Physical Layer Authentication With Channel Knowledge Maps in Indoor Environments

Francesco Ardizzon; Luca Bonaventura; Stefano Tomasin

arxiv: 2606.27044 · v1 · pith:3DT6YOZ7new · submitted 2026-06-25 · 💻 cs.CR · eess.SP

Physical Layer Authentication With Channel Knowledge Maps in Indoor Environments

Luca Bonaventura , Francesco Ardizzon , Stefano Tomasin This is my paper

Pith reviewed 2026-06-26 03:51 UTC · model grok-4.3

classification 💻 cs.CR eess.SP

keywords physical layer authenticationchannel knowledge mapsindoor environmentsray tracingpath lossangle of arrivalsecurity analysismoving devices

0 comments

The pith

Physical layer authentication for moving indoor devices works by matching measured path loss and angle of arrival against ray-traced channel knowledge maps near the last known position.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper proposes a physical layer authentication scheme that uses multiple access points to estimate the dominant channel tap's path loss and angle of arrival from received signals. These measurements are then compared against entries in a pre-collected channel knowledge map within the spatial neighborhood of the device's previously known position. This replaces the usual time-consistency or evolution-model assumptions that break down for mobile devices in indoor multipath settings. A security analysis examines performance against both random and optimal attacks, and numerical results from a representative indoor scenario with ray-tracing-derived maps show the approach is effective.

Core claim

In indoor environments, physical layer authentication of moving devices can be performed by having access points compare the dominant-tap path loss and angle of arrival extracted from received signals against the corresponding values stored in channel knowledge maps obtained via ray tracing, specifically checking the map entries near the device's last known position.

What carries the argument

Channel knowledge maps (CKMs) that store expected dominant-tap path loss and angle of arrival values for spatial neighborhoods, built via ray tracing and used for neighborhood-based comparison.

If this is right

The method enables authentication when devices move and traditional time-based assumptions fail due to multipath and obstructions.
Authentication decisions remain reliable under random attacks that send arbitrary signals.
Authentication decisions remain reliable under optimal attacks that attempt to match the map entries.
The scheme can be implemented with existing access points that already estimate path loss and angle of arrival.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same maps could support simultaneous localization and authentication if position estimates are refined iteratively from the neighborhood comparisons.
Performance would degrade if the indoor layout changes after map collection, suggesting periodic map updates as a practical requirement.
Integration with higher-layer authentication could reduce the frequency of expensive cryptographic checks when the physical-layer check passes.

Load-bearing premise

Ray-tracing-derived channel knowledge maps remain accurate enough in the neighborhood of a moving device's true position, and an attacker cannot produce signals that simultaneously match both the path loss and angle of arrival entries in those maps.

What would settle it

A measurement campaign in the same indoor environment showing that real dominant-tap path loss and angle of arrival values deviate substantially from the ray-traced map entries, or a successful attack in which an adversary transmits a waveform whose dominant tap matches both map values at a nearby location.

Figures

Figures reproduced from arXiv: 2606.27044 by Francesco Ardizzon, Luca Bonaventura, Stefano Tomasin.

**Figure 2.** Figure 2: DET curves against the random position attack for various estimation noises values, [PITH_FULL_IMAGE:figures/full_fig_p006_2.png] view at source ↗

**Figure 3.** Figure 3: DET curve for K = 0.05 for considering random position attack, the informed attack with various values of WT, and the full map attack. [7] K. Li, P. Li, Y. Zeng, and J. Xu, “Channel knowledge map for environment-aware communications: EM algorithm for map construction,” in Proc. of Wireless Commun. and Netw. Conf. (WCNC). IEEE, 2022, pp. 1659–1664. [8] Z. Dai et al., “Prototyping and experimental results f… view at source ↗

