Multi-factor Physical Layer Security Authentication in Short Blocklength Communication

Lightweight and low latency security schemes at the physical layer that have recently attracted a lot of attention include: (i) physical unclonable functions (PUFs), (ii) localization based authentication, and, (iii) secret key generation (SKG) from wireless fading coefficients. In this paper, we focus on short blocklengths and propose a fast, privacy preserving, multi-factor authentication protocol that uniquely combines PUFs, proximity estimation and SKG. We focus on delay constrained applications and demonstrate the performance of the SKG scheme in the short blocklength by providing a numerical comparison of three families of channel codes, including half rate low density parity check codes (LDPC), Bose Chaudhuri Hocquenghem (BCH), and, Polar Slepian Wolf codes for n=512, 1024. The SKG keys are incorporated in a zero-round-trip-time resumption protocol for fast re-authentication. All schemes of the proposed mutual authentication protocol are shown to be secure through formal proofs using Burrows, Abadi and Needham (BAN) and Mao and Boyd (MB) logic as well as the Tamarin-prover.


I. INTRODUCTION
Authentication is central in building secure Internet of things (IoT) networks; confirming the identity of devices and their role in the network hierarchy eliminates the possibility of numerous attacks [1]- [3].However, the low latency and computational power constraints present in many IoT systems [4], render the design of IoT authentication mechanisms a challenging task.In this direction, a 3GPP report on the security of ultra reliable low latency communication (URLLC) systems notes that authentication for URLLC is still an open problem [5].Current solutions rely on modulo arithmetic in large fields and typically incur considerable latency, in the order of tens of milliseconds, exceeding the delays that are tolerated in applications such as vehicle-to-everything (V2X) [6].Moreover, with the advance of quantum computing, traditional asymmetric key cryptographic schemes will become semantically insecure while, at the same time, current proposals for post-quantum alternatives use keys of impractical lengths [7].Therefore, the proposal of new, lightweight, security primitives M. Mitev, M. Shakiba-Herfeh and A. Chorti are with ETIS UMR8051, CY Cergy Paris University, ENSEA, CNRS, F-95000, Cergy, France ({miroslav.mitev,mahdi.shakiba-herfeh,arsenia.chorti}@ensea.fr);M. Reed is with the CSEE, University of Essex, Colchester (mjreed@essex.ac.uk),UK; M. Mitev is supported by the DIM RFSI project SAFEST; M. Shakiba-Herfeh and A. Chorti are supported by the ELIOT ANR-18-CE40-0030 -FAPESP 2018/12579-7 and the INEX Project eNiGMA; M. Reed is supported by the H2020 project SerIoT with project agreement no 780139 funded by the EU. and protocols for device authentication is timely, especially in the low latency and IoT context.
In this sense, physical layer security (PLS) has proven itself as a lightweight alternative to computational complexity based schemes [8], [9].The increasing interest in PLS has been stimulated by many practical needs.Notably, many critical IoT networks require fast authentication, e.g., in V2X applications, telemedicine and haptics.Moreover, PLS, that relies upon information-theoretic security proofs, could resist quantum computers, unlike corresponding asymmetric key schemes relying on the intractability in polynomial time of certain algebraic problems.
PLS schemes exploit physical layer entropy sources, including both in the hardware, as well as in the communication medium [10]- [12].With respect to the former, physical unclonable functions (PUFs) are hardware entities harnessing entropy from physically unclonable variations that occur during the production process of silicon [13], [14].Due to their unclonability, PUFs can be used in challenge -response authentication protocols, where a challenge can refer to measuring the jitter of a ring oscillator, power-on state, etc., [15]- [18].
With respect to PLS techniques using the communication medium, these include secret key generation (SKG) from shared randomness and localization.In fact, it is well established that SKG can be performed at the physical layer by using the channel fading as a source of common randomness [19].An important step in SKG is the reconciliation of correlated observations [20]- [23].To this end, the codes employed should be able to reconcile any mismatched bits with high probability (reliability) while on the other hand they should not reveal any information about the generated key (security).Although the design of reconciliation codes for SKG has been studied for long blocklengths, respective results in the short blocklength have not been reported.
Furthermore, high precision indoor localization is at present considered a standard capability in 5G networks.Widely employed localization methods, including time-of-flight, multilateration, multiangulation, etc., are capable of high precision localization but typically require high complexity operations and measurements from multiple reference points.On the other hand, proximity detection has the lowest computational complexity, and could be easily implemented with the equipment already present in constrained IoT devices (e.g., using bluetooth low energy) [24] to estimate the distance from a single reference point to a transmitting beacon [25].
Following from the above, in this paper we introduce a fast, Standard PUF mechanisms are used as a main factor of authentication in our two-party protocol.Combining PUFs and mobility-based proximity estimation can prevent impersonation attacks in the presence of a malicious server.
The proposed system exploits the reciprocity of the wireless fading coefficients between two terminals to generate maximum entropy session keys using short blocklength encoders.
In a subsequent communication between the nodes the generated keys are incorporated in a novel PHY-based 0-RTT protocol to provide forward secrecy and protection against replay attacks.
The combination of all the technologies in a single solution gives a novel and secure authentication protocol.
To support the employment of PHY layer SKG in our short blocklength communication protocol we provide a numerical comparison of three families of Slepian Wolf reconciliation codes.We validate the performance of the proposed mobility-based proximity detection through real-life experiments.
The security properties of the protocol are formally proven using MB logic and the Tamarin-prover.We introduce a novel, physical layer, forward secure 0-RTT resumption authentication mechanism.
multi-factor authentication protocol that uniquely combines the above PLS techniques, namely PUF authentication, SKG at the short blocklength, and, proximity estimation.The proposed solution provides mutual authentication between a mobile IoT node (Alice) and a static edge server (Bob).Furthermore, as IoT devices store sensitive information, we incorporate a one-time alias scheme that preserves the privacy of the IoT node during the execution of the authentication procedure.The contributions of this work are summarized in Table I; we propose a two-phase authentication protocol between Alice and Bob, comprising an initial enrollment phase, during which the IoT device is registered in the server database, and, an authentication phase, during which the authenticity of both devices is verified through the exchange of several messages.The overall authentication protocol uniquely combines the following PLS schemes: 1) SKG at the short blocklength; we study half rate reconciliation code design for blocklengths n = 512, 1024 bits, as the means to fast key agreement.In particular, we implement and compare the performance of three families of Slepian Wolf (SW) reconciliation encoders, bench-marked against a known information theoretical limit [26].2) A novel, mobility-based proximity estimation is proposed as an initial authentication factor.Instead of using high complexity localization techniques, which require measurements from multiple reference points, we propose to leverage node mobility and perform successive received signal strength indicator (RSSI) measurements from multiple locations using a single device.As a proof of concept for the proposed mobility-based proximity verification we provide experimental results for two different real-life environments.3) We propose to use PUFs in a zero round trip time protocol, in which, resumption keys are generated using SKG.The combination of PUFs, SKG and mobility basedproximity detection ensures security properties such as untraceability, anonymity, protection against impersonation attacks and many more.4) The security properties of the proposed protocol are verified through formal methods: Burrows, Abadi, Needham (BAN) [27] as well as Mao and Boyd (MB) logic and the Tamarin-prover [28].To the best of our knowledge, it is the first time formal methods are used for PLS protocols.
The rest of the paper is organized as follows: Section II discusses related work, Section III discusses the performance of different short blocklength SKG reconciliation encoders.Section IV introduces our mobility-based proximity estimation mechanism and Section V presents the proposed authentication protocol whose security properties are verified in Section VI.Finally Section VII concludes this paper.

