Millimeter-wave (mmWave) beam alignment (BA) is vulnerable to eavesdropping and identity spoofing due to its omnidirectional broadcast nature. To address this, we propose CovertAuth—a novel framework that jointly designs covert communication and physical-layer authentication for the first time. Specifically, CovertAuth enhances transmission undetectability via alternating optimization of beam-training resources and transmit power, coupled with successive convex approximation. Simultaneously, it leverages inherent antenna array mutual coupling as a hardware-specific fingerprint and employs a weighted energy detector with analytical modeling to achieve lightweight, robust device authentication. Experimental results demonstrate that, under identical covertness constraints, CovertAuth significantly improves identity detection accuracy and end-to-end security performance. This work establishes a new security paradigm for mmWave BA—uniquely integrating covertness and trustworthiness at the physical layer.

Beam alignment (BA) is a crucial process in millimeter-wave (mmWave) communications, enabling precise directional transmission and efficient link establishment. However, due to characteristics like omnidirectional exposure and the broadcast nature of the BA phase, it is particularly vulnerable to eavesdropping and identity impersonation attacks. To this end, this paper proposes a novel secure framework named CovertAuth, designed to enhance the security of the BA phase against such attacks. In particular, to combat eavesdropping attacks, the closed-form expressions of successful BA probability and covert transmission rate are first derived. Then, a covert communication problem aimed at jointly optimizing beam training budget and transmission power is formulated to maximize covert communication rate, subject to the covertness requirement. An alternating optimization algorithm combined with successive convex approximation is employed to iteratively achieve optimal results. To combat impersonation attacks, the mutual coupling effect of antenna array impairments is explored as a device feature to design a weighted-sum energy detector based physical layer authentication scheme. Moreover, theoretical models for authentication metrics like detection and false alarm probabilities are also provided to conduct performance analysis. Based on these models, an optimization problem is constructed to determine the optimal weight value that maximizes authentication accuracy. Finally, simulation results demonstrate that CovertAuth presents improved detection accuracy under the same covertness requirement compared to existing works.