Approximative Threshold Optimization From Single Antenna to Massive SIMO Authentication

In a wireless sensor network, data from various sensors are gathered to estimate the system-state of a process system. However, adversaries aim at distorting the estimation, for which they may infiltrate sensors or position additional devices in the environment. For authentication, the receiver can evaluate the integrity of measurements from different sensors jointly with the temporal integrity of channel measurements from each sensor. Therefore, we design a security protocol, in which Kalman filters predict the system-state and the channel-state values. Then, the received data is authenticated by a hypothesis test. We theoretically analyze the adversarial success probability and the reliability in two ways, based on chi-square and Gaussian approximations. The two approximations are exact for small and large data vectors, respectively. Hence, the Gaussian approximation is suitable for analyzing massive single-input multiple-output (SIMO) setups. This approximation is adapted to channel hardening, which occurs in massive SIMO fading channels. As adversaries always look for the weakest point, a time-independent security level is required. Hence, the approximations are used to propose time-varying thresholds for the hypothesis test, which approximately attain a constant security level. Numerical results show that either the security level or the threshold value can be time-independent, but not both.

. The fusion center wants to authenticate packets from legitimate sensors. The question marks indicate that each sensor might be legitimate or malicious and that each packet might also have been transmitted by an adversarial device. over time. Note that threshold-based authentication schemes show a trade-off between the achieved security and reliability. Hence, here we specifically focus on designing the authentication process such that the achieved security level is constant over time. To fulfill this condition, the threshold value needs to be optimized for each received packet individually.
This work focuses on authenticating data and assuring system integrity by detecting FDI attacks from adversarial devices or malicious sensor nodes at the physical layer. Therefore, the authenticity is validated by employing measurements of the channel and the sensors jointly. We consider the communication between multiple sensors and a fusion center as shown in Fig. 1, in which the data are authenticated by a combination of these two measures.
r Multiple sensors measure data from the same physical process or control system. By checking the integrity of the measurements from the different sensors, malicious sensor nodes can be detected.
r The channel values are measured regularly within existing physical layer communication protocols. These values are highly location-dependent and cannot fully be replicated by a spatially distinct adversary. By evaluating the temporal integrity of the channel measurements, adversarial transmitters added to the surroundings can be detected. The differences between both types of measurements and their corresponding predictions will be evaluated in a hypothesis test. Mathematically, this means that we will calculate the norms of the Gaussian-distributed differences and compare these to threshold values.
Between different Internet of Things (IoT) devices and wireless sensor networks, the number of available resources varies. Some sensors and fusion centers are low-cost and equipped with only a single antenna. Other fusion centers are connected to a base station, which may be equipped with a massive number of antennas and thus able to apply massive single-input-multiple-output (SIMO) techniques [5]. Also, the number of measurements obtained from each sensor might vary. While some sensors only measure a single value (such as temperature or filling level sensors), other sensors measure various types of information together (such as image sensors). This means that authentication schemes are needed that are suitable to secure systems with a wide range of available resources. When the number of resources is large, channel hardening can become relevant [6]. While the channel and sensor measurement of a single antenna or sensor can have high statistical variations, the effect of the variations is significantly reduced when a large number of resources is considered. This effect has been investigated for the channel gain obtained in massive SIMO systems with fading channels in [7]. For threshold-based authentication systems, channel hardening will lead to a significant reduction of the time-dependency of the different optimized threshold values.
To cover these effects, we employ three different analyses to optimize the threshold in a threshold-based authentication system.
r First, we consider systems with small numbers of resources. In this case, the hypothesis test becomes equal to the comparison of non-central chi-square distributed variables with the threshold values.
r Second, we consider systems with asymptotically large numbers of resources. Thereby, the central limit theorem holds, and the hypothesis test becomes a comparison of Gaussian distributed variables with the threshold values.
r Third, we consider systems where the numbers of resources are asymptotically large and channel hardening occurs, to obtain additional insights. Here, the central limit theorem holds again, but further mathematical simplifications can be applied by exploiting the reduced time dependency of the threshold values occurring in this case. For each of these analyses, we create approximations, which theoretically analyze the security and reliability of systems with wider ranges of resources and optimize the threshold values.
In the following, we will provide an overview of related authentication methods.