II. RELATED WORK AND CONTRIBUTIONS
Numerous PUF-based authentication protocols have been proposed, both for unilateral authentication and mutual authentication [29].Some of the protocols assume the use of PUFs as the only factor of authentication [18], [30].However, relying on PUFs as a single security factor can expose the system to a variety of threats, especially in an IoT scenario [31].Therefore, combining two or more independent credentials can be used to built a secure multi-factor authentication protocol [15]- [17].For example, [17] proposes a privacypreserving authentication protocol between IoT device and a server connected through a third party wireless gateway.The authors propose the use of PUFs for device authentication and RSSI measurements between the IoT device and the gateway to achieve data provenance.The process of gateway authentication is not clarified, making the scheme open to relay attacks (in the presence of a malicious gateway).In addition the authors propose a CRP update process which must be performed after each communication and therefore causing extra overhead.Moreover, the encryption of the CRP update process is performed using the same key used during authentication, opening the protocol to vulnerabilities related to key reuse.
Another multi-factor privacy preserving authentication protocol was proposed in [15].The proposed scheme achieves mutual authentication by combining PUFs with location information.The location estimation process uses raw RSSI measurements and its validity is confirmed through a comparison with a pre-stored threshold.However, as shown later in this paper (Fig. 5), raw RSSI measurements will typically vary with tens of dBms and could lead to incorrect estimation.
A different PUF-based privacy preserving scheme was proposed in [16].As a second factor of authentication the authors propose the usage of pre-shared secret keys.Unlike the above studies, this scheme takes into account the noise present in PUF structures and uses fuzzy extractors for reconciliation.However, as noted in [15], this scheme is open to physical attacks.
To summarize, we list several similarities that were identified in earlier works [15]- [17]: i) it is assumed that session keys are generated using pseudo random number generators (PRNG) modules that typically generate low-entropy keys and are vulnerable to many possible attacks [32]; ii) it is proposed to reuse the same authentication key in order to authenticate both parties, opening up key reuse vulnerability issues.
In this work, we propose a multi-factor and privacypreserving authentication protocol entirely based on PLS techniques (described in full in Section V).With respect to privacy preservation, similarly to earlier works, we use a one-time alias ID scheme to preserve the privacy of the IoT device from malicious eavesdroppers.In such a scheme, the IoT device does not use its real ID during the authentication process, instead it uses a one-time alias ID which is updated in every session.The key differences between the proposed protocol and previous works are summarized below: • We account for the noise naturally present in PUF measurements and employ a fuzzy extractor (FE) as a reconciliation scheme to generate helper data.The protocol uses a unique key in order to authenticated each party, which eliminates the key reuse problems discussed earlier.
• Next, to speed up the resumption of sessions we propose a novel SKG-based 0-RTT scheme, which overcomes the problems present in current solutions [33].To this end, we propose the use of SKG for the generation of resumption keys, which obviates the need of using PRNGs.Note that, combining a PUF with a SKG scheme is a novel approach, especially, in the context of short blocklength communication (Section III).The introduction of SKG allows users to send data on the first flight (early data) with both forward secrecy and protection against replay attacks, see Section V-C.• Finally, we propose a mobility based proximity estimation mechanism using a Kalman filter as a smoothing technique (Section IV).The novelty of the proposed mechanism is that we leverage the mobility of IoT devices in order to prevent impersonation attacks, which has not been considered before.
III. SKG SLEPIAN WOLF SHORT BLOCKLENGTH RECONCILIATION In the proposed authentication scheme, SKG is employed in the resumption part of the protocol.In this section we focus on the coding aspects of SKG.We consider SW reconciliation and compare the performance of different families of codes in the short blocklength n = 512, 1024, which is pertinent for low latency communications and constrained devices.In our system model, we assume Alice and Bob generate binary sequences Y A , Y B of length n by quantizing their respective observations of the channel coefficient H 0 , respectively.For simplicity, in this work we assume that a passive adversary, referred to as Eve, cannot obtain any information for the generated sequences 1 .
We assume that the generated binary sequences are independent and identically distributed (i.i.d.) with equal probabilities to be 0 or 1, i.e., P r (Y A [i] = 0) = P r (Y B [i] = 0) = 0.5, and P r (Y A [i] = Y B [i]) = p for i = 1, . . ., n. Alice and Bob aim to agree on a secret key K of length k that needs to be drawn uniformly from K = {0, 1} k .To this end, Alice transmits her syndrome S A , of length n − k, through a public channel to assist Bob to obtain an estimate ŶA of her sequence Y A .The code rate is defined as R = k n and the frame error rate (FER) is defined as the probability that Bob's estimation of Y A is erroneous P r(Y A = ŶA ).In this set-up, Bob first estimates the sequence ŶA and then based on that, Alice and Bob independently extract the key K using privacy amplification (Fig. 1).
Motivated by the promising performance of low density parity check codes (LDPC) [37], polar codes [38] and Bose Chaudhuri Hocquenghem (BCH) codes [39] with list decoding in short blocklengths for standard channel coding applications, in this paper we implement and compare against the upper bound on SKG rates in [26], when these three families of SW decoders are employed.

