Angle-of-arrival (AoA) has been identified as a geometry-constrained feature for physical layer authentication (PLA) in digital antenna array systems. Recent theoretical results demonstrate that AoA impersonation is only feasible when an adversary shares the same spatial direction as the legitimate transmitter, even under multi-antenna precoding Β [1]. This chapter introduces a reproducible security challenge designed to evaluate this unforgeability property in a practical massive MIMO orthogonal frequency division multiplexing (OFDM) environment. Using a 64-antenna uniform linear array (ULA) and 100-subcarrier channel state information (CSI) measurements from the IEEE DataPort Ultra-Dense Indoor MaMIMO dataset Β [2], the challenge invites the research community to attempt spatial impersonation attacks under controlled geometric constraints. The objective is to empirically validate AoA robustness in realistic propagation environments and establish a benchmark for spatial-feature-based authentication in 6G systems.
Physical layer authentication (PLA) has emerged as a complementary mechanism to upper-layer cryptographic authentication in beyond-5G and 6G networks. Most PLA schemes rely on amplitude-dependent channel features such as channel impulse response (CIR), channel state information (CSI), or received signal strength (RSS). These features, however, can be manipulated through transmit-side precoding, particularly when adversaries are equipped with multiple antennas.
Angle-of-arrival (AoA) constitutes a fundamentally different class of feature. When estimated using a digital uniform linear array (ULA), AoA is intrinsically tied to transmitter geometry. Under far-field narrowband assumptions, the received baseband signal at antenna index π is
| (1) |
where π₯π denotes the received complex baseband signal at the π-th antenna element, π is the transmitted complex baseband signal, π is the antenna index, π is the inter-element spacing, π is the signal wavelength, and π denotes the angle of arrival (AoA) measured relative to the array broadside. The noise term ππ represents additive complex Gaussian noise at antenna π. The steering vector structure constrains spatial signatures observable at the receiver. Recent analysis in Β [1] proves that even with arbitrary multi-antenna precoding, an adversary cannot impersonate the AoA of a legitimate transmitter unless they are aligned in the same spatial direction. This result motivates a community-level security challenge to test the robustness of AoA-based authentication in practical massive MIMO OFDM environments.
The Physical Layer Authentication (PLA) protocol operates as follows: let h(ππ) β CπΓ1 denote the CSI vector at subcarrier ππ. AoA estimation is performed using subspace-based methods such as MUSIC across antennas. Authentication follows a two-phase protocol:
- Enrollment Phase: The legitimate transmitterβs AoA is estimated as 
enr and stored.
- Verification Phase: For a new transmission, AoA is estimated as 
ver and compared:
| (2) |
A threshold π determines authentication decisions and is typically determined based on the target false alarm probability.
The original dataset is available at this link: https://ieee-dataport.org/open-access/ultra-dense-indoor-mamimo-csi-dataset. The security challenges proposed are based on the Ultra-Dense Indoor Massive MIMO (MaMIMO) Channel State Information (CSI) dataset publicly available through IEEE DataPort Β [2]. The dataset was collected in an indoor ultra-dense deployment scenario designed to emulate realistic beyond-5G and 6G environments characterized by high spatial reuse, strong multipath propagation, and fine-grained spatial resolution. The measurement campaign employs a 64-element uniform linear array (ULA) as the receiver, operating in a time-division duplex (TDD) configuration. The antenna elements are arranged with 0.87 Γ half-wavelength inter-element spacing, ensuring spatial sampling consistent with classical array processing assumptions. The system operates using orthogonal frequency division multiplexing (OFDM) with 100 active subcarriers, enabling high-resolution frequency-domain channel estimation. The moving single antenna user transmits a pilot signal every 5Β mm, and for each spatial position, the dataset provides complex baseband CSI measurements across all antenna elements and subcarriers. Specifically, each CSI snapshot can be represented as a matrix
where each element captures the complex channel coefficient between a transmit antenna and a receive antenna at subcarrier ππ. The measurements reflect realistic propagation conditions with line-of-sight (LoS), spatial correlation, frequency selectivity, and multipath fading. The indoor environment in which the dataset was recorded exhibits rich scattering due to walls, furniture, and reflective surfaces. As a result, the dataset captures realistic angular spreads and spatial covariance structures that are critical for evaluating both angle-of-arrival estimation robustness and spatial decorrelation properties relevant to secret key generation.