read the original abstract

Physical layer authentication (PLA) allows to authenticate the user by comparing measurements over time, assuming their time consistency or by modeling their evolution. However, these assumptions become problematic when devices are in motion and in indoor environments due to multipath propagation and obstructions. In this paper, we propose a PLA mechanism for moving devices in indoor environments, where multiple access points (APs) estimate the dominant channel tap path loss (PL) and angle of arrival (AoA) from the received signals and compare them with previously collected channel knowledge maps (CKMs). Specifically, the measurements are compared to those in the neighborhood of the previously known position obtained from CKMs. A comprehensive security analysis is conducted under both random and optimal attacks. Numerical results in a representative indoor scenario, with CKM obtained via ray tracing, validate the effectiveness of the proposed PLA approach.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper extends PLA to moving indoor devices by matching multi-AP dominant-tap PL and AoA to ray-traced CKM neighborhoods, with simulations showing separation from random and optimal attacks.

read the letter

The one or two things to know about this paper are that it proposes a physical layer authentication scheme for moving devices in indoor environments by comparing dominant-tap path loss and angle of arrival measurements from multiple access points to neighborhoods in a channel knowledge map built with ray tracing, and that their simulations indicate it works against both random and optimal attacks.

What is actually new is applying the CKM concept specifically to handle mobility indoors, where traditional assumptions about channel consistency break down due to multipath. The neighborhood comparison around the previous position allows tracking without needing perfect time-based predictions.

The paper does a solid job describing the mechanism and conducting the security analysis. The numerical results in a representative indoor scenario provide concrete validation that legitimate moving devices match the map while attackers do not.

The main soft spot is the load-bearing role of the ray-tracing CKM accuracy. Ray tracing can be sensitive to unmodeled factors like furniture or material constants, and an optimal attacker with some map knowledge might generate signals that fall into the acceptance region due to mismatches with real propagation. This is a real concern for the claims, though the paper tests it in simulation.

A secondary point is the lack of detail in the abstract on how the neighborhood size is chosen or what the false positive rates look like, but that can be clarified in review.

This kind of paper is for researchers focused on wireless physical layer security and indoor positioning systems. Readers working on practical authentication for mobile devices would get value from the attack models and the use of CKMs.

It deserves a serious referee because the contribution is clear and the evaluation is grounded in a relevant scenario, even if the simulation-to-reality step needs scrutiny.

I recommend sending this to peer review.

Referee Report

2 major / 2 minor

Summary. The paper proposes a physical layer authentication (PLA) scheme for moving devices in indoor environments. Multiple access points estimate the dominant-tap path loss (PL) and angle of arrival (AoA) from received signals and compare these measurements against channel knowledge maps (CKMs) generated via ray tracing, specifically in the spatial neighborhood of the device's last known position. Security is analyzed under random and optimal attacks, with effectiveness validated through numerical results in a representative indoor scenario.

Significance. If the central assumptions hold, the approach could address limitations of traditional PLA in mobile indoor settings by leveraging CKM neighborhood matching rather than time-consistency assumptions. The multi-AP use of dominant-tap PL and AoA provides a concrete mechanism, and the explicit treatment of optimal attacks is a strength. However, significance is tempered because all validation is simulation-based on ray-tracing CKMs without real-world channel measurements.

major comments (2)

[Numerical results] Numerical results section: the validation of effectiveness under optimal attacks rests entirely on ray-tracing-derived CKMs matching real dominant-tap PL and AoA values in spatial neighborhoods around the true (unknown) position. No comparison to measured data is reported, leaving the load-bearing assumption about CKM fidelity untested against unmodeled effects such as material constants, furniture, or diffraction.
[Security analysis] Security analysis: the claim that an optimal attacker cannot synthesize a signal whose observed PL/AoA vector at the APs falls inside the acceptance region is not supported by explicit equations defining the acceptance threshold, error margins, or sensitivity analysis to CKM mismatch. This makes it unclear whether small ray-tracing inaccuracies would enable attacks.

minor comments (2)

The abstract states that CKMs are 'previously collected' yet obtained via ray tracing; clarifying whether the maps are static pre-computed or updated would improve readability.
Notation for the neighborhood size and comparison metric (e.g., distance in PL-AoA space) should be defined explicitly with an equation or pseudocode.