A. LDPC codes with ordered statistic decoding
LDPC codes are powerful error correcting codes that can approach the Shannon limit at very large blocklengths.However, in general, LDPC codes do not perform well in short blocklengths.To address such shortcomings, LDPC codes enhanced with ordered statistic decoding (OSD) is one of the techniques that has been suggested to achieve near maximum likelihood (ML) performance for short blocklengths [37].The central idea behind OSD is that first we pick the k most reliable independent positions, where k is the rank of the code.Then, based on the log-likelihood ratios (LLR) we make hard decisions on the value of the selected bits.Subsequently, we generate a candidate list of codewords by flipping the values of up to t bits among them.Finally, by performing ML search in the list we choose the most likely codeword [40].The size of the candidate OSD list increases with respect to t as t i=0 k i .In our implementation, Alice sends her syndrome S A = Y A H t , where H t is the transpose of the parity check matrix.At the receiver side, Bob first feeds Y B and S A to the LDPC decoder to generate soft information of the bits (i.e., the LLRs).Then the LLRs are passed to the OSD block to estimate ŶA .

B. Polar codes with list decoding
Polar codes are linear block error correcting codes that can provably achieve the capacity of a binary-input discrete memoryless channel as the code length tends to infinity.A significant improvement in the performance of polar codes in finite blocklengths can be achieved by utilizing successive cancellation list decoding, that keeps a list of most likely decoding paths.List decoding can be improved further by utilizing cyclic redundancy check (CRC).The CRC assists the decoder to pick the correct decoding path in the list, even if it is not the most probable one [38].
In our implementation (similar to [41]), Alice encodes her sequence ⊗n is the encoder matrix as defined in [41].Alice sends the syndrome S A which contains S 1 and CRC bits with length l. S 1 has length n−k −l and contains high-entropy bits of U as follows where i is the position of transmitted bits and H(•) denotes entropy.Therefore, the actual rate of the polar code is R = k+l n .On the other side, Bob applies CRC-aided successive cancellation list decoding to estimate ŶA .Note that the complexity of list decoding polar coding grows linearly with the list size.

C. BCH codes with list decoding
BCH codes are a class of cyclic error-correcting codes constructed by polynomials over a finite field.One of the main features of BCH codes during code design is the number of guaranteed correctable error bits.A binary BCH code is defined by (n BCH , k BCH , t BCH ), where n BCH = 2 w − 1 is the blocklength, k BCH is the message length, and t BCH represents the number of guaranteed correctable error bits.To improve their error correcting capability, BCH codes can be armed with list decoding.
In our implementation of list decoding, Alice calculates the syndromes as S A = Y A H t , where H is the parity check matrix of the BCH code, and transmits it through the public channel.On the other side, Bob, first generates a candidate list by flipping up to t bits of the measured sequence Y B .After feeding the list to the BCH decoder, it picks the solution which is the most likely codeword with the measured sequence Y B .In our implementation of list decoding, the size of the list increases with respect to t as t i=0 n i .