The dataset structure enables spatial analysis across antenna elements, frequency-domain analysis across subcarriers, and joint spatial-frequency processing. This makes it particularly suitable for evaluating geometry-based authentication mechanisms as well as high-dimensional secret key extraction schemes. TableΒ 1 summarizes the key parameters of the MaMIMO CSI original dataset.
| Parameter | Specification |
| Deployment Scenario | Indoor ultra-dense environment |
| Array Configuration | Uniform Linear Array (ULA) |
| Number of Antenna Elements | 64 |
| Antenna Spacing | 0.87 Γ π/2 |
| Duplexing Mode | Time-Division Duplex (TDD) |
| Modulation Scheme | OFDM |
| Number of Subcarriers | 100 |
| CSI Representation | Complex baseband coefficients |
| Channel Dimension per Snapshot | 64 Γ 100 (spatial Γ frequency) |
| Propagation Conditions | LoS and NLoS |
| Spatial User Positions | Multiple indoor locations |
| Data Availability | IEEE DataPort |
In addition to raw CSI values, the dataset provides the ground-truth coordinates of each spatial position, and the midpoint of the ULA is the reference. This makes it possible to compute the ground-truth AoA and user positions, enabling controlled evaluation of angular separation constraints and proximity-based eavesdropping scenarios.
The combination of large-scale antenna arrays, frequency-selective channel observations, and spatially dense measurement positions makes this dataset an appropriate benchmark for evaluating geometry-constrained security mechanisms in massive MIMO systems.
The software needed for data processing is available at this link: https://6jwvqfw2j7lzakeepstj74.streamlit.app/.
In this challenge, we consider a subset of 26 datapoints extracted from a chunk of the original dataset that comprises 251 ways and 251 datapoints per way. The subsampling is performed by retaining a single datapoint per way, selecting every 10th way (π€0,π€10,π€20,β¦,π€250), and always picking the datapoint located at the farthest distance from the antenna array as depicted in Fig. 1. This last criterion follows from the snake structure of the measurement grid: the farthest point alternates between index 250 for even-numbered ways and index 0 for odd-numbered ways. The resulting 26 points are physically separated by 50 mm from one another, all lying along the same line. This selection is motivated by two properties: first, the uniform spatial separation ensures that the 26 reference AoA values are well-spread and geometrically distinct, eliminating any angular ambiguity in the authentication process; second, operating at maximum distance from the array places all points in a consistent far-field regime, where AoA estimation via MUSIC is most accurate and reliable.
The system model for the challenge is illustrated in Fig. 2. The reference coordinate system is centered at the midpoint of the ULA. The 26 selected reference points are positioned along the far line. All the reference positions lie to the left of the array center, resulting in strictly negative AoA values. For each reference point, the AoA π is defined as the angle between the incoming wavefront and the broadside direction of the array, and is estimated at the ULA using the MUSIC algorithm.
For each datapoint, the AoA is estimated as follows:
Finally, the impersonation challenge can be stated as follows:
An adversary at angle 
cannot impersonate a legitimate transmitter at angle π, regardless of any complex
precoding, as long as 
β I = [πGT β π,πGT + π].
Fig. 3 illustrates the ground-truth, the estimated AoAs (MUSIC) of each datapoint, along with the acceptance interval.
Select any datapoint. You know its ground-truth AoA and the acceptance interval I . Choose your physical angle
β I and any complex precoding scalar π (a complex scalar will be represented by its modulus |π| and its phase
β π). The MUSIC estimator will output your true angle. Can you make it output an angle in the acceptance interval I
? If so, youβve passed the challenge.
Based on Proposition 1 of Β [1], in an ideal setting MUSIC always outputs 
regardless of π, since
scaling the channel by a complex scalar does not alter the spatial covariance structure nor the noise
subspace.
Participants should submit a datapoint, a valid physical angle and a precoding scalar π, together with a description of their methodology, including well-commented code and an explanation of the proposed solution.
The evaluation metric is the absolute angular error between the MUSIC-estimated AoA and the ground-truth AoA of the target point, defined as:
| (3) |
A submission is declared successful if π < π, where π is the acceptance margin derived from the maximum MUSIC estimation error observed across the 26 legitimate reference points:
| (4) |
The challenge is considered broken if the challenger achieves π < π while transmitting from an angle 
β I , i.e.,
from outside the acceptance interval I of the target point.
Fig. 4 depicts a sample of the challenge performed on GT = β19.6295β¦, andΒ I = [β22.6683β¦,β16.5907β¦]. When
= β30β¦, |π| = 10 and β π = 40β¦, as expected, the algorithm returns 
= β30β¦.
= β30β¦ |π| = 10 and β π = 40β¦. 
