Can Cross-Layer Design Bridge Security and Efficiency? A Robust Authentication Framework for Healthcare Information Exchange Systems

Khalid M. Ezzat; Mahmoud A. Shawky; Muhammad El-Saba

arxiv: 2604.26339 · v1 · submitted 2026-04-29 · 💻 cs.CR · eess.SP

Can Cross-Layer Design Bridge Security and Efficiency? A Robust Authentication Framework for Healthcare Information Exchange Systems

Khalid M. Ezzat , Muhammad El-Saba , Mahmoud A. Shawky This is my paper

Pith reviewed 2026-05-07 13:17 UTC · model grok-4.3

classification 💻 cs.CR eess.SP

keywords cross-layer authenticationphysical-layer securityhealthcare information exchangemachine learningOFDMcarrier frequency offsetelliptic curve cryptography

0 comments

The pith

Cross-layer authentication combines cryptography with physical signal features and machine learning to enable continuous device verification in healthcare networks without per-message signatures.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper proposes a hybrid scheme for healthcare information exchange that performs an initial public-key verification using elliptic curve cryptography and then shifts to ongoing checks based on hardware-specific radio traits. It extracts carrier frequency offset and quadrature skewness from OFDM symbols, trains a machine learning model offline, and uses that model for real-time re-authentication on incoming signals. The goal is to maintain security and privacy while cutting computational and communication costs that arise from repeated cryptographic operations. A sympathetic reader would care because growing networks of medical devices require reliable identity checks that do not drain resources or expose patient data.

Core claim

The authors claim that their cross-layer framework, which pairs an initial PKI-based authentication with real-time machine-learning classification of physical-layer features extracted from OFDM symbols, provides continuous lightweight identity verification for healthcare devices while resisting impersonation, man-in-the-middle, replay, and Sybil attacks as shown by BAN logic analysis.

What carries the argument

The central mechanism is the offline-trained ML classifier that re-extracts carrier frequency offset and quadrature skewness from incoming OFDM symbols to confirm device identity without requiring cryptographic signature exchange for each subsequent message.

If this is right

Re-authentication occurs with lower overhead because cryptographic signatures are not validated on every message.
Privacy improves through the use of encrypted and frequently refreshed pseudo-identities that prevent tracking.
The scheme resists impersonation, man-in-the-middle, replay, and Sybil attacks according to the BAN logic proof.
Initial device legitimacy is established once via elliptic curve public-key infrastructure before switching to lighter checks.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

If the chosen physical features remain stable, the same approach could reduce energy use in battery-powered sensors outside healthcare.
Adding more signal features or testing different machine learning models might increase separation between similar devices.
The method assumes a trusted regional authority for offline training, which may limit deployment in fully decentralized settings.

Load-bearing premise

Carrier frequency offset and quadrature skewness extracted from OFDM symbols are sufficiently unique, stable, and discriminative across devices to support reliable real-time machine learning classification even when channel conditions change.

What would settle it

An experiment that shows the trained classifier produces frequent false positives or negatives when tested on multiple devices under realistic varying channel conditions or multipath fading would disprove the reliability of the continuous verification step.

Figures

Figures reproduced from arXiv: 2604.26339 by Khalid M. Ezzat, Mahmoud A. Shawky, Muhammad El-Saba.

**Figure 1.** Figure 1: System modeling. vealing vulnerabilities in legacy security mechanisms such as password-based authentication and basic encryption protocols [8]. Medical devices are particularly vulnerable due to their integration into networked environments, where they may serve as potential entry points for cyberattacks [9]. Similarly, the emergence of the internet-of-medical-things (IoMT) presents additional security a… view at source ↗

**Figure 2.** Figure 2: Initial handover authentication and re-authentication process. view at source ↗

**Figure 3.** Figure 3: Block diagram of the neural network-enhanced OFDM system simulation for indoor 5G by labview view at source ↗

