🤖 AI Summary
This study investigates the robustness of reconfigurable intelligent surface (RIS)-assisted physical-layer authentication systems against identity spoofing by multi-antenna adversaries in multipath channels. Considering an attacker with prior channel knowledge, the work derives the adversary’s optimal spoofing strategy and establishes conditions under which authentication fails, through rigorous channel modeling, optimal precoding design, and statistical distinguishability analysis. It is revealed for the first time that multipath propagation fundamentally prevents a single-antenna attacker from successfully impersonating a legitimate user, whereas line-of-sight (LoS)-dominant single-path scenarios remain vulnerable. Both theoretical analysis and simulations demonstrate that, in rich multipath environments, the attacker cannot align the receiver’s estimated channel with that of the legitimate user, thereby significantly enhancing the system’s intrinsic security.
📝 Abstract
In physical layer authentication, verification of a user's identity is based on the characteristics of the transmission channel through which signals are delivered to the authenticator (Bob). In this paper, we assume that the signals received by Bob pass through a \ac{RIS} (controlled by Bob) and that the legitimate transmitter (Alice) is equipped with one antenna. Conversely, the attacker (Trudy) has multiple antennas and uses precoding to deceive Bob's verification. Assuming that Trudy knows all the channel matrices, we first derive her optimal attack strategy. Then, we analyse the conditions under which the channel estimated by Bob is indistinguishable when either Alice or Trudy is transmitting. When Trudy has a single antenna, we show that the indistinguishability condition cannot be met when the channels to the RIS are the result of propagation over multiple paths. For single-path line-of-sight (LOS) conditions, instead, Trudy can impersonate Alice although transmitting from a different position. We verify these results numerically and assess the security of the considered scenario, even when the indistinguishability conditions cannot be met.