Simulated Author's Rebuttal

2 responses · 1 unresolved

We thank the referee for the constructive comments on our manuscript. Below we provide point-by-point responses to the major comments. We have revised the manuscript where feasible while remaining honest about the simulation-based nature of the study.

read point-by-point responses

Referee: [Numerical results] Numerical results section: the validation of effectiveness under optimal attacks rests entirely on ray-tracing-derived CKMs matching real dominant-tap PL and AoA values in spatial neighborhoods around the true (unknown) position. No comparison to measured data is reported, leaving the load-bearing assumption about CKM fidelity untested against unmodeled effects such as material constants, furniture, or diffraction.

Authors: The referee correctly notes that the validation relies on ray-tracing simulations without real-world measurements. This is a limitation of the present work, which focuses on the algorithmic approach and security analysis using simulated CKMs; collecting measured data would require a separate experimental campaign outside the current scope. In the revised manuscript we have added explicit discussion of the CKM fidelity assumptions and listed real-world validation as future work. revision: partial
Referee: [Security analysis] Security analysis: the claim that an optimal attacker cannot synthesize a signal whose observed PL/AoA vector at the APs falls inside the acceptance region is not supported by explicit equations defining the acceptance threshold, error margins, or sensitivity analysis to CKM mismatch. This makes it unclear whether small ray-tracing inaccuracies would enable attacks.

Authors: We agree that the original security analysis would be strengthened by explicit equations. The revised manuscript now includes the precise definition of the acceptance region (based on neighborhood matching of PL and AoA vectors), the threshold criterion, associated error margins, and a sensitivity analysis quantifying how CKM mismatch affects the optimal attack success probability. revision: yes

standing simulated objections not resolved

Provision of real-world measured channel data to validate CKM fidelity, as the study is entirely simulation-based.

Circularity Check

0 steps flagged

No significant circularity; derivation self-contained via external ray-tracing CKMs

full rationale

The paper proposes a PLA scheme that compares dominant-tap PL and AoA measurements against neighborhoods in CKMs generated externally via ray tracing. Numerical validation in an indoor scenario demonstrates effectiveness against random and optimal attacks without any reduction of predictions to fitted parameters defined by the same data, self-definitional loops, or load-bearing self-citations. The central claim rests on the independent generation of CKMs and the modeling of attacker capabilities, which are not equivalent to the inputs by construction. No steps meet the criteria for circularity under the enumerated patterns.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract-only review supplies no explicit free parameters, axioms, or invented entities; the approach implicitly assumes ray-tracing accurately captures dominant taps and that neighborhood comparison suffices for authentication.

pith-pipeline@v0.9.1-grok · 5671 in / 1082 out tokens · 32108 ms · 2026-06-26T03:51:39.335637+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

17 extracted references

[1]

A tutorial on environment-aware communications via channel knowledge map for 6G,

Y . Zenget al., “A tutorial on environment-aware communications via channel knowledge map for 6G,”IEEE Commun. Surveys Tuts., vol. 26, no. 3, pp. 1478–1519, Feb. 2024

2024
[2]

Physical layer-based device fingerprinting for wireless security: From theory to practice,

J. Zhang, F. Ardizzon, M. Piana, G. Shen, and S. Tomasin, “Physical layer-based device fingerprinting for wireless security: From theory to practice,”IEEE Trans. Inf. F orensics Security, vol. 20, pp. 5296–5325, May 2025

2025
[3]

Physical layer authentication over MIMO fading wiretap channels,

P. Baracca, N. Laurenti, and S. Tomasin, “Physical layer authentication over MIMO fading wiretap channels,”IEEE Wireless Commun. Mag., vol. 11, no. 7, pp. 2564–2573, May 2012

2012
[4]