A. LITERATURE REVIEW
As protection against FDI and replay attacks, different kinds of physical layer authentication schemes have been considered in the literature. Thereby, various kinds of approaches have been employed to provide authenticity and attackresilience. Especially the stochastic nature of wireless channels, fingerprints of transmitter hardware impairments, and watermarking methods have been widely used for authentication [8]. Additionally, there has been a widespread research focus on attack-resilient state estimation [9] and assuring data integrity [10]. For all of these kinds of approaches, similar techniques have been used to develop authentication schemes.
As examples of hardware impairments, the carrier frequency offset and the in-phase/quadrature imbalance (IQI) have been employed for authentication in [11] and [12], respectively. Thereby, in [11] the carrier frequency offset has been followed by a Kalman filter to provide authenticity. In [12], IQI has been used to authenticate amplify-andforward relays by comparing a sequence of IQI measurements to a reference sequence.
The properties of the channel have been exploited to authenticate devices. Note that there are several different channel models (such as time-varying and time-constant channels). Hence, the channel measurements have been classified based on various signal processing and machine learning techniques, such as support vector machines (SVMs) [13], Kalman filters [14], [15], [16], and generative adversarial neural networks (GANs) [17]. In [8], an authentication scheme has been proposed, which compares the channels of two sequentially received packets in massive multiple-input multiple-output (MIMO) systems. Moreover, the channel measurements can be processed to obtain information on the transmitter location and the surroundings. In [18], the angle of arrival has been used to authenticate the transmitter in a vehicular communication network (V2X) scenario.
Moreover, various other works have focused on securing control systems based on validating the integrity of measurements from monitored or controlled systems. For example, the integrity of data from multiple sensors is evaluated to find malicious sensors in [19]. In [20], a chi-square detector is established to tackle the issue of FDI attacks in the form of linear manipulation of the sensor values in the case of a single sensor.
Note that there has been only very limited research on using channel and process parameters jointly for authentication. Moreover, especially Kalman-filter-based algorithms have been widely utilized in the context of integrity validation. Here, cases range from authentication based on transmitter hardware [11] and the channel [14], [15], [16] to validate the integrity of the measurements from different sensor nodes [19], [20]. Out of these, [20] employs a time-constant threshold value when comparing the new measurements with the prediction. The works [11], [16] compare each element of the difference vector individually with time-varying threshold values, which are designed to obtain a time-constant reliability. In [19], multiple integrity schemes are proposed. Thereby, out of the measurements from the different sensors a fixed number of outliers is detected, such that no threshold values are required. Moreover, an algorithm is proposed that learns over time the optimum of the time-constant threshold values. The works [14], [15] focus on robustness in the presence of hardware impairments and do not discuss the choice of the threshold values.

B. CONTRIBUTIONS
In this work, we apply a Kalman-filter-based scheme to authenticate the data transmission in a wireless sensor network. The contributions are as follows: r While other works have focused on authenticating the users either based on the channel or the process parameters, we employ both kinds of parameters jointly to create a secure and attack-resilient state-estimation system. Thereby, all elements from the same data vector are evaluated in common in the hypothesis test.
r We provide three approximations for the security and the reliability level obtained under a given threshold. The first approximation holds exactly for a small amount of resources, such as very few antennas and sensors. The second approximation instead is exact for an asymptotically large amount of resources as available in massive SIMO. The third approximation takes the effect of channel hardening into account and is otherwise similar to the second.
r The approximations are then used to suggest timedependent thresholds that enable the approximate fulfillment of a constant security level. For a single resource and an asymptotically large number of resources, the security level can be fulfilled exactly in the considered model.