D. Numerical results
In this subsection, we analyse the FER performance of the aforementioned codes in the SKG setting and compare them with the finite length upper bound on SKG rates reported in [26], which translates to a lower bound in the FER.
For instance, to generate keys that can be used with standard block ciphers, e.g., AES-128 or AES-256, the SKG process is assumed to run with blocklength 512 and rate half.We pick a regular (3, 6) LDPC cod with blocklength 512 bits2 , a (511, 259, 30) BCH code (the rate is slightly higher than half), and a half-rate polar code with (n, k) = (512, 267) and 11 bits CRC.In Fig. 2, the FER performances of half-rate codes with 512 bits blocklength are depicted (i.e., the key length after privacy amplification is 256) and compared to the lower bound reported in [26].
As it is demonstrated in Fig. 2, although classical polar codes do not perform well in the short blocklength for Slepian Wolf coding, their performance can be significantly improved by arming them with list decoding.For example, the polar code with list size 128, provides near three orders lower FER compared to the classical polar code at H(Y A [i]|Y B [i]) = 0.2864.However, this improvement comes at the cost of 128 times more decoding complexity.On the other hand, we do not observe a significant improvement by using list decoding size t = 1 for LDPC and BCH code for this blocklength.We do not generate higher list decoding order for LDPC and BCH codes due to their high decoding complexity.
Moreover, we consider an instance of n = 1024.In Fig. 3, the FER performance of a half-rate polar code with (n, k) = (1024, 523) and 11 bits CRC for different list sizes are shown.Fig. 3 shows list decoding remarkably improves the code performance.Also, at blocklength n = 1024, the gap between the FER of the polar code with list size 128 and the lower bound is less than the case n = 512.We posit that one of the reasons is that the lower bound at this length is tighter than the first instance.

IV. MOBILITY-BASED PROXIMITY ESTIMATION
Introducing a "smart movement" environment brings a number of advantages to IoT systems, including energy savings,   control over the node mobility and increased overall qualityof-experience (QoE) [43].In this direction, we propose in this section a proximity estimation approach, leveraging mobility.The novelty in our strategy relies upon the fact that if Alice (e.g., a mobile IoT node) moves in a manner unpredictable for adversaries, she can take successive measurements of the RSSI transmitted by static Bob (e.g., a static edge server) and use them for proximity estimation, as shown in Fig. 4. In fact, this lightweight proximity estimation approach allows Alice to detect impersonation attacks3 when used in combination with the authentication protocol presented in the next section.As a proof of concept we will present a simple implementation using Kalman filters.Due to the ease of implementation and signal availability, RSSI-based localization is usually a favoured technique.According to the inverse-square law, the RSSI at Alice can be used to estimate the distance between her and Bob.Based on the fact that the channel coefficients follow a log-normal power distribution we assume a traditional path loss model to translate RSSI values to a distance estimation between two nodes [44]: where P is the strength of the received signal in dB, P 0 represents the average received signal strength at some reference distance d 0 in dB, d is the estimated distance to the transmitter, n is an attenuation factor that gives the relation between distance and received power, and X σ ∼ N (0, σ 2 Xσ ) is a zero mean Gaussian random variable modelling shadowing [45].
Next, to mitigate the impact of noise present in the RSSI we employ a standard Kalman filter for the proposed proximity algorithm.Kalman filters have been widely used in literature to improve the reliability of RSSI-based localization [46].The filter's parameters are usually in the form of matrices, however, the target in the scenario assumed here is static, and as a result all parameters reduce to scalar values.This greatly reduces the complexity of the filter and makes the algorithm suitable for a resource constrained device.The filter works by the assumption that the current state x i has a relation to the previous state x i−1 , and this relation is expressed as follows: where the transition matrix A links the current state x i with the previous one x i−1 , B is a control matrix which relates the control vector u to the state and w is i.i.d.normally distributed process noise such that w ∼ N (0, Q).Following that a measurement is given by z i = Hx i + R i , where H is an observation matrix used to translate each state to a measurement and R is i.i.d.normally distributed measurement noise such that R ∼ N (0, σ 2 R ).In the following subsection, we provide the details of our implementation of the proposed proximity estimation using a simple Kalman filter.

A. Proof of concept for mobility-based proximity estimation
We have performed a set of experiments at two different environments: i) in a small auditorium; and, ii) in a library.In both scenarios we had a static Bluetooth low energy (BLE) beacon, transmitting at 1 dBm and a smartphone (mobile node) measuring the RSSI at different locations.This decision is motivated by the scenario assumed for this study, i.e., the access point (Bob) is fixed while the mobile IoT device (Alice) takes consecutive proximity measurements.The line of sight between the two devices was not always present due to moving people in the area.Moreover, there were other BLE and WiFi devices in the vicinity, causing further interference.
First, in Fig. 5, we demonstrate the performance of the Kalman filter.The chosen parameters are as follows: the process variance to Q = 10 −6 ; the measurement noise variance for the specific environment was chosen as σ R = 0.1.and u = 0, as no control signals are used.The results show that the filtered data quickly stabilize eliminating the noise in the measurements, while the raw RSSI data wildly fluctuate by tens of dBms.
Next, the path loss model for each environment was determined.In both scenarios the smartphone was used to measure the RSSI at different distances from the BLE beacon (1, 3, 6 meters).For each distance, we performed 50 measurements  while during each measurement the mobile device collected 20 samples of the RSSI.The motivation behind this value is that in a realistic online phase, Alice could quickly (in a matter of milliseconds) collect 20 samples.Furthermore, as it can be seen in Fig. 5 even before the 20th sample the Kalman filter has already converged and its output varies only by a few dBms.Therefore, for our proximity estimation we assume that the 20th output of the Kalman filter is the "decision" output which Alice uses to determine her distance to Bob.The curve fitting of the path loss model in both scenarios is given in Fig. 6.The curves show the standard deviation of the collected RSSI data and the standard deviation of the "decision" outputs of the Kalman filter.The estimated channel parameters for both scenarios are given in Table II.Finally, the distance estimations based on (2) using the collected RSSI data and the "decision" outputs of the Kalman filter are shown in Fig. 7. Overall, in Figs. 6 and 7 it can be seen that using this simple mechanism greatly improves the reliability of the proposed method.It can be observed that the environmental impact over the signal, such as noise and objects, increases at greater distance.This directly influences the distribution of the RSSI and increases the variation from the mean value.However, by using the "decision" output of the Kalman filter these variations are limited and the mobile node (Alice) can successfully determine whether the static access point (Bob) is in one of the three regions: immediate (1 m), near (3 m), or far (6 m).Moreover, since Alice moves in a manner that is unpredictable for adversaries, a malicious node cannot impersonate Bob unless they are colocated.This simple proximity estimation technique is used as an independent factor in a multi-factor authentication protocol presented in the next section.