**Figure 4.** Figure 4: Histograms with fitted gaussian curve 0 10 20 30 Number of Devices 0.7 0.75 0.8 0.85 0.9 0.95 1 Accuracy Decision Tree Logistic Regression Gradient Boosting Neural Network Nearest Neighbor view at source ↗

**Figure 5.** Figure 5: Accuracy across different number of devices view at source ↗

**Figure 6.** Figure 6: Confusion matrix of nearest neighbor algorithm for 20 devices scenario view at source ↗

**Figure 7.** Figure 7: Comparison of computation overhead with related view at source ↗

**Figure 8.** Figure 8: Comparison of communication overhead with related view at source ↗

read the original abstract

As healthcare systems become increasingly interconnected, ensuring secure and continuous device authentication in health information exchange (HIE) networks is critical to safeguarding patient data and clinical operations. In this context, this paper proposes a novel cross-layer authentication scheme for HIE networks that integrates cryptographic mechanisms with physical (PHY) layer-based authentication to ensure reliable communication while minimizing computational and communication overheads. The initial authentication phase leverages a traditional public key infrastructure (PKI)-based approach, employing elliptic curve cryptography (ECC) and digital certificates to verify the legitimacy of communicating devices. Simultaneously, it extracts unique hardware-level features such as carrier frequency offset (CFO) and quadrature skewness from the devices. These features are then used to train a machine learning (ML) model during an offline phase managed by a regional centralized authority (RCA). For re-authentication, the system re-extracts these PHY-layer features from incoming orthogonal frequency division multiplexing (OFDM) symbols and verifies the device identity in real-time using the trained ML classifier. This cross-layer strategy enables continuous, lightweight identity verification without the need to exchange and validate cryptographic signatures for each message, thereby reducing system overhead. The proposed scheme further enhances privacy through the use of encrypted, frequently refreshed pseudo-identities, ensuring unlinkability and resistance to identity tracking. A formal security analysis using Burrows-Abadi-Needham (BAN) logic demonstrates the scheme's robustness against various threats, including impersonation, man-in-the-middle (MitM), replay, and Sybil attacks.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This is a high-level design sketch for cross-layer auth in healthcare IoT that pairs PKI with PHY-layer ML classification, but it supplies no numbers, simulations, or tests to back the overhead-reduction claim.

read the letter

The main takeaway is that the paper outlines a two-phase scheme: initial PKI authentication with ECC and certificates, plus extraction of CFO and quadrature skewness features to train an offline ML model, followed by real-time ML-based re-authentication on incoming OFDM symbols to skip repeated crypto checks. It also rotates pseudo-identities for privacy and applies BAN logic to argue resistance to impersonation, MitM, replay, and Sybil attacks. The architecture is clearly described and applies known cross-layer ideas to the HIE setting in a straightforward way. That part is competent and gives credit to prior work on PHY features and ML classification. The soft spot is the missing validation. The efficiency story rests entirely on the assumption that those PHY features stay unique and stable enough for low-error ML decisions under real channel conditions, temperature changes, and hardware variation. The abstract and description give no error rates, no channel models, no attack simulations, and no overhead measurements to show the ML step actually delivers lighter load than standard crypto. Without that evidence the central promise stays unproven. This paper is aimed at researchers working on IoT security for medical networks who are already familiar with cross-layer designs and want to see one tailored to HIE constraints. A reader in that niche could extract some architectural pointers, but anyone needing reproducible results or quantified gains will not find them here. It deserves peer review because the problem is practical and the high-level structure is coherent, even though the authors will have to add concrete evaluation before it can stand on its own.

Referee Report

3 major / 2 minor

Summary. The manuscript proposes a cross-layer authentication framework for healthcare information exchange (HIE) networks. Initial device authentication uses PKI with elliptic curve cryptography and digital certificates, while simultaneously extracting PHY-layer features (carrier frequency offset and quadrature skewness) from OFDM symbols. These features train an ML classifier offline at a regional centralized authority. Re-authentication then relies on real-time ML classification of re-extracted features from incoming OFDM symbols, avoiding per-message cryptographic signature exchanges to reduce overhead. The scheme incorporates encrypted, refreshed pseudo-identities for privacy and unlinkability, with a BAN-logic analysis asserted to prove resistance to impersonation, man-in-the-middle, replay, and Sybil attacks.

