pith. sign in

arxiv: 2604.10327 · v1 · submitted 2026-04-11 · 📡 eess.SP

Deep Learning-Based Physical Layer Authentication Using 5G NR Sounding Reference Signals: A Temporal Generalization Study on Real Testbed Data

Sachinkumar B. Mallikarjun , Marvin Reski , Andreas Weinand , Hans D. Schotten This is my paper

Pith reviewed 2026-05-10 15:20 UTC · model grok-4.3

classification 📡 eess.SP
keywords physical layer authentication5G NRsounding reference signalsdeep learningresidual networktestbed evaluationtemporal generalizationequal error rate
0
0 comments X

The pith

A deep neural network authenticates 5G devices from channel features in sounding reference signals, reaching 3.92 percent equal error rate on time-separated test data.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper shows that physical layer authentication can distinguish legitimate 5G NR transmissions from spoofed ones by feeding channel measurements into a residual neural network. It processes sounding reference signals collected over multiple sessions on a real testbed and applies a strict chronological split so that training, validation, and testing use data from different times. This matters because it tests whether the method works without leaking information from future measurements into the training set. If the results hold, the approach offers a low-latency alternative that does not depend on cryptographic keys that might be stolen. The reported performance meets the timing constraints of ultra-reliable low-latency links while still detecting the modeled attacks.

Core claim

The approach extracts a 2,531-dimensional feature vector from each 5G NR SRS probe, including per-subcarrier amplitude and differential-phase values, power delay profile taps, delay spread, Doppler statistics, and nonlinear dynamics indicators. A one-dimensional residual network augmented with squeeze-and-excitation attention blocks classifies each vector as legitimate or spoofed. Evaluation on more than 20,000 over-the-air probes collected across four sessions, using a software-defined radio as the legitimate transmitter and a commercial handset as the attacker, yields an equal error rate of 3.92 percent and an AUC of 0.962 under a chronological train-validation-test split, with per-probe分类

What carries the argument

A one-dimensional residual network with squeeze-and-excitation attention blocks that classifies 2,531-dimensional channel feature vectors extracted from 5G NR sounding reference signals.

If this is right

  • Authentication decisions complete in under 0.1 milliseconds per probe, satisfying the timing needs of ultra-reliable low-latency communications.
  • The classifier operates without any higher-layer cryptographic protocols or key distribution.
  • Temporal generalization is verified by training on earlier sessions and testing on later ones.
  • Multiple channel statistics are combined into a single high-dimensional input to improve separation of legitimate and spoofed signals.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The low latency opens the possibility of using the same channel features for other real-time 5G security tasks beyond authentication.
  • Hybrid schemes that combine this physical-layer check with conventional cryptography could raise the bar against key-compromise attacks.
  • Performance against attackers that employ directional antennas or channel emulation hardware remains untested and could differ from the handset-based model.

Load-bearing premise

The spoofing attack realized with a commercial handset and the temporal coverage from only four measurement sessions are taken to represent the range of real-world threats and variations.

What would settle it

A new test set collected with a different attacker hardware configuration or additional later measurement sessions that produces an equal error rate substantially above 10 percent would show the reported performance does not generalize.

Figures

Figures reproduced from arXiv: 2604.10327 by Andreas Weinand, Hans D. Schotten, Marvin Reski, Sachinkumar B. Mallikarjun.

Figure 1
Figure 1. Figure 1: PLA feature extraction and classification pipeline. Six feature groups are concatenated into a [PITH_FULL_IMAGE:figures/full_fig_p004_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Detection Error Tradeoff (DET) curve on the held-out test set (chronological split). The diamond [PITH_FULL_IMAGE:figures/full_fig_p007_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Validation accuracy during training. The temporal split plateaus early, whereas the random split [PITH_FULL_IMAGE:figures/full_fig_p008_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Authentication score distributions on the test set. Legitimate probes concentrate tightly in the [PITH_FULL_IMAGE:figures/full_fig_p008_4.png] view at source ↗
read the original abstract