C. NOTATION
Vectors x and matrices X are denoted in bold lower-case and bold upper-case letters, respectively. (·) * and (·) H indicate the conjugate and conjugate-transpose, respectively. The symbols ∨ and ∧ denote a logical OR and a logical AND, respectively. N (x, X ) and CN (x, X ) refer to the real-valued and complexvalued Gaussian density function, respectively, with mean x and covariance X ; and exp(− y 2 2 )dy refers to the Q-function. Moreover, Q M (a, b) and P(M, b) refer to the Marcum Q-function and the lower regularized incomplete gamma function, respectively.

II. SYSTEM MODEL
The considered system consists of G sensors, which observe the process system and transmit measurements via the wireless medium to the fusion center regularly. In Fig. 2, the interaction of one sensor and the fusion center is shown schematically.
r Each sensor regularly measures data from the process system and transmits these to the fusion center.
r For the transmission, a channel coding scheme is applied and pilots are inserted, which allows for jointly decoding the sensor observation and measuring the channel.
r The fusion center uses the two observations to authenticate the received data. Next, we focus on the model of the process system and the channels. Afterward, we will discuss the adversary model.

A. PROCESS SYSTEM
We focus on a process system whose system-state values x P (t ) are Gauss-Markov distributed [21]. This means that the system-state values are modeled by a state-space equation and slowly change over time. Thereby, the derivative of the system-state values depends linearly on the system-state values. Hence, the model of the process system can be described x P (0) = x P,0 .
Thereby, the input noise u P (t ) is distributed as complex Gaussian with zero-mean and covariance matrix U P , i.e., u P (t ) ∼ CN (0, U P ). We are considering the case in which the state matrix is diagonalizable with an eigenvalue decomposition of A P = W P P W −1 P and the system is stable, i.e., {( P ) i,i } < 0 for all i. In this case, the system is stationary. When considering the system-state at time t without any prior information, it will be distributed as x P (t ) ∼ CN (0, X P ), where the covariance matrix of the system-state is [22] where and λ P,i = ( P ) i,i . Each sensor g observes only the part of the system described by the output matrix C P,g and transmits the measurement at time instants t via the channel to the fusion center. Due to an imperfect transmission via the wireless medium, a noise at the receiver n P,g (t ) ∼ CN (0, N P ) is induced with covariance matrix N P , which we will discuss later. Hence, the sensor measurement received by the fusion center is the M P -dimensional vector specified by the output equation y P,g (t ) = C P,g x P (t ) + n P,g (t ).
This means that the output vector at time t will also have a stationary complex Gaussian distribution with zero-mean, i.e., y P,g (t ) ∼ CN (0, C P,g X P C H P,g + N P ).

B. CHANNEL MODEL
The sensor nodes alternately record new measurements and transmit them via the wireless medium to a fusion center.
All sensor nodes are equipped with a single antenna, while the fusion center is connected to a base station with M C antennas. The transmission scheme is assumed to encode the data and insert pilot signals, from which the channel will be estimated at the receiver. Thereby, Rayleigh fading channels are considered, in which the channel-states x C,g (t ) follow a Gauss-Markov model (see for example [23], [24], [25]). Hence, the state values develop as x C,g (0) = x C,g,0 . (5b) Here, A C is the state matrix of the channel, while the input noise u C,g (t ) is complex Gaussian distributed as u C,g (t ) ∼ CN (0, U C ) with zero-mean and covariance matrix U C . Hence, the channel measurement of legitimate packets is of the size M C , in which C C,g is the output matrix of the channel, while the noise at the receiver is zero-mean and has covariance N C , i.e., n C,g (t ) ∼ CN (0, N C ). Hence, the channel variables x C,g (t ) and y C,g (t ) have stationary distributions that are similar to that of the corresponding process variables. Due to the proximity of the antennas, the entries of the output vector y C,g can be correlated. To reflect this, the matrices U C , A C and C C,g can have an arbitrary structure. We assume that the state and output matrix, as well as the respective noise covariance matrix for both the system and the channel, are known to all parties. The channel measurement is then further used to decode the received sensor measurement. Thereby, the noise at the receiver has a covariance matrix N P , which depends on the thermal noise, the employed source-coding scheme, and imperfections occurring from imperfect channel estimation [25]. Within the scope of this paper, we assume the covariance matrix N P to be identical for all packets.

