This paper investigates whether Angle of Arrival (AoA) can serve as a reliable feature for physical-layer authentication (PLA), particularly when an adversary attempts to impersonate a legitimate transmitter. While previous PLA methods often rely on features such as channel frequency response, channel impulse response, or received signal strength, AoA-based authentication has received far less scrutiny especially regarding its robustness under deliberate spoofing attacks. The authors consider a system where the receiver (Bob) uses a digital antenna array to estimate the AoA of incoming signals from a legitimate user (Alice). An attacker (Eve) attempts to manipulate their transmitted signal through phase, amplitude, or multi-antenna precoding to match Alice’s AoA. The paper provides a rigorous theoretical analysis showing that impersonation is only possible under extremely restrictive conditions: the attacker must be located in precisely the same spatial direction as the legitimate user. If Eve’s AoA differs from Alice’s, even slightly, the mean square error between the legitimate and forged signals cannot be reduced to zero, regardless of Eve’s number of antennas or precoding strategy. This result holds across the single-antenna case, the two-antenna case, and the general multi-antenna scenario.
The authors complement their analytical derivations with simulations, using the MUSIC algorithm for AoA estimation. Numerical results such as those shown in the AoA estimation curves and the MSE surfaces confirm that Eve cannot successfully imitate Alice unless the angles perfectly align. Even when Eve increases the number of antennas, the system’s vulnerability does not worsen: additional antennas do not meaningfully improve Eve’s ability to falsify the AoA. Beyond assessing adversarial conditions, the paper also discusses practical applications of AoA-based PLA. These include continuous authentication, automatic device enrollment in smart environments, and integration with secret key generation for lightweight physical-layer authentication and key agreement (PHY-AKA). While AoA alone cannot uniquely determine a node’s location in all scenarios, it offers a strong physical feature when combined with additional mechanisms or multi-factor approaches. Overall, the study demonstrates that AoA-based authentication (implemented with digital antenna arrays) offers strong resistance against impersonation attacks and represents a promising direction for secure IoT and 6G systems.