m) = max cos(α)pϵ (α)dα
To evaluate (36), we need the CDF of a linear combination m pϵ −∞
of two independent central chi-squared random variables with s.t. P MD (m, sR , τ ) < η
one degree of freedom each. This CDF cannot be expressed in Z ∞
closed form; however, a series can be computed by following (39)
pϵ = 1
[11]. Let us define α1 = σδ,R 2 2
, α2 = σδ,I , β = α1 +α
2
2
, then −∞
we have PFA (τ ) = P FA
σ2 τ pϵ ≥ 0.
e− 4β σ τ2
p
P MD (m, sR , τ ) = × Note that the problem of designing the pdf of the continuous
(2β)2 Γ (2)
random variable ϵn becomes now the problem of optimizing
K=∞
X k!mk (1)  σ 2 τ  some of its statistical parameters (namely, m and sR ), which
L , (37)
(2)k k 2β provides a much more tractable optimization problem.
k=0
We numerically solve (39) by looking for the (m⋆ , s⋆R ) pairs,
where such that PMD (m⋆ , s⋆R ) < η, that are feasible solution of the
2 system
−1/2
Y
m0 =2(2β)2
R ∞
(β + αi ) cos(α)pϵ (α)dα = m
R−∞


∞
i=1

2
R−∞ cos (α)pϵ (α)dα = sR



k−1
1 ∞
. (40)
X
mk = mj dk−j , k ≥ 1 (38) −∞ ϵ
p (α)dα = 1
k j=0


 pϵ (α) ≥ 0


2  j m2 < s ≤ m

j
X 1 β − αi R
dj = (−1) + , j ≥ 1,
i=1
2 β + αi Note that for the sake of computation, we consider ϵn as a
(α)
discrete random variable. Consequently, (40) becomes a linear
and Lk the k-th generalized Laguerre polynomial. system with positive solutions. Among the feasible (m⋆ , s⋆R )
pairs, we choose then that with the maximum m⋆ .
D. Design of the pdf pϵ
For a desired P FA , we derived that m and sR are the only IV. N UMERICAL R ESULTS
parameters on which the communication and security metrics In this Section, we validate the above analysis providing
depend, i.e., (22) and (37) , respectively. Our goal is to find the numerical evidence of the balance between communication
optimal pϵ balancing the communication metrics and security metrics and security requirements as the result of the opti-
requirements. From (16), we aim at finding a feasible pϵ such mization problem (39).
that Ω(m) is maximized assuring that P MD (m, sR , τ ) is kept Fig. 2 shows the optimal pϵ obtained for
below a certain threshold η. P FA = 10−3 , N = 100, σB = 0.6, and

564
Authorized licensed use limited to: Somaiya University. Downloaded on March 31,2025 at 14:51:40 UTC from IEEE Xplore. Restrictions apply.
 WS25 IEEE ICC 2024 Nineth Workshop on NextG (6G and beyond) Wireless Security

0.8 security metrics. We have derived approximate expressions for

the FA and MD probabilities, and the average SNR for the
0.7
0.25
0.6
0.2
0.5

0.15
0.4

0.3
0.1

0.2

0.1 0.2 0.3 0.4 0.5 0.6

Fig. 3. P MD (m, sR , τ ) contour plot at levels T , the area defining the pairs 26 27 28 29 30 31 32
(m, sR ) such m2 < sR ≤ m (in red), the area representing the feasible
solutions of (40) (in grey), and the optimal (m⋆ , s⋆R ) (stars). The different
colors refer to the different considered η ∈ T . Fig. 4. P MD (m⋆ , s⋆R , τ ) as a function of Ω(m⋆ ) for P FA ∈
{10−4 , 10−3 , 10−2 10−1 }, N = 100, and σB 2 = 0.6

η ∈ T ={0.149, 0.1516, 0.1542, 0.1568, 0.1594, 0.162}.