V. PROPOSED MULTI-FACTOR AUTHENTICATION PROTOCOL
This section presents a lightweight multi-factor authentication scheme, leveraging PUFs, proximity estimation and SKG.It provides a mutual authentication between Alice (a mobile IoT node) and Bob (static edge server) and consists of: an enrollment phase, an authentication phase and uses SKG as a quick resumption mechanism.We note that during the channel estimation (through pilot exchange in both directions) the parties can take measurements of the RSSI and / or of the full channel state information (CSI) if needed.Using the RSSI measurements Alice performs the mobility-based proximity introduced in Section IV.She positions herself in diverse (unpredictable) locations and takes multiple measurements in order to estimate Bob's location.Next, using the CSI both Alice and Bob perform the SKG approach given in Sec.III.Before providing the overall security analysis we first present all individual primitives.The notation used throughout this section is defined as follows: • A SKG scheme generating as outputs binary vectors K and S A of sizes k = |K| and |S A |, respectively, with K ∈ K denoting the key obtained after privacy amplification and S A ∈ S denoting Alice's syndrome.• Alice's PUF denoted by P A that generates a response R ∈ R to a challenge Ch ∈ Ch, i.e., R = P A (Ch).Also, a pair of fuzzy extractor algorithms, denoted by Gen : R → K R × H R , accepting as input the PUF response and generating as outputs the identification (fuzzy) key and helper data, with corresponding reproduce algorithm Rep : R × H R → K R , such that: where R, R ∈ R, K R ∈ K R and H R ∈ H R .Generally, the Rep function has greater computational complexity than the Gen [47], therefore, in the proposed scheme we perform the more complex operation on the resourceful device rather than on a constrained IoT node.• A symmetric encryption algorithm, e.g., AES-256 in Galois field counter mode (GCM) 4 , denoted by Es : K × M → C T where C T denotes the ciphertext space with corresponding decryption Ds : K × C T → M, i.e., for M ∈ M, C ∈ C T .• A pair of message authentication code (MAC) algorithms, denoted by Sign : K × M → T , with a corresponding verification algorithm Ver : K × M × T → {yes, no}:

integrity not verified
• A cryptographic (irreversible) one-way hash function that is used to compress the size of an input binary vector of length q to a binary vector of length k = |K|.In all of the previously defined functions, the insertion of an index i − 1 denotes the value of a variable or quantity one instance earlier than its corresponding value at instance i, e.g., Ch 1 denotes the PUF challenge at instance 1 while Ch 2 denotes the PUF challenge at instance 2. Furthermore, following from the definition of PUFs, every challenge produces a unique response and corresponding helper data and authentication keys, i.e., P A (Ch 1 ) = P A (Ch 2 ) and Gen(P A (Ch 1 )) = Gen(P A (Ch 2 )).Finally, concatenation of two binary vectors X and Y is denoted by (X||Y ).

A. Device enrollment
The enrollment is a one-time operation carried out offline over a secure channel between Alice (referred to in the following as node A) and Bob (referred to in the following as node B).The steps taken during enrollment are summarized in Fig. 8 and are performed as follows: 1) In order to establish the link between them, both devices need to exchange pilot signals.Alice ID-A

Pilots exchange
Link established A ID,2 = Hash(A||N B ||R 3 ) Verify: A is at the expected distance Fig. 9. Authentication protocol

B. Authentication
Once the enrollment is finished, both devices can use the established parameters for future authentication over an insecure channel.The steps taken during authentication are summarized in Fig. 9 and are performed as follows: 1) The devices exchange pilot signals and observe X A , X B , respectively, which they subsequently quantize to bit strings Y A and Y B , correspondingly.From this step, A also measures the RSSI of the received signals.