Learning to communicate in UA V-aided wireless networks: Map-based approaches,

O. Esrafilian, R. Gangula, and D. Gesbert, “Learning to communicate in UA V-aided wireless networks: Map-based approaches,” vol. 6, no. 2, pp. 1791–1802, Nov. 2019

2019
[5]

On the common AOA error in CKM-based integrated sensing and communications,

T. Zhao, X. Wang, W. Yang, X. Xi, and J. Li, “On the common AOA error in CKM-based integrated sensing and communications,”IEEE Commun. Lett., vol. 27, no. 7, pp. 1859–1863, Jul. 2023

2023
[6]

Channel gain map tracking via distributed kriging,

E. Dall’Anese, S.-J. Kim, and G. B. Giannakis, “Channel gain map tracking via distributed kriging,”IEEE Trans. V eh. Technol., vol. 60, no. 3, pp. 1205–1211, Mar. 2011. 10−4 10−3 10−2 10−1 10010−4 10−3 10−2 10−1 100 PF A PMD N= 1 N= 2 N= 3 N= 4 (a)K= 0.1, varyingN. 10−4 10−3 10−2 10−1 10010−4 10−3 10−2 10−1 100 PF A PMD K= 0.001 0.01 0.05 0.1 0.2 0.5 (b) ...

2011
[7]

Channel knowledge map for environment-aware communications: EM algorithm for map construc- tion,

K. Li, P. Li, Y . Zeng, and J. Xu, “Channel knowledge map for environment-aware communications: EM algorithm for map construc- tion,” inProc. of Wireless Commun. and Netw. Conf. (WCNC). IEEE, 2022, pp. 1659–1664

2022
[8]

Prototyping and experimental results for environment- aware millimeter wave beam alignment via channel knowledge map,

Z. Daiet al., “Prototyping and experimental results for environment- aware millimeter wave beam alignment via channel knowledge map,” IEEE Trans. V eh. Technol., vol. 73, no. 11, pp. 16 805–16 816, Nov. 2024

2024
[9]

Channel knowledge map (CKM)-assisted multi-UA V wireless network: CKM construction and UA V placement,

H. Li, P. Li, G. Cheng, J. Xu, J. Chen, and Y . Zeng, “Channel knowledge map (CKM)-assisted multi-UA V wireless network: CKM construction and UA V placement,”J. Commun. Info. Netw., vol. 8, no. 3, pp. 256– 270, Sept. 2023

2023
[10]

Prototyping and experimental results for ISAC-based channel knowledge map,

C. Zhang, Z. Zhou, X. Xu, Y . Zeng, Z. Zhang, and S. Jin, “Prototyping and experimental results for ISAC-based channel knowledge map,”IEEE Trans. V eh. Technol., vol. 74, no. 7, pp. 10 719–10 731, Feb. 2025

2025
[11]

Knowledge- enhanced physical layer authentication for mobile devices,

Q. Wang, W. Liang, J. Zhang, K. Wang, and X. Jiang, “Knowledge- enhanced physical layer authentication for mobile devices,”IEEE Trans. Consum. Electron., vol. 70, no. 4, pp. 7436–7448, Nov. 2024

2024
[12]

Performance analysis of MUSIC, root-MUSIC and ESPRIT DOA estimation algorithm,

N. P. Waweru, D. B. O. Konditi, and P. K. Langat, “Performance analysis of MUSIC, root-MUSIC and ESPRIT DOA estimation algorithm,”Int. 10−4 10−3 10−2 10−1 10010−4 10−3 10−2 10−1 100 PF A PMD Full Map Att., LT Full Map Att., GLRT Rand. Pos. Att., LT Rand. Pos. Att., GLRT Fig. 4. DET comparing LT and GLRT against random position and full map attack forK= 0....