Physical Layer Authentication (PLA) exploits the spatial uniqueness of wireless channel characteristics in order to authenticate devices without recourse to higher-layer cryptographic protocols, which remain vulnerable to key compromise. This paper reports a comprehensive PLA system constructed on 5G New Radio (NR) Sounding Reference Signals (SRS) extracted from a real OpenAirInterface (OAI) testbed operating in band n78 (3.5 GHz) with 40 MHz bandwidth and 30 kHz subcarrier spacing. The proposed approach extracts a 2,531-dimensional feature vector per SRS probe, combining per-subcarrier channel state information (1,248 amplitude and 1,247 differential-phase coefficients), power delay profile taps, delay spread, Doppler statistics, and nonlinear dynamics indicators. A deep one-dimensional Residual Network (1D-ResNet) augmented with Squeeze-and-Excitation (SE) attention blocks is employed to classify each probe as either legitimate or spoofed. Evaluation is conducted on 20,317 over-the-air SRS probes acquired across four measurement sessions using a USRP B210 software-defined radio as the legitimate device and a commercial mobile handset as the attacker. Under a strict chronological train/validation/test split that eliminates temporal leakage, an Equal Error Rate (EER) of 3.92% is attained, with AUC = 0.962 on the held-out test set, and an authentication latency of less than 0.1 ms per probe, which is compatible with 5G Ultra-Reliable Low-Latency Communications (URLLC) requirements.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript presents a deep learning system for physical layer authentication (PLA) in 5G NR that classifies legitimate vs. spoofed Sounding Reference Signal (SRS) probes. It extracts a 2531-dimensional feature vector (CSI amplitude/phase, PDP, delay spread, Doppler, nonlinear indicators) from an OpenAirInterface testbed in band n78 and feeds it to a 1D-ResNet augmented with Squeeze-and-Excitation blocks. Using 20,317 real over-the-air probes collected across four sessions, a strict chronological train/validation/test split yields EER = 3.92 %, AUC = 0.962, and inference latency < 0.1 ms, claimed to satisfy URLLC requirements.

Significance. If the reported temporal generalization holds, the work would be a meaningful contribution to practical PLA: it demonstrates end-to-end performance on real hardware rather than simulation, employs a leakage-free chronological split, and achieves latency compatible with URLLC. The combination of high-dimensional SRS features and attention-augmented ResNet is technically sound and directly relevant to 5G deployments. The limited number of sessions, however, constrains the strength of the generalization claim.

major comments (2)
  1. [Measurement campaign / data collection] Data acquisition / measurement campaign section: only four sessions are used for the chronological split that underpins the temporal-generalization claim. No information is given on inter-session time intervals, total campaign duration, or environmental variations (mobility, indoor/outdoor, interference). Without these details the held-out EER of 3.92 % could reflect short-term channel stability rather than robust temporal invariance, directly weakening the central claim.
  2. [Model training and evaluation] Training and hyper-parameter subsection (likely §V): the manuscript reports final EER/AUC but omits learning-rate schedule, number of epochs, batch size, class weighting, and any regularization or early-stopping criteria used for the 1D-ResNet. These details are required to verify that the reported metrics are not the result of over-fitting to the small number of sessions despite the chronological split.
minor comments (2)
  1. [Figures] Figure captions and legends should explicitly label the chronological train/val/test partitions and the number of probes per partition.
  2. [Abstract and §III] The abstract states 'four measurement sessions' but the main text should cross-reference the exact table or subsection that lists session dates and durations.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and detailed comments. We address each major comment point by point below. Where the comments correctly identify omissions in the original manuscript, we have revised the text to incorporate the requested information.

read point-by-point responses

  1. Referee: [Measurement campaign / data collection] Data acquisition / measurement campaign section: only four sessions are used for the chronological split that underpins the temporal-generalization claim. No information is given on inter-session time intervals, total campaign duration, or environmental variations (mobility, indoor/outdoor, interference). Without these details the held-out EER of 3.92 % could reflect short-term channel stability rather than robust temporal invariance, directly weakening the central claim.

    Authors: We agree that the original manuscript provided insufficient detail on the measurement campaign, which limits the reader's ability to evaluate the strength of the temporal generalization. In the revised version we have expanded the Data Acquisition section to report that the four sessions were conducted over a total span of 14 days with inter-session intervals of 2, 3 and 4 days. All measurements occurred in the same indoor laboratory environment under stationary device positions, with moderate Wi-Fi interference and no intentional mobility. We have also added a short discussion of the observed inter-session channel variations (e.g., changes in delay spread and Doppler spread). These additions clarify that the chronological split captures genuine temporal dynamics rather than short-term stability. revision: yes

  2. Referee: [Model training and evaluation] Training and hyper-parameter subsection (likely §V): the manuscript reports final EER/AUC but omits learning-rate schedule, number of epochs, batch size, class weighting, and any regularization or early-stopping criteria used for the 1D-ResNet. These details are required to verify that the reported metrics are not the result of over-fitting to the small number of sessions despite the chronological split.

    Authors: We concur that the omitted training hyper-parameters hinder reproducibility and make it harder to rule out overfitting. The revised manuscript now includes a dedicated paragraph in Section V that specifies: Adam optimizer with initial learning rate 0.001 and cosine-annealing schedule, 100 epochs, batch size 64, class weights of 1.0 : 1.2 to address the modest sample imbalance, L2 regularization of 5e-5, and early stopping with patience of 10 epochs on validation EER. Training and validation loss curves have also been added to the supplementary material to demonstrate convergence without overfitting. revision: yes

Circularity Check

0 steps flagged

No circularity; results are direct empirical measurements on held-out data

full rationale

The paper reports EER and AUC values obtained by training a 1D-ResNet on 2,531-dimensional SRS feature vectors and evaluating the classifier on a chronologically partitioned test set of 20,317 probes. No load-bearing step reduces these metrics to the inputs by construction, self-definition, or self-citation chain; the chronological split is stated to eliminate temporal leakage, and performance is measured directly rather than derived from fitted parameters or renamed known results. The evaluation is therefore self-contained against the external testbed data.

Axiom & Free-Parameter Ledger

1 free parameters · 1 axioms · 0 invented entities

The paper's central claim is supported by experimental results from a machine learning model trained on real-world data, with the main assumptions being standard in wireless channel modeling and ML generalization.

free parameters (1)
  • Deep neural network weights and biases
    The 1D-ResNet-SE model parameters are optimized on the training portion of the SRS data to minimize classification error.
axioms (1)
  • domain assumption Channel state information from SRS probes provides sufficient discriminative features for distinguishing legitimate and spoofed transmissions
    This underpins the feature extraction and classification approach in the physical layer authentication system.

pith-pipeline@v0.9.0 · 5604 in / 1437 out tokens · 59608 ms · 2026-05-10T15:20:00.220338+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

12 extracted references · 12 canonical work pages

  1. [1]

    Physical-layer authentication for multi-carrier transmission,

    X. Wu and Z. Yang, “Physical-layer authentication for multi-carrier transmission,”IEEE Commun. Lett., vol. 19, no. 1, pp. 74–77, Jan. 2015

    work page 2015

  2. [2]

    Channel estimation for channel-based physical layer authentication,

    N. Xie, C. Wen, and B. Li, “Channel estimation for channel-based physical layer authentication,”IEEE Access, vol. 7, pp. 100775–100788, 2019

    work page 2019

  3. [3]

    Using the physical layer for wireless authentication in time-variant channels,

    L. Xiao, L. J. Greenstein, N. B. Mandayam, and W. Trappe, “Using the physical layer for wireless authentication in time-variant channels,”IEEE Trans. Wireless Commun., vol. 7, no. 7, pp. 2571–2579, Jul. 2008

    work page 2008

  4. [4]

    TS 38.211: NR; Physical channels and modulation,

    3GPP, “TS 38.211: NR; Physical channels and modulation,” v16.2.0, Sep. 2020

    work page 2020

  5. [5]

    Physical layer security for next generation wireless networks,

    Y. Liu, H.-H. Chen, and L. Wang, “Physical layer security for next generation wireless networks,”IEEE Commun. Surv. Tut., vol. 19, no. 1, pp. 347–376, 2017

    work page 2017

  6. [6]

    IoT security techniques based on machine learning,

    L. Xiao, X. Wan, X. Lu, Y. Zhang, and D. Wu, “IoT security techniques based on machine learning,” Digital Signal Processing, vol. 83, pp. 270–282, 2018

    work page 2018

  7. [7]

    Physical-layer security of 5G wireless networks for IoT,

    N. Wang, P. Wang, A. Alipour-Fanid, et al., “Physical-layer security of 5G wireless networks for IoT,” IEEE Internet Things J., vol. 6, no. 5, pp. 8169–8181, 2019

    work page 2019

  8. [8]

    Physical layer authentication and security design in the machine learning era,

    T. M. Hoang, A. Vahid, H. D. Tuan, and L. Hanzo, “Physical layer authentication and security design in the machine learning era,”IEEE Commun. Surv. Tut., vol. 26, no. 2, pp. 1088–1129, 2024

    work page 2024

  9. [9]

    Enhancing security in 5G NR with channel-robust RF fingerprinting leveraging SRS for cross-domain stability,

    H. Zha, H. Wang, Y. Wang, and Z. Sun, “Enhancing security in 5G NR with channel-robust RF fingerprinting leveraging SRS for cross-domain stability,”IEEE Trans. Inf. Forensics Secur., 2025

    work page 2025

  10. [10]

    The technology of radio frequency fingerprint identification based on deep learning for 5G application,

    Y. Lin, H. Wang, and H. Zha, “The technology of radio frequency fingerprint identification based on deep learning for 5G application,”Security and Safety, vol. 3, 2024

    work page 2024

  11. [11]

    Deep residual learning for image recognition,

    K. He, X. Zhang, S. Ren, and J. Sun, “Deep residual learning for image recognition,” inProc. IEEE CVPR, 2016, pp. 770–778

    work page 2016

  12. [12]

    Squeeze-and-excitation networks,

    J. Hu, L. Shen, and G. Sun, “Squeeze-and-excitation networks,” inProc. IEEE CVPR, 2018, pp. 7132– 7141. 10

    work page 2018