2) Next, A runs the proximity verification discussed in
Section IV to confirm the location of B. If the verification fails, she stops the authentication process.If it succeeds, she completes the steps of the SKG process, calculating her syndrome S A and key K.The key will be used later as a session key if the authentication is successful.Then, A sends her request for authentication which contains a one-time alias ID A ID,i and a fresh random nonce N 1 .3) Upon reception, B accesses the database and loads the parameters that corresponds to the ID, i.e., CRP (Ch 2 , R 2 ) and key K R,1 .Then he generates a fresh random nonce N B and breaks K R1 into two parts as follows: ).He uses the first part to encrypt , and uses the second part to sign M B as: Next, she excites her PUF to produce R 3 and R 4 .In order to generate the key that will be used in a future execution of the authentication protocol, A executes Gen(R 3 ) = (H R,3 , K R,3 ).Next, she calculates the onetime alias ID for future execution of the protocol as A ID,2 = Hash(A||N B ||R 3 ) which due to the randomness of N B and R 3 , cannot be linked to A ID,1 .Updating the parameter allows Alice to use a fresh ID during subsequent authentications and, therefore, preserves her privacy from eavesdroppers.The pairs (Ch 4 , R 4 ) and (K R3 , A ID,2 ) will be used in a subsequent connection with B. Next, A breaks her key K R ,2 into two parts ).Similarly, to the previous step she uses half of the key to encrypt the message Then, A uses the second half of the key to sign the ciphertext A ID,i+1 = Hash(A||Y A ) Perform SKG using Y * : A ID,i+1 = Hash(A||Y A ) Read: Resumption secret Z Verify: A is at the expected distance Fig. 10.Resumption protocol using R 3 and the principles of the FE, B performs Gen(R 3 ) = (H R,3 , K R,3 ).He calculates A ID,2 = Hash(A||N B ||R 3 ).Following that, he stores the pairs (K R,3 , A ID,2 ), (Ch 4 , R 4 ) which will be used during the next round of the protocol.Finally, using the received syndrome S A , B corrects the discrepancies in his observation Y B to obtain Y A and calculates the session key K = Hash(Y A ). 6) After the authentication process finishes, A and B enter the secure communication stage with session key K.
During this stage, they generate a resumption secret Z, leveraging SKG.Instead of performing full authentication in subsequent sessions, the secret can be used as a parameter to quickly "resume" sessions in 0-RTT.

C. Resumption protocol
This section presents a novel physical layer resumption protocol that allows A to send encrypted data in 0-RTT.During the secure communication stage of the authentication protocol in Fig. 9, B sends to A a look-up identifier.Then, both derive a resumption secret Z that is a function of the look-up identifier and the session parameters.The usage of a resumption secret for authentication helps avoid man-in-the-middle attacks in the scenario assumed here.Given the above, the resumption protocol follows the steps: 1) As before, in order to establish the link both devices perform pilot exchange.A and B obtain channel observations and generate sequences Y A and Y B , respectively.Note that, Z and Y A , Y B have the same length.2) Next A, generates a fresh random nonce N 1 and reads the resumption secret Z to generate Y * = Z ⊕ Y A .Then, using her Slepian Wolf decoder she calculates the new syndrome S * , that corresponds to Y * , and generates the session key as K * = Hash(Y * ).She also calculates the one-time alias ID that will be used for subsequent session as: A ID,i+1 = Hash(A||Y A ).A breaks her key into two parts and uses the first part to encrypt the early 0-RTT data M as Es(K * 1 , M ) = C.The second part she uses to sign the cipher text Sign(K * 2 , C) = T .Finally, she sends (S * ||A ID,i ||N 1 ||C||T ).Note that the key K * can only be obtained if both the physical layer generated key and the resumption key are valid and this method can be shown to be forward secure [48].

VI. SECURITY ANALYSIS
In this section, we analyze the security of the proposed multi-factor authentication protocol illustrated in Fig. 9.For the purpose of our security proofs we consider a Dolev-Yao [49] type of adversary, who has control over the wireless channel between A and B. Furthermore: 1) the adversary can send any type of messages and queries using its knowledge gained through observation; 2) all functions and operations performed by the legitimate users during the execution of the protocol are public except P A (•) and the entire enrollment phase; and, 3) the adversary can launch denial of service (DoS) attacks and block parts of the protocol in order to desynchronize the connection between A and B. In terms of the SKG, for simplicity, in this work we assume a rich Rayleigh multipath environment where the adversary is more than a few wavelengths away from each of the legitimate parties and the SKG rates are given as in Section III.

A. Mutual authentication
The proposed protocol uses a set of factors to achieve mutual authentication.It uses a mobility-based proximity estimation as a first factor of authentication.This verifies whether the server is at the expected distance.Next, A authenticates B by verifying whether the correct key is used for creating C B and T B .On the other hand, B authenticates A by first confirming the validity of the received one-time alias ID A ID,i and second by verifying whether she produced a valid response to Ch i .The second condition is confirmed only if A uses the correct key to generate the pair C A , T A .

B. Untraceability and anonymity
During the execution of the authentication protocol, A must posses a valid one-time alias ID A ID for each session.The onetime alias identity cannot be used twice and there is no direct relationship between subsequent IDs.Thus, no one except B would know the origin of the message.Furthermore, in case of de-synchronization the device can use the set of emergency IDs A ID,emerg .After using an emergency ID it has to be deleted from A's and B's memory.This approach provides privacy against eavesdroppers and ensures user's anonymity and identity untraceability properties.

C. Perfect forward secrecy
Assuming an attacker compromises A and obtains all stored secrets, i.e., (K R , A ID ), he cannot obtain previous keys or one-time alias IDs.First, each K R is generated using a CRP and CRPs are randomly generated and independent.Hence, by obtaining K R,i an adversary cannot learn K R,i−1 .Next, onetime alias IDs are generated using a one-way hash function of unique parameters for each session; if an adversary obtains A ID,i , he can not inverse the hash function.Furthermore, using the randomness of the wireless channel ensures that session keys are unique and independent for each session.Therefore, the proposed authentication protocol ensures the perfect forward secrecy property.

If an adversary intercepts previous communication between
A and B, he can replay the same messages and try to pass the authentication process.In the protocol presented in Fig. 9 none of the parameters in the initial request are allowed to be sent twice, hence, if an attacker resends the same message to B the attack will be detected and the request will be rejected.Next, if the adversary tries to re-send C B to A, he will be detected, since the key used to encrypt C B is changed during every session.Similarly, if the adversary tries to re-send C A , he will be detected and the request will be rejected because the key used to encrypt C A is changed every session.The above shows that the proposed protocol provides resistance against replay attacks.