C. ADVERSARY MODEL
Previously, we have modeled the transmission of legitimate transmitters as shown in Fig. 2. However, there might also be adversaries present, whose motive is to get their packets authenticated by the receiving actuator. To model these, we are assuming two kinds of adversarial transmitters as shown in Fig. 1: r Attackers might infiltrate existing sensors. In this case, the sensor will transmit a malicious system observation, while the measured channel-state will match the one of the previous transmission.
r Also, adversaries can position their own devices in the environment. Due to their distinct locations, they typically have individual channels, which are different from those of legitimate sensors [26]. To deal with a more capable adversary, we grant these devices access to the actual system output (i.e., we assume a genie-aided adversary). Hence, a strategy can be to first mimic the output of the legitimate sensor, before changing to adversarial data. Both types of adversaries choose sensor data with the same long-term statistics as the legitimate sensor. Similarly, the channel of all types of devices will have the same long-term statistics. Due to the complex valued Gaussian distribution of (4) and (6), the adversarial output values will also be complex valued Gaussian distributed. To generalize from these two adversaries, we consider an adversarial transmitter, whose packets will contain a partially different measurement value, which is modeled to be distributed as Thereby,ỹ P,g (t ) andỸ P,g (t ) are the mean and covariance of the received data, which can be correlated to the vector y P,g (t ) from the legitimate sensor. Moreover, we assume the receiver to measure a channel from the adversary, which is distributed as the Gaussiañ which has a mean and covariance matrix ofỹ C,g (t ) and Y C,g (t ). Thereby, the measurement noise occurring at the receiver is already included inỸ P,g (t ) andỸ C,g (t ). This means that depending on whether the packet has been transmitted by a legitimate or adversarial transmitter, the received process and channel measurements are Thereby, adversarial devices positioned in the surrounding might chooseỹ P,g (t ) = C P,g x P (t ) + n P,g (t ) to optimize the probability of getting a packet accepted, while the channel measurement is distributed asỹ C,g (t ) ∼ CN (0, C C,g X C C H C,g + N C ). However, an infiltrated sensor typically has a channel equaling the one of a legitimate transmission, i.e.,ỹ C,g (t ) = C C,g x C,g (t ) + n C,g (t ), which is highly correlated to the channel from the previous transmission. In this case, the attacker might choose a sensor value ofỹ P,g (t ) ∼ CN (0, C P,g X P C H P,g + N P ). In the following, we will design a physical layer security protocol, which secures the system against both kinds of attacks.

III. PROTOCOL DESIGN
Due to the potential presence of adversaries, it is essential to authenticate the received data. Therefore, we design a security protocol separated into a registration phase, a login phase, and an authentication phase, in which we specifically focus on the latter.
Before the arrival of the first packet at time t, the systemstate and channel-state values can be predicted aŝ Thereby, the uncertainties of the predictions arê In the following, we elaborate on the three phases of the security protocol.

A. REGISTRATION PHASE
When a new sensor logs in to the system, the first packet needs to be verified. Therefore, a trusted environment can be set up to secure the corresponding packets. Alternatively, the sensor is registered in advance to the fusion center by establishing a common secret between the devices [27].