2014
[13]

Benvenuto, G

N. Benvenuto, G. Cherubini, and S. Tomasin,Algorithms for Commu- nications Systems and their Applications. John Wiley & Sons, 2021

2021
[14]

Maximum- likelihood estimation of Rician distribution parameters,

J. Sijbers, A. den Dekker, P. Scheunders, and D. Van Dyck, “Maximum- likelihood estimation of Rician distribution parameters,”IEEE Trans. Med. Imag., vol. 17, no. 3, pp. 357–361, Jun. 1998

1998
[15]

MUSIC, maximum likelihood, and Cramer- Rao bound,

P. Stoica and A. Nehorai, “MUSIC, maximum likelihood, and Cramer- Rao bound,”IEEE Trans. Acoust., Speech, Signal Process., vol. 37, no. 5, pp. 720–741, May 1989

1989
[16]

On the relation between OC-LSSVM and likelihood test for physical layer authentication,

F. Ardizzon and S. Tomasin, “On the relation between OC-LSSVM and likelihood test for physical layer authentication,”IEEE Commun. Lett., vol. 29, no. 12, pp. 2865–2869, Oct. 2025

2025
[17]

Developing three dimensional localization system using deep learning and pre-trained architectures for IEEE 802.11 Wi-Fi,

A. H. Hamza, S. A. Hussein, G. A. Ismaeel, S. Q. Abbas, M. M. A. Zahra, and A. H. Sabry, “Developing three dimensional localization system using deep learning and pre-trained architectures for IEEE 802.11 Wi-Fi,”East.-Eur . J. Enterp. Technol., vol. 4, no. 9(118), p. 41–47, Aug. 2022

2022

[1] [1]

A tutorial on environment-aware communications via channel knowledge map for 6G,

Y . Zenget al., “A tutorial on environment-aware communications via channel knowledge map for 6G,”IEEE Commun. Surveys Tuts., vol. 26, no. 3, pp. 1478–1519, Feb. 2024

2024

[2] [2]

Physical layer-based device fingerprinting for wireless security: From theory to practice,

J. Zhang, F. Ardizzon, M. Piana, G. Shen, and S. Tomasin, “Physical layer-based device fingerprinting for wireless security: From theory to practice,”IEEE Trans. Inf. F orensics Security, vol. 20, pp. 5296–5325, May 2025

2025

[3] [3]

Physical layer authentication over MIMO fading wiretap channels,

P. Baracca, N. Laurenti, and S. Tomasin, “Physical layer authentication over MIMO fading wiretap channels,”IEEE Wireless Commun. Mag., vol. 11, no. 7, pp. 2564–2573, May 2012

2012

[4] [4]

Learning to communicate in UA V-aided wireless networks: Map-based approaches,

O. Esrafilian, R. Gangula, and D. Gesbert, “Learning to communicate in UA V-aided wireless networks: Map-based approaches,” vol. 6, no. 2, pp. 1791–1802, Nov. 2019

2019

[5] [5]

On the common AOA error in CKM-based integrated sensing and communications,

T. Zhao, X. Wang, W. Yang, X. Xi, and J. Li, “On the common AOA error in CKM-based integrated sensing and communications,”IEEE Commun. Lett., vol. 27, no. 7, pp. 1859–1863, Jul. 2023

2023

[6] [6]

Channel gain map tracking via distributed kriging,

E. Dall’Anese, S.-J. Kim, and G. B. Giannakis, “Channel gain map tracking via distributed kriging,”IEEE Trans. V eh. Technol., vol. 60, no. 3, pp. 1205–1211, Mar. 2011. 10−4 10−3 10−2 10−1 10010−4 10−3 10−2 10−1 100 PF A PMD N= 1 N= 2 N= 3 N= 4 (a)K= 0.1, varyingN. 10−4 10−3 10−2 10−1 10010−4 10−3 10−2 10−1 100 PF A PMD K= 0.001 0.01 0.05 0.1 0.2 0.5 (b) ...