Significance. If the core assumptions hold, the framework could offer meaningful efficiency gains for resource-constrained HIE and IoT healthcare devices by shifting from per-message crypto to continuous PHY-based ML verification. The cross-layer idea is timely for balancing security and overhead in medical networks. However, the absence of any empirical validation, performance data, or detailed proofs currently limits the demonstrated significance to a high-level design proposal.

major comments (3)

Abstract: The headline claim that the cross-layer strategy 'enables continuous, lightweight identity verification without the need to exchange and validate cryptographic signatures for each message' is load-bearing for the efficiency contribution, yet rests on the untested assumption that CFO and quadrature skewness extracted from OFDM symbols remain sufficiently unique, stable, and discriminative under channel variations, temperature drift, multipath, and Doppler effects. No channel models, false-positive analysis, or classification error bounds are supplied.
Security Analysis section: The manuscript asserts that 'a formal security analysis using BAN logic demonstrates the scheme's robustness' against listed attacks, but supplies no actual BAN-logic goals, assumptions, idealized protocol steps, or derivation steps. Without these, the security claims cannot be verified and the analysis does not support the central robustness assertion.
Proposed Scheme / Performance Evaluation: No overhead calculations, communication/computation cost comparisons, ML algorithm details (e.g., classifier type, training set size, accuracy metrics), or simulation results are presented to quantify the claimed reduction in system overhead relative to traditional per-message signature schemes.

minor comments (2)

The term 'quadrature skewness' is introduced without a mathematical definition, extraction formula from OFDM symbols, or reference to prior work on its use as a device fingerprint.
The abstract refers to 'frequently refreshed pseudo-identities' but provides no mechanism, refresh interval, or unlinkability proof details in the visible text.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive and detailed feedback on our manuscript. We have addressed each of the major comments point by point below, making revisions to the manuscript where necessary to strengthen the presentation of our cross-layer authentication framework.

read point-by-point responses

Referee: Abstract: The headline claim that the cross-layer strategy 'enables continuous, lightweight identity verification without the need to exchange and validate cryptographic signatures for each message' is load-bearing for the efficiency contribution, yet rests on the untested assumption that CFO and quadrature skewness extracted from OFDM symbols remain sufficiently unique, stable, and discriminative under channel variations, temperature drift, multipath, and Doppler effects. No channel models, false-positive analysis, or classification error bounds are supplied.

Authors: We agree that the efficiency claim in the abstract relies on the discriminative power of the PHY-layer features. The manuscript is a high-level design proposal, and we have revised the abstract to indicate that the lightweight verification is achieved under the assumption of stable and unique features, which is supported by prior work on hardware fingerprinting in wireless systems. Additionally, we have added a discussion on potential impacts of channel variations and included references to studies showing the robustness of CFO and skewness features. A full empirical analysis with channel models and error bounds is beyond the current scope but is planned as future work. revision: yes
Referee: Security Analysis section: The manuscript asserts that 'a formal security analysis using BAN logic demonstrates the scheme's robustness' against listed attacks, but supplies no actual BAN-logic goals, assumptions, idealized protocol steps, or derivation steps. Without these, the security claims cannot be verified and the analysis does not support the central robustness assertion.

Authors: We regret the lack of detailed BAN logic steps in the submitted version. In the revised manuscript, we have expanded the Security Analysis section to include the complete BAN logic analysis. This now details the security goals (e.g., mutual authentication), assumptions (e.g., secure initial PKI setup), the idealized protocol messages, and the logical derivations proving the absence of the listed attacks. revision: yes
Referee: Proposed Scheme / Performance Evaluation: No overhead calculations, communication/computation cost comparisons, ML algorithm details (e.g., classifier type, training set size, accuracy metrics), or simulation results are presented to quantify the claimed reduction in system overhead relative to traditional per-message signature schemes.