B. LOGIN PHASE
In the login phase, the sensor transmits the observation of the process system at time t such that the fusion center can verify the transmission with already existing methods. Therefore, one option is to ensure that the environment is trusted during the transmission of these packets, such as in the case of a manual pairing. Alternatively, a common secret can secure the transmitted data if priorly established between the devices [4]. Afterward, the data included in the received packet are used to update the estimates of the system-state and the channel-state.
Recall that the process system behind all sensor observations is identical. Hence, we focus on employing the difference between the output vectors y P,g (t ) and the prediction obtained from the most recently authenticated packet from any sensor. The timestamp of the corresponding observation is referred to as t P , which is set to −1 for the first observation. As the channel measurements from the different sensors are independent, each channel measurement y C,g (t ) needs to be compared to a prediction obtained from the most recently authenticated packet from the same sensor, which has been received at time t C,g . In the login phase, no prior measurement from the same sensor is available, which is indicated by t C,g = −1.
Having these definitions available, the data from the received packet can be used to update the estimates of systemstate and channel-state. Therefore, the estimation error, i.e., the difference between measurement and prediction, is required, which is e P,g (t ) = y P,g (t ) − C P,gẑP (t|t P ), (13) e C,g (t ) = y C,g (t ) − C C,gẑC,g (t|t C,g ).
As the system-state and the channel-states follow a similar behavior, we focus on developing a Kalman filter [28] to track the state of the process system. The signal processing for the channel-states can be described similarly. Employing priorly available estimates such as (11) and (12), the received process measurement can be used to obtain an initial estimate of the system-state value of the process and the corresponding uncertainty. Therefore, Kalman filter equations can be used, i.e., Similar expressions with concatenated matrices and vectors hold if measurements from multiple sensors are processed jointly at the same time. The following packets will be authenticated based on the obtained estimates of the system-state and the channel-state.

C. AUTHENTICATION PHASE
To verify the following receptions, the available estimates of the system-state and the channel-states are used to predict the received signals. The predictions are then compared to the new measurements to authenticate the received data.
Having an estimate from time t P present, the Kalman filter can be used to predict the system-state at a later time instant t asẑ in which X (t−t P ) Recall that W P and λ P,i are the eigenvector matrix and the i-th eigenvalue of A P , respectively. We assume that measurements from multiple sensors can be received simultaneously. The predictions for the system-stateẑ P (t|t P ) and the channel-stateŝ z C,g (t|t C,g ) at time t can be used to authenticate all packets arriving at that time t. For each packet, we can formulate the two hypotheses We are assuming the packet to be from a legitimate transmitter if the sensor data and the channel measurements are both similar to the predictions. As the two kinds of adversaries, i.e., the adversarial devices located within the environment and the malicious sensors, are assumed to impact only one of the two kinds of measurements, we thereby request both kinds of data individually to be similar to the according predictions. If this is not the case, the received data are assumed to be transmitted from one of the two kinds of adversarial transmitters. This means that, a hypothesis test can be formulated to evaluate the packets by employing (13) and (14) as . (22) Thereby, V P,g and V C,g are positive semi-definite weight matrices, which can be chosen arbitrarily to react on different variances of the variables within the estimation error vector.
Here, η P (t ) and η C (t ) are the threshold values at time t. When the authentication of some data packets is successful, the corresponding packets are used to enhance the system-state estimate as described in (15), (16), and (17).

Remark 1:
If there is only a single sensor, the system-state value will only partially be helpful for authentication. If the only sensor is infiltrated, the attacker can change the transmitted process estimate slowly to remain undetected. In this case, the channel-state measurements can still be used for authentication in the presence of adversarial devices.
In the next section, we will analyze the hypothesis test results and elaborate on the choice of the threshold variables.

IV. THEORETICAL ANALYSIS
In the following, we will analyze the result of the hypothesis test in (22) analytically. Therefore, we will approximate the number of true and false negatives based on two different approximations, which hold for measurement vectors of different sizes. For low-dimensional systems, the results are based on approximating the terms e H P,g (t )V P,g e P,g (t ) and e H C,g (t )V C,g e C,g (t ) as having non-central chi-square distributions. For high-dimensional systems, the same terms are approximated as being Gaussian. Afterward, a third approximation is created, which takes the effects of channel hardening occurring in massive SIMO into account. These results will then be used to engineer the thresholds η P (t ) and η C (t ) for each timestamp, as indicated in Remark 2.
Remark 2: The thresholds η P (t ) and η C (t ) connect the reliability, i.e., the number of true negatives P(t ), and the security, i.e., the number of false negativesP(t ). Hence, a reliability constraint can be converted directly into a level of security for each data packet -while a security constraint can be converted directly into a level of reliability. Alternatively, the thresholds can be chosen such that a function of both probabilities is optimized for each packet. This also allows for designing systems that intelligently apply additional layers of security or reliability only for certain packets.

