To address the high pilot overhead and weak resilience against man-in-the-middle (MitM) and channel replay attacks in physical-layer authentication, this paper proposes a lightweight authentication scheme integrating intelligent reflecting surface (IRS)-enabled channel control with wiretap coding. We first deeply couple an instantaneous channel state information (CSI) challenge–response mechanism with shared-key-based wiretap coding, establishing a joint optimization framework balancing pilot overhead, coding rate, and authentication security. By dynamically configuring channel challenges via IRS, covertly transmitting identifier keys, and verifying randomly selected channel responses at the receiver, the scheme significantly enhances authentication robustness. Experimental results demonstrate that the method achieves high-reliability, low-latency authentication under limited pilot resources, while effectively mitigating both channel replay and MitM attacks.

This letter proposes a new physical layer authentication mechanism operating at the physical layer of a communication system where the receiver has partial control of the channel conditions (e.g., using an intelligent reflecting surface). We aim to exploit both instantaneous channel state information (CSI) and a secret shared key for authentication. This is achieved by both transmitting an identifying key by wiretap coding (to conceal the key from the attacker) and checking that the instantaneous CSI corresponds to the channel configuration randomly selected by the receiver. We investigate the trade-off between the pilot signals used for CSI estimation and the coding rate (or key length) to improve the overall security of the authentication procedure.