2011

[7] [7]

Channel knowledge map for environment-aware communications: EM algorithm for map construc- tion,

K. Li, P. Li, Y . Zeng, and J. Xu, “Channel knowledge map for environment-aware communications: EM algorithm for map construc- tion,” inProc. of Wireless Commun. and Netw. Conf. (WCNC). IEEE, 2022, pp. 1659–1664

2022

[8] [8]

Prototyping and experimental results for environment- aware millimeter wave beam alignment via channel knowledge map,

Z. Daiet al., “Prototyping and experimental results for environment- aware millimeter wave beam alignment via channel knowledge map,” IEEE Trans. V eh. Technol., vol. 73, no. 11, pp. 16 805–16 816, Nov. 2024

2024

[9] [9]

Channel knowledge map (CKM)-assisted multi-UA V wireless network: CKM construction and UA V placement,

H. Li, P. Li, G. Cheng, J. Xu, J. Chen, and Y . Zeng, “Channel knowledge map (CKM)-assisted multi-UA V wireless network: CKM construction and UA V placement,”J. Commun. Info. Netw., vol. 8, no. 3, pp. 256– 270, Sept. 2023

2023

[10] [10]

Prototyping and experimental results for ISAC-based channel knowledge map,

C. Zhang, Z. Zhou, X. Xu, Y . Zeng, Z. Zhang, and S. Jin, “Prototyping and experimental results for ISAC-based channel knowledge map,”IEEE Trans. V eh. Technol., vol. 74, no. 7, pp. 10 719–10 731, Feb. 2025

2025

[11] [11]

Knowledge- enhanced physical layer authentication for mobile devices,

Q. Wang, W. Liang, J. Zhang, K. Wang, and X. Jiang, “Knowledge- enhanced physical layer authentication for mobile devices,”IEEE Trans. Consum. Electron., vol. 70, no. 4, pp. 7436–7448, Nov. 2024

2024

[12] [12]

Performance analysis of MUSIC, root-MUSIC and ESPRIT DOA estimation algorithm,

N. P. Waweru, D. B. O. Konditi, and P. K. Langat, “Performance analysis of MUSIC, root-MUSIC and ESPRIT DOA estimation algorithm,”Int. 10−4 10−3 10−2 10−1 10010−4 10−3 10−2 10−1 100 PF A PMD Full Map Att., LT Full Map Att., GLRT Rand. Pos. Att., LT Rand. Pos. Att., GLRT Fig. 4. DET comparing LT and GLRT against random position and full map attack forK= 0....

2014

[13] [13]

Benvenuto, G

N. Benvenuto, G. Cherubini, and S. Tomasin,Algorithms for Commu- nications Systems and their Applications. John Wiley & Sons, 2021

2021

[14] [14]

Maximum- likelihood estimation of Rician distribution parameters,

J. Sijbers, A. den Dekker, P. Scheunders, and D. Van Dyck, “Maximum- likelihood estimation of Rician distribution parameters,”IEEE Trans. Med. Imag., vol. 17, no. 3, pp. 357–361, Jun. 1998

1998

[15] [15]

MUSIC, maximum likelihood, and Cramer- Rao bound,

P. Stoica and A. Nehorai, “MUSIC, maximum likelihood, and Cramer- Rao bound,”IEEE Trans. Acoust., Speech, Signal Process., vol. 37, no. 5, pp. 720–741, May 1989

1989

[16] [16]

On the relation between OC-LSSVM and likelihood test for physical layer authentication,

F. Ardizzon and S. Tomasin, “On the relation between OC-LSSVM and likelihood test for physical layer authentication,”IEEE Commun. Lett., vol. 29, no. 12, pp. 2865–2869, Oct. 2025

2025

[17] [17]

Developing three dimensional localization system using deep learning and pre-trained architectures for IEEE 802.11 Wi-Fi,

A. H. Hamza, S. A. Hussein, G. A. Ismaeel, S. Q. Abbas, M. M. A. Zahra, and A. H. Sabry, “Developing three dimensional localization system using deep learning and pre-trained architectures for IEEE 802.11 Wi-Fi,”East.-Eur . J. Enterp. Technol., vol. 4, no. 9(118), p. 41–47, Aug. 2022

2022