A. CHI-SQUARE APPROXIMATION FOR SMALL M P AND M C
Some IoT devices and sensors have a low number of antennas and observe only a low number of measurements. For the special case in which e P,g (t ) and e C,g (t ) are scalar, e H P,g (t )V P,g e P,g (t ) and e H C,g (t )V C,g e C,g (t ) are non-central chisquare distributed. This knowledge can be used to create an approximation of the probability of each received packet to remain below the threshold for the case in which M P and M C are low. For the case of a simplified version of (22), the probability is approximated in the following Lemma 1.
Lemma 1: Assuming l ∼ CN (l, L) is an M-dimensional vector with mean l and variance L. Then, the statement l H l ≤ η holds true with probability approximately, where Q M (a, b) is the Marcum Qfunction [29]. Thereby, L is an approximate of the eigenvalues of L, such as in which α is a design parameter.
For this, the cumulative distribution function (CDF) can be written on behalf of the Marcum Q-function, i.e., [30] F Evaluating (26) at x = 2η L , we get (23). The channel measurement and process measurement are independent. Hence, the probabilities with which a legitimate or adversarial packet will be a true or false negatives can be obtained as the product of the probabilities that e H P,g (t )V P,g e P,g (t ) < η P (t ) and e H C,g (t )V C,g e C,g (t ) < η C (t ). Using Lemma 1 and the variables for the adversarial transmitter, the probability of false negatives can be described for each time instant t as where e P,g (t ) = E e P,g (t ) =ỹ P,g (t ) − C P,gẑP (t|t P ) The variables e C,g (t ) andL C are defined similarly. In case of the legitimate transmitter, similar statements can be obtained. In this case, the expected estimation error is zero, i.e., e P,g (t ) = 0. Hence, the Marcum Q-function in (27) involves one parameter which is zero. Therefore, the ratio of true negatives can be simplified by using the lower regularized incomplete gamma function P(·, ·) as where and L C is defined similarly. For a chosen pair of threshold values, (27) and (30) can be used to approximate the probabilities of false and true negatives at each timestamp. To limit the adversary's success probability to a specific tolerated value, the Marcum Q-function can be inverted, which has been studied in [31]. As Q M (x, y) is monotonically decreasing in y and has values in [0,1], (27) is monotonically increasing in η P and η C .
With the malicious sensor node and the adversarial devices positioned in the environment, there are two different kinds of attackers, of which each has an own time-dependent success probabilityP(t ). To indicate that a success rate belongs to any of the two attackers, we add an index (1) or (2) to the corresponding variable. If the target is to limit a tolerated success probability of the adversaries toP for each received packet, the threshold vector η(t ) = (η P (t ), η C (t )) T can be optimized algorithmically. Therefore, an initial η 0 (t ) can be updated iteratively by applying until convergence, where B represents the step width. For the first received packet, η 0 (t ) is chosen arbitrarily. For follow-up packets, η 0 (t ) can be initiated as the result optimized for the previously received packet from the same sensor. Remark 3: In addition to the threshold variables η P (t ) and η C (t ), the weight matrices V P,g and V C,g might also be optimized. When choosing the weight matrices for each received packet such that hold for both kinds of adversaries, the approximations become exact such that the security levelP will be fulfilled exactly. However, this choice is not possible in the general case as each of the two different types of adversaries has an individual set of parameters. Therefore, one option is to adapt V P,g tõ Y P,g (t ) of the malicious sensor nodes and to adapt V C,g to the value ofỸ P,g (t ) of adversarial devices induced into the surrounding.

