Challenge 2: Angle-of-Arrival-Based Physical Layer Authentication in Digital Massive MIMO Systems
Abstract
Angle-of-arrival (AoA) has been identified as a geometry-constrained feature for physical layer authentication (PLA) in digital antenna array systems. Recent theoretical results demonstrate that AoA impersonation is only feasible when an adversary shares the same spatial direction as the legitimate transmitter, even under multi-antenna precoding [1]. This chapter introduces a reproducible security challenge designed to evaluate this unforgeability property in a practical massive MIMO orthogonal frequency division multiplexing (OFDM) environment. Using a 64-antenna uniform linear array (ULA) and 100-subcarrier channel state information (CSI) measurements from the IEEE DataPort Ultra-Dense Indoor MaMIMO dataset [2], the challenge invites the research community to attempt spatial impersonation attacks under controlled geometric constraints. The objective is to empirically validate AoA robustness in realistic propagation environments and establish a benchmark for spatial-feature-based authentication in 6G systems.
Physical layer authentication (PLA) has emerged as a complementary mechanism to upper-layer cryptographic authentication in beyond-5G and 6G networks. Most PLA schemes rely on amplitude-dependent channel features such as channel impulse response (CIR), channel state information (CSI), or received signal strength (RSS). These features, however, can be manipulated through transmit-side precoding, particularly when adversaries are equipped with multiple antennas.
Angle-of-arrival (AoA) constitutes a fundamentally different class of feature. When estimated using a digital uniform linear array (ULA), AoA is intrinsically tied to transmitter geometry. Under far-field narrowband assumptions, the received baseband signal at antenna index m is
where xm denotes the received complex baseband signal at the m-th antenna element, s is the transmitted complex baseband signal, m is the antenna index, d is the inter-element spacing, λ is the signal wavelength, and θ denotes the angle of arrival (AoA) measured relative to the array broadside. The noise term nm represents additive complex Gaussian noise at antenna m. The steering vector structure constrains spatial signatures observable at the receiver. Recent analysis in [1] proves that even with arbitrary multi-antenna precoding, an adversary cannot impersonate the AoA of a legitimate transmitter unless they are aligned in the same spatial direction. This result motivates a community-level security challenge to test the robustness of AoA-based authentication in practical massive MIMO OFDM environments.
The Physical Layer Authentication (PLA) protocol operates as follows: let h(fk) ∈ CM×1 denote the CSI vector at subcarrier fk. AoA estimation is performed using subspace-based methods such as MUSIC across antennas. Authentication follows a two-phase protocol:
– Enrollment Phase: The legitimate transmitter’s AoA is estimated as 
enr and stored.
– Verification Phase: For a new transmission, AoA is estimated as 
ver and compared:
A threshold τ determines authentication decisions and is typically determined based on the target false alarm probability.
Dataset
The original dataset is available at this link: https://ieee-dataport.org/open-access/ultra-dense-indoor-mamimo-csi-dataset. The security challenges proposed are based on the Ultra-Dense Indoor Massive MIMO (MaMIMO) Channel State Information (CSI) dataset publicly available through IEEE DataPort [2]. The dataset was collected in an indoor ultra-dense deployment scenario designed to emulate realistic beyond-5G and 6G environments characterized by high spatial reuse, strong multipath propagation, and fine-grained spatial resolution. The measurement campaign employs a 64-element uniform linear array (ULA) as the receiver, operating in a time-division duplex (TDD) configuration. The antenna elements are arranged with 0.87 × half-wavelength inter-element spacing, ensuring spatial sampling consistent with classical array processing assumptions. The system operates using orthogonal frequency division multiplexing (OFDM) with 100 active subcarriers, enabling high-resolution frequency-domain channel estimation. The moving single antenna user transmits a pilot signal every 5 mm, and for each spatial position, the dataset provides complex baseband CSI measurements across all antenna elements and subcarriers. Specifically, each CSI snapshot can be represented as a matrix
where each element captures the complex channel coefficient between a transmit antenna and a receive antenna at subcarrier fk. The measurements reflect realistic propagation conditions with line-of-sight (LoS), spatial correlation, frequency selectivity, and multipath fading. The indoor environment in which the dataset was recorded exhibits rich scattering due to walls, furniture, and reflective surfaces. As a result, the dataset captures realistic angular spreads and spatial covariance structures that are critical for evaluating both angle-of-arrival estimation robustness and spatial decorrelation properties relevant to secret key generation.
The dataset structure enables spatial analysis across antenna elements, frequency-domain analysis across subcarriers, and joint spatial-frequency processing. This makes it particularly suitable for evaluating geometry-based authentication mechanisms as well as high-dimensional secret key extraction schemes. Table 1 summarizes the key parameters of the MaMIMO CSI original dataset.
| Parameter | Specification |
|---|---|
| Deployment Scenario | Indoor ultra-dense environment |
| Array Configuration | Uniform Linear Array (ULA) |
| Number of Antenna Elements | 64 |
| Antenna Spacing | 0.87 × λ/2 |
| Duplexing Mode | Time-Division Duplex (TDD) |
| Modulation Scheme | OFDM |
| Number of Subcarriers | 100 |
| CSI Representation | Complex baseband coefficients |
| Channel Dimension per Snapshot | 64 × 100 (spatial × frequency) |
| Propagation Conditions | LoS and NLoS |
| Spatial User Positions | Multiple indoor locations |
| Data Availability | IEEE DataPort |
In addition to raw CSI values, the dataset provides the ground-truth coordinates of each spatial position, and the midpoint of the ULA is the reference. This makes it possible to compute the ground-truth AoA and user positions, enabling controlled evaluation of angular separation constraints and proximity-based eavesdropping scenarios.
The combination of large-scale antenna arrays, frequency-selective channel observations, and spatially dense measurement positions makes this dataset an appropriate benchmark for evaluating geometry-constrained security mechanisms in massive MIMO systems.
Challenge Description
The software needed for data processing is available at this link: https://6jwvqfw2j7lzakeepstj74.streamlit.app/.
In this challenge, we consider a subset of 26 datapoints extracted from a chunk of the original dataset that comprises 251 ways and 251 datapoints per way. The subsampling is performed by retaining a single datapoint per way, selecting every 10th way (w0, w10, w20, …, w250), and always picking the datapoint located at the farthest distance from the antenna array as depicted in Fig. 1. This last criterion follows from the snake structure of the measurement grid: the farthest point alternates between index 250 for even-numbered ways and index 0 for odd-numbered ways. The resulting 26 points are physically separated by 50 mm from one another, all lying along the same line. This selection is motivated by two properties: first, the uniform spatial separation ensures that the 26 reference AoA values are well-spread and geometrically distinct, eliminating any angular ambiguity in the authentication process; second, operating at maximum distance from the array places all points in a consistent far-field regime, where AoA estimation via MUSIC is most accurate and reliable.
The system model for the challenge is illustrated in Fig. 2. The reference coordinate system is centered at the midpoint of the ULA. The 26 selected reference points are positioned along the far line. All the reference positions lie to the left of the array center, resulting in strictly negative AoA values. For each reference point, the AoA θ is defined as the angle between the incoming wavefront and the broadside direction of the array, and is estimated at the ULA using the MUSIC algorithm.
For each datapoint, the AoA is estimated as follows:
- We first compute the ground-truth (GT) AoA θGT of each datapoint using the given ground-truth coordinates.
- Since the original collected data are affected by hardware impairments, we calibrated the datapoints to mitigate these impairments.
- After calibration, AoA estimation is performed using the MUSIC algorithm with spatial smoothing applied over a subarray of 16 antennas. The smoothed spatial covariance matrix is constructed from the calibrated CSI, decomposed into signal and noise subspaces via eigen decomposition, and the AoA is extracted as the peak of the MUSIC pseudo-spectrum evaluated over a fine angular grid of 3600 points spanning −90° to +90°. Using θGT as reference, we compute the estimation error for each datapoint. Finally, the maximum error is used as the acceptance interval to ensure that any AoA estimate stays within the interval. The maximum angle error determines the threshold τ.
Finally, the impersonation challenge can be stated as follows:
An adversary at angle 
cannot impersonate a legitimate transmitter at angle θ, regardless of any complex precoding, as long as 
∉ I = [θGT − τ, θGT + τ].
Fig. 3 illustrates the ground-truth, the estimated AoAs (MUSIC) of each datapoint, along with the acceptance interval.
Input and Output
Select any datapoint. You know its ground-truth AoA and the acceptance interval I. Choose your physical angle 
∉ I and any complex precoding scalar q (a complex scalar will be represented by its modulus |q| and its phase ∠q). The MUSIC estimator will output your true angle. Can you make it output an angle in the acceptance interval I? If so, you’ve passed the challenge.
Based on Proposition 1 of [1], in an ideal setting MUSIC always outputs 
regardless of q, since scaling the channel by a complex scalar does not alter the spatial covariance structure nor the noise subspace.
Participants should submit a datapoint, a valid physical angle and a precoding scalar q, together with a description of their methodology, including well-commented code and an explanation of the proposed solution.
Evaluation Metric
The evaluation metric is the absolute angular error between the MUSIC-estimated AoA and the ground-truth AoA of the target point, defined as:
A submission is declared successful if ξ < τ, where τ is the acceptance margin derived from the maximum MUSIC estimation error observed across the 26 legitimate reference points:
The challenge is considered broken if the challenger achieves ξ < τ while transmitting from an angle 
∉ I, i.e., from outside the acceptance interval I of the target point.
Fig. 4 depicts a sample of the challenge performed on GT = −19.6295°, and I = [−22.6683°, −16.5907°]. When 
= −30°, |q| = 10 and ∠q = 40°, as expected, the algorithm returns 
= −30°.
= −30°, |q| = 10 and ∠q = 40°.Bibliography
- T. M. Pham, L. Senigagliesi, M. Baldi, R. F. Schaefer, G. P. Fettweis, and A. Chorti, “Leveraging angle of arrival estimation against impersonation attacks in physical layer authentication,” IEEE Transactions on Information Forensics and Security, vol. 21, pp. 3226–3239, 2026.
- “Ultra-dense indoor MaMIMO CSI dataset,” IEEE DataPort, 2023. https://ieee-dataport.org/open-access/ultra-dense-indoor-mamimo-csi-dataset
To participate: submit your solution using the submission form.