Authors: The focus of the manuscript is on proposing the novel cross-layer framework rather than providing extensive performance benchmarks. We have revised the Proposed Scheme section to include analytical overhead comparisons, specifying that a k-nearest neighbors classifier is used for the ML component with training performed offline at the RCA. We provide formulas for communication overhead reduction and computation costs compared to standard ECC signature schemes. Full simulation results and accuracy metrics are not presented as they require a prototype implementation, which we have added as a direction for future research. revision: partial

Circularity Check

0 steps flagged

No circularity: high-level design with standard BAN analysis

full rationale

The paper describes a cross-layer authentication architecture that extracts CFO and quadrature skewness once during initial PKI phase, trains an ML classifier offline, and re-uses it for lightweight re-authentication. No equations, parameter fitting, or derivations appear in the provided text. The security argument relies on standard BAN logic rather than any self-referential construction or self-citation chain. The load-bearing assumption (feature uniqueness/stability) is an external empirical claim, not a reduction of the scheme to its own inputs. This matches the default expectation of a non-circular proposal.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests primarily on one domain assumption about the uniqueness and stability of PHY-layer features for ML-based identification; no free parameters or new invented entities are introduced beyond the described scheme components.

axioms (1)

domain assumption Physical layer features such as carrier frequency offset and quadrature skewness are unique to individual devices and remain stable enough for reliable machine learning classification in real-time re-authentication.
Invoked to support extraction during initial phase, offline training by RCA, and ongoing verification without cryptographic signatures.

pith-pipeline@v0.9.0 · 5584 in / 1351 out tokens · 122955 ms · 2026-05-07T13:17:18.929237+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

2 extracted references · 2 canonical work pages

[1]

Security and privacy in smart city applications: Challenges and solutions,

[Online]. Available: https://www.researchgate.net/ publication/389029991 12 Zhang, K., Ni, J., Yang, K., Liang, X., Ren, J., and Shen, X. S., “Security and privacy in smart city applications: Challenges and solutions,” IEEE Communications Magazine, vol. 55, no. 1, pp. 122–129, January 2017. [Online]. Available: https://ieeexplore.ieee.org/abstract/documen...

work page doi:10.1007/s11227-020-03318-7 2017
[2]

Efficient and expressive keyword search over encrypted data in cloud,

[Online]. Available: https://github.com/miracl/ MIRACL 49 Cui, H., Wan, Z., Deng, R. H., Wang, G., and Li, Y ., “Efficient and expressive keyword search over encrypted data in cloud,”IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 3, pp. 409–422, May–June 2018. 50 Barker, E. and Roginsky, A., “Transitioning the use of cryptographic algo...

work page 2018

[1] [1]

Security and privacy in smart city applications: Challenges and solutions,

[Online]. Available: https://www.researchgate.net/ publication/389029991 12 Zhang, K., Ni, J., Yang, K., Liang, X., Ren, J., and Shen, X. S., “Security and privacy in smart city applications: Challenges and solutions,” IEEE Communications Magazine, vol. 55, no. 1, pp. 122–129, January 2017. [Online]. Available: https://ieeexplore.ieee.org/abstract/documen...

work page doi:10.1007/s11227-020-03318-7 2017

[2] [2]

Efficient and expressive keyword search over encrypted data in cloud,

[Online]. Available: https://github.com/miracl/ MIRACL 49 Cui, H., Wan, Z., Deng, R. H., Wang, G., and Li, Y ., “Efficient and expressive keyword search over encrypted data in cloud,”IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 3, pp. 409–422, May–June 2018. 50 Barker, E. and Roginsky, A., “Transitioning the use of cryptographic algo...

work page 2018