B. GAUSSIAN APPROXIMATION FOR LARGE M P AND M C
In some wireless sensor networks, the fusion center is connected to a base station, which is supporting massive SIMO techniques. Also, the sensors might measure various information together, as in case of an image sensor. When M P and M C are large, the probability of remaining below the threshold is analyzed for a simplified statement in Lemma 2. Lemma 2: If l ∼ CN (l, L) is a stochastic variable, the value s = l H l can be approximated by the Gaussian of which the mean and covariance matrix are respectively. Hence, the statement s ≤ η holds true with probability The mean and variance of λ are λ = 1 + l 2 and = 2 + which are equal to (34) and (35). Using lemma 2 and (28), we can approximate s P (t ) = e H P,g (t )V P,g e P,g (t ) for the legitimate transmitter as Gaussian with mean and variance s P (t ) = trace V P,g C P,gẐP (t|t )C H P,g + N P , For the adversary, the same expression is distributed as Gaussian with parameters s P (t ) = trace V P,gỸ P (t ) + C P,gẑP (t|t ) −ỹ P,g (t ) H × V P C P,gẑP (t|t ) −ỹ P,g (t ) (42) S P (t ) = trace V P,gỸ P (t ) 2 + 2 C P,gẑP (t|t ) −ỹ P,g (t ) H V P,gỸ P (t )V P,g × C P,gẑP (t|t ) −ỹ P,g (t ) .
Similar expressions can be obtained for the channel-related parameters. Similar to the case of the chi-square approximation, the number of true and false negatives can be obtained for each packet as the product of the probabilities that e H P,g (t )V P,g e P,g (t ) ≤ η P (t ) and e H C,g (t )V C,g e C,g (t ) ≤ η C (t ). The number of true negatives becomes A similar expression holds for the number of false negatives Within this expression, we refer to the first and second part of the product asP P (t ) andP C (t ), respectively. Our target is now to optimize the threshold values to fulfill a certain security constraint in the form of a toleratedP for each received packet. Therefore, we formulate an iterative procedure, for which we additionally add an iteration index n to some of the variables. As there are two types of attackers, i.e., malicious sensor nodes and adversarial devices positioned in the environment, there are two different sets of parameters, and thus also two different values ofP(t ) will be achieved. To indicate that a specific variable belongs to any of the two sets of parameters, we add an index (1) or (2) to the corresponding variables. We start by initializingP (1) C,0 (t ) andP (2) P,0 (t ) to one. Based on these, the threshold values η P (t ) and η C (t ) can be obtained for each received packet iteratively by calculating until convergence. Within each iteration step,P (1) P,n (t ) and P (2) C,n (t ) refer to the first and second part of (45) for the first and second attacker model, respectively.

C. APPROXIMATION FOR ASYMPTOTICALLY LARGE M P AND M C
In massive SIMO systems with fading channels, channel hardening becomes relevant [7]. This means that the stochastic effect of the channel from the sensors to each base station antenna averages out when the number of antennas at the base station becomes large. In the following, we will exploit this effect to obtain additional insights into the system behavior for large resource vectors, i.e., large M P and M C . This means that the entries of the prediction vectorẑ P (t|t P ) obtained by the Kalman filter can themselves be seen as a Gaussian distributed variable. From this, also the entries of the expectation vector e P,g (t ) in (28) become Gaussian distributed. In case of the legitimate transmitter, the mean and the variance are zero due to (28). For the case that the adversarial transmitter is active, u P,g (t ) is zero-mean and all components are linear. Hence, we conclude thatẑ P (t|t P ) is zero-mean. We assume the same holds also true forỹ P,g (t ), as the adversarial measurements are either distributed similarly to the measurements of the legitimate transmitter or the adversary is modifying their measurements in an unbiased way.
To analyze the variance of the mean e C,g (t ) in the case of the adversarial transmission, we need to derive the variances of the Kalman filter estimates, i.e., the variances of the estimates in (11), (13), (16), and (18). Obviously, the constant in (11) has a covariance ofẐ P (t| − 1) = 0. Moreover, the innovation (13) has a variance of E P,g (t ) = C P,gẐP (t|t P )C H P,g + N P .
From this, the variance of the state expectation from the Kalman filter in (16) iŝ This value is further used to obtain the variance of the expectation of the prediction in (18) aŝ Z P (t|t P ) = e A P (t−t P )Ẑ P (t P )e A H P (t−t P ) .
To be able to calculate the variance of the expected innovation, we need to model the dependency of the expectations of the process value from the adversary and the Kalman filter prediction. Therefore, we assume thatỹ P,g (t ) =C P,gẑP (t|t P ), in whichC P,g = 0 if the adversary has zero-knowledge and C P,g = C P,g if the adversary has full knowledge about the measurement from the process system. From this, the entries of the expectation vector are distributed as where E P,g (t ) = C P,g − C P,g Ẑ P (t|t P ) C H P,g − C H P,g .
To analyze the results of the asymptotic case, Lemma 3 is used. (53) Hence, s ≤ η is fulfilled with a probability similar to (36). Proof: As l = l + l and l ∼ CN (0, L), l ∼ CN (0, L + L). For this variable, Lemma 2 holds.
For the adversarial transmitter, this result can be employed to approximates P (t ) = e H P,g (t )V P,g e P,g (t ) as Gaussian distributed, where the mean and the variance arẽ s P (t ) = trace V P,g Ỹ P (t ) + E P,g (t ) (54) When employing these parameters, the probability of false negatives can be obtained by (45). Similarly, the optimal threshold values of each timestamp can be found in (46) and (47). Note that the number of true negatives still equals the result of the previous section. The fact that these expressions only contain the statistical distribution of the estimation error rather than the estimation error itself shows that the temporal dependency of the optimal threshold values reduces with increasing M P and M C .