It can be seen that for η ≥ 0.1594 the optimal pϵ remains the special case of single-antenna devices. Numerical results show
same, whereas for η < 0.149 any solution solving (39) can that a high average SNR would come at the expense of a
be found. reduction of MD probability and vice versa.
This can be better observed in Fig. 3 where we show the R EFERENCES
P MD (m, sR , τ ) contour plot at levels T , the area defined by [1] G. J. Simmons, “Authentication theory/coding theory,” in Advances in
the pairs (m, sR ) such that m2 < sR ≤ m (red area), the Cryptology, G. R. Blakley and D. Chaum, Eds. Berlin, Heidelberg:
area representing the feasible solutions of (40) (grey area), Springer Berlin Heidelberg, 1985, pp. 411–431.
[2] P. Baracca, N. Laurenti, and S. Tomasin, “Physical layer authentication
and the optimal (m⋆ , s⋆R ) pairs (stars) for P FA = 10−3 . The over MIMO fading wiretap channels,” IEEE Trans. Wireless Commun.,
different colors refer to the different considered η, with η ∈ T . vol. 11, no. 7, pp. 2564–2573, 7 2012.
In general, the higher η is, the higher would be m⋆ , i.e., the [3] W. Hou, X. Wang, J.-Y. Chouinard, and A. Refaey, “Physical layer
authentication for mobile systems with time-varying carrier frequency
more pϵ would be defined around zero. This would imply a offsets,” IEEE Transactions on Communications, vol. 62, no. 5, pp.
higher m⋆ and then a higher Ω(m⋆ ) at the cost of a security 1658–1667, 2014.
degradation due to the reduction in the randomness of Φ. [4] R. Diamant, P. Casari, and S. Tomasin, “Cooperative authentication in
underwater acoustic sensor networks,” IEEE Trans. Wireless Commun.,
To find a tradeoff between Ω and P MD , Fig. 4 shows vol. 18, no. 2, pp. 954–968, Feb. 2019.
the P MD (m⋆ , s⋆R , τ ) as a function of Ω(m⋆ ). In par- [5] U. M. Maurer, “Authentication theory and hypothesis testing,” IEEE
ticular, we consider different values of P FA in the set Transactions on Information Theory, vol. 46, no. 4, p. 1350–1356, July
2000.
{10−4 , 10−3 , 10−2 , 10−1 }, N = 100, and σB 2
= 0.6. It can [6] H. Fang, X. Wang, and L. Hanzo, “Learning-aided physical layer
be seen as for a desired P FA , a higher Ω(m⋆ ) comes at the authentication as an intelligent process,” IEEE Transactions on Com-
expense of a higher P MD (m⋆ , s⋆R , τ ). Furthermore, the smaller munications, vol. 67, no. 3, pp. 2260–2273, 2019.
[7] E. Jorswieck, S. Tomasin, and A. Sezgin, “Broadcasting into the uncer-
the desired P FA is, the smaller the reduction of Ω(m⋆ ) in tainty: Authentication and confidentiality by physical-layer processing,”
dB would be, if the minimum possible P MD (m⋆ , s⋆R , τ ) is Proceedings of the IEEE, vol. 103, no. 10, pp. 1702–1724, 10 2015.
assured. However, the smaller the P FA is, the smaller the [8] N. Xie, Z. Li, and H. Tan, “A survey of physical-layer authentication in
wireless communications,” IEEE Communications Surveys & Tutorials,
minimum P MD (m⋆ , s⋆R , τ ) that can be ensured. vol. 23, no. 1, pp. 282–310, 2021.
[9] S. Tomasin, H. Zhang, A. Chorti, and H. V. Poor, “Challenge-response
V. C ONCLUSIONS physical layer authentication over partially controllable channels,” IEEE
Communications Magazine, vol. 60, no. 12, pp. 138–144, 2022.
In this paper, we have considered a CR-PLA mechanism [10] F. Mazzo, S. Tomasin, H. Zhang, A. Chorti, and H. V. Poor, “Physical-
that leverages the presence of an IRS to perform the challenge- layer challenge-response authentication for drone networks,” in Proc.
response protocol. We have derived the probability distribution IEEE Global Commun. Conference (GLOBECOM), 2023.
[11] A. Castaño-Martı́nez and F. López-Blázquez, “Distribution of a sum of
of the randomly selected phase shifts, optimizing the tradeoff weighted noncentral chi-square variables,” Test, vol. 14, pp. 397–415,
between the average SNR of the legitimate channel and the 2005.

565
Authorized licensed use limited to: Somaiya University. Downloaded on March 31,2025 at 14:51:40 UTC from IEEE Xplore. Restrictions apply.