E. Protection against impersonation attack
A successful impersonation attack will allow the adversary to be authenticated as a legitimate user.Following from above, an adversary cannot perform a replay attack, which limits his options to perform an impersonation attack.Following from that, in order to impersonate A he must generate 1) a valid one-time alias ID, and, 2) a valid ciphertext C A .However, due to the unclonability properties of the PUF and the fact that the connection between a device and its PUF is secure, (i.e., system on chip) the adversary cannot generate a valid ciphertext C A , hence cannot impersonate A. Next, in order to impersonate B, the adversary must posses a valid key K R,1 and generate a valid ciphertext C B .To obtain the key an adversary must compromise A (an example of such a scheme vulnerable to this attack can be found in [16]).However, even if A is compromised, the attack will be detected using the proposed proximity detection approach.This shows that our multi-factor authentication protocol provides resistance against impersonation attacks.

F. Resistance to DoS attack
To ensure security against DoS and de-syncronization attacks, the authentication protocol uses unlinkable one-time alias IDs and pairs of sets with emergency parameters (C emerg , R emerge ) and (K R,emerg , A ID,emerg ).If an adversary manages to block a message from a legitimate party, such that it does reach its intended receiver, the authentication process will stop and the used A ID,i will not be updated.To overcome that A can use one of her emergency IDs from the set A ID,emerg .B will then read the corresponding K R,emerg from the set K R,emerg and use it to encrypt a message containing an emergency challenge C emerg from the set C emerg .Next, both parties can continue the authentication process as usual and setup a new one-time alias ID.In order to prevent replay attacks all used emergency parameters must be deleted from the corresponding set.This approach provides resiliency against DoS to de-synchronization attacks.

G. Protection against cloning attacks
A successful cloning attack allows the adversary to use a captured device in order to obtain secrets stored on another device.In the proposed protocol each device posses a unique pair (K R , A ID ).Furthermore, all devices have unique PUFs and will produce a unique response to a challenge.Hence, the adversary cannot use secrets derived from one device in order to clone another.

H. Protection against physical attacks
Successful physical attacks could be performed by physical tampering of the IoT device in order to change its behavior.However, by changing its behavior, the PUF will not produce the desired response and therefore B will detect the attack.Therefore, the proposed protocol is resistant against physical attacks.

I. Secrecy proofs using BAN and MB logic
The secrecy evaluation of security protocols ensures that an adversary cannot obtain or alter secret parameters.In this regards, the BAN logic [27] is a widely used secrecy verification tool.However, some weaknesses were identified by the authors of [50].They extended and improved the BAN logic to a more reliable version, namely MB logic, which is used in this paper.Formal proofs are deduced using a set of initial beliefs and rules and are based upon the message exchange within the protocol.The initial steps of MB logic are idealization of the protocol and identification of the initial beliefs.The protocol message idealization is used to interpret the implicit context-dependent information into explicit protocol specification.Based on the set of rules defined in [50], the protocol in Fig. 9 is idealised as: where R gives the relation of the parameters, as defined in [50].Next, denoting principals as A, B, messages and keys as M, K, respectively and formulas as X, the main properties of MB logic are: A |≡ X denotes A believes X is true;

good shared key between A and B;
A ||M denotes M is not available to A; sup(B) denotes B is a super-principal.Following that, the inference rules defined in [50] and used in this paper are given in Table III (Note, {•} C denotes complement).Given the fact that the enrollment phase is performed on a secure channel the initial beliefs can be defined as follows: Given the initial beliefs, the authentication property of the current run of the protocol can be directly verified using the authentication rule (R1) as shown in Table III.In fact, the authentication of B to A (A to B) can be proven by simply using assumptions A1 and A9 (A2 and A5) in the numerator of the rule.
Next, we prove the secrecy of parameters R 3 (the proofs for secrecy of N A and R 4 are identical) which could be used as initial belief for the next run of the protocol.The proof for B |≡ A R3 ↔B is given in Fig. 11.Similarly, one can prove that A |≡ A R3 ↔B and therefore, both parties A and B agree that R 3 is a good shared secret.However, the proof for A is not presented here due to the space limitation, instead we provide a formal verification of all security properties using Tamarinprover [51].Given the above and using the fuzzy extractor properties [52] it can be concluded that K R,3 and K R,4 are good shared keys between A and B.

J. Session key agreement
It is a common practice in literature to use nonces as part of the session key generation process [15], [16], [18].However, note that even if N A and N B are good shared secrets between A and B the low entropy of pseudo-random number generator (PRNG) modules may provoke a set of attacks [32], and lead to information leakage.Furthermore, it has been shown that true-random number generators (TRNGs) can greatly increase the time complexity in a resource limited systems making the generation time infeasible [53].Therefore, we limit the role of the nonces in the proposed scheme to only a source of freshness.On the other hand, the randomness already present in the wireless channel allows for a secure and lightweight key generation process through the SKG procedure, as illustrated in Section III.Finally, we note that if the session key gets compromised, the authentication process remains secure as the adversary cannot obtain the PUF response using the session key.

K. Security verification using the Tamarin-prover
The security properties of the authentication protocol given in Section V were verified using the formal verification tool, Tamarin-prover [28].Tamarin was used to prove: secrecy, aliveness, weak agreement, non-injective agreement, injective agreement, untraceablity and anonymity.The model of our authentication protocol and all security proofs can be found at [51].

VII. CONCLUSIONS
In this work we introduced a fast, privacy preserving, multi-factor mutual authentication protocol for IoT systems, leveraging SKG from fading coefficients, proximity estimation leveraging mobility and PUFs.To demonstrate the SKG performance in delay constrained applications, we provided a numerical comparison of three families of SW reconciliation codes in the short and medium blocklength regimes.Next, we conducted a set of experiments to demonstrate the applicability of our proposed proximity detection in BLE networks, that leverages mobility of an IoT node.Finally, we validated the properties of the proposed authentication protocol through a detailed security analysis, using BAN and MB logic as well as the Tamarin-prover.Our analysis proves the potential of the proposed protocol as a lightweight, multi-factor alternative to the currently used computationally intensive authentication schemes, with a particular interest in IoT networks of constrained devices and wireless sensor networks.

Fig. 1 .
Fig. 1.System model for coding on secret key generation.

Fig. 5 .
Fig.5.Measured RSSI data (dashed) and filtered data using Kalman filter (solid) at distance of 3 meters.The measurement noise variance is set to σ R = 0.1.

Fig. 6 .
Fig.6.Curve fitting of the path loss model for a small auditorium (TOP) and a library (BOTTOM).

Fig. 7 .
Fig. 7. Distance estimation for a small auditorium (TOP) and a library (BOTTOM).
Finally, he sends the ciphertext M B and the signature T B to A. 4) By using her stored key K R,1 , A verifies the authenticity of B and the integrity of the message M B .If one of the verification checks fail A rejects the message's claim to authenticity.If the verification succeeds she accepts and excites her PUF with the received challenge Ch 2 .By running it on her PUF she obtains a new measurement R 2 = P A (Ch 2 ) and Gen(R 2 ) = (H R ,2 , K R ,2 ).Afterwards, she generates a new fresh random nonce N A and calculates the next two challenges as follows: Ch 3 = Hash(Ch 2 ||N A ) and Ch 4 = Hash(Ch 3 ||N B ).
Finally, A sends C A , T A and H R ,2 to B and stores the pair K R,3 , A ID,2 .5) Upon receiving the preceding message, B verifies the condition Rep(R 2 , H R ,2 ) ? = K R ,2 by using the stored R 2 (from the enrollment phase) and the received helper data H R ,2 .If the verification fails, B rejects the claim to authenticity.If the claim is accepted, he verifies the integrity of C A using the signed ciphertext T A .Next,

3 )
Upon receiving the output from the last step, B reads the resumption secret Z and obtains Y * = Z ⊕ Y B .Using that and the received syndrome S * , B obtains K * = Hash(Y * ).He uses the condition K * ?= K * to verify the authenticity of A and the integrity of the message.If the above succeeds he calculates Y A = Y * ⊕ Z and stores A ID,i+1 = Hash(A||Y A ). Using the obtained key, B can now decrypt the message M .4) After the resumption process finishes the two devices enter the secure communication stage using K * as a session key.During this stage, they use the channel and session properties to generate new shared resumption secrets that can be used in subsequent resumptions.

Fig. 11 .
Fig. 11.Secrecy proof in tableau format demonstrating B believes R 3 is a good shared secret between A and B. Initial beliefs, due to communication events are denoted with ellipses.The rules used to deduce the final goal are denoted when implied.

TABLE I CONTRIBUTIONS
OF THIS PAPER.
During this exchange A measures the RSSI.Furthermore A downloads (or creates) a map of the premises which contains the location of B to enable proximity based authentication.2) After establishing the connection, Alice sends her ID A with a request for registration Request.3) Upon receiving the request, B first checks if the received ID has already been registered.If B finds the ID within his database the request is rejected.If A has not been registered B generates two initial PUF challenges Ch 1 , Ch 2 and an initial one-time alias ID A ID,1 .These challenges will be used during subsequent authentication and will be updated with each run of the protocol.Next, B generates sets of emergency challenges The emergency sets are used only in a case of de-synchronisation between the devices and have multiple entries to allow for multiple recoveries.Finally, Bob sends the message(Ch 1 ||Ch 2 ||A ID,1 ||C emerg ||A ID,emerg ) to Alice.Note that the two emergency sets are linked such that each element has a corresponding one in the other set.4) After receiving the message, Alice excites her PUF P A with Ch 1 , Ch 2 and all challenges from the set C emerg , producing responses R 1 , R 2 and R emerg , respectively.Next, she uses R 1 and R emerg as inputs to her fuzzy extractor to generate the pair (H R,1 , K R,1 ) and the sets of pairs (H R,emerg , K R,emerg ).Afterwards, Alice stores A 2 , Fig. 8. Enrollment phase and one-time alias IDs C emerg and A ID,emerg , respectively, such that |C emerg | = |A ID,emerg |.ID,1 , K R,1 , K R,emerg , A ID,emerg and sends the following message to Bob (R 2 ||R emerg ||K R,1 ||K R,emerg ). 5) To finalise the registration process, B stores the following elements that correspond to ID A in his database: initial authentication parameters A ID,1 , K R,1 , Ch 2 , R 2 and emergency authentication parameters in case of desynchronisation C emerg , R emerge , K R,emerg , A ID,emerg .

TABLE III INFERENCE
RULES ADOPTED FROM MB LOGIC