V. NUMERICAL RESULTS
We consider a system with G sensors, which are scheduled by a round-robin scheduling scheme to transmit their sensor data to the fusion center. Thereby, the g-th sensor is scheduled to transmit measurements at time instants g + nG, in which n ∈ N. While the first G time instants are used for the login phases of the different sensors, the following time instants are used for authentication. Through the numerical results, we are considering two different choices of the weight matrices. First, we select the weight matrices as in the related literature [20], i.e., V P,g = C P,gẐP (t|t P )C H P,g + N P,g V C,g = C C,gẐC,g (t|t C,g )C H C,g + N C,g −1 . (57) Second, we choose the weight matrices proposed in Remark 3.
In the following, we will investigate the impact of the threshold choice on the security and the reliability of a system. Afterward, we will analyze the security and reliability over different channel vector lengths.

A. IMPACT OF THE THRESHOLD CHOICE
The analytical results indicate that the threshold choice has a crucial impact on the reliability and security of the system. To investigate this impact, we simulate a system with G = 3 sensors, which transmit packets over a sequence of 400 time instants. At each time instant, we generate 100 000 possible follow-up packets from each transmitter setting and analyze the averaged behavior over these packets. Afterward, we assume one legitimate packet to be authenticated, before the next packet is received. The considered process system has the following parameters. The system matrix A P = − 0.2 G diag(a P ) is chosen as a 10 × 10-matrix, where the entries of a P are equally distributed on [0. 5,1]. Moreover, the input noise is specified by U P = 0.2 GÜ PÜ H P , in which the entries ofÜ P are distributed equally within [−1, 1]. The output matrices C P,g are matrices of size 4 × 10, whose entries are uniformly distributed within [0,1]. Finally, the covariance matrices of the measurement noise are N P = 0.01N PN H P , in whichN P is distributed similarly toÜ P . For the channel model, we employ the parameters from [14] with M C = 10. Thereby, the system matrix is specified by the M C × M C -matrix A C = a C I, in which a C = − log(2) × 10 −2 /G. The covariance matrix of the input noise is U C = −2a C I, while the output matrices are C C,g = I, which have both the same dimensions as A C . Here, the measurement noise is chosen such that the SNR is 10 dB. In the following, we will analyze the impact of the threshold choice for both weight matrix choices.

1) WEIGHT MATRICES FROM (56) AND (57)
We start by considering the case that the weight matrices from (56) and (57) are employed. In this case, we first simulate for various threshold values of η = η P (t ) = η C (t) the reliability, i.e., the number of true negatives for the legitimate transmitter, and the security, i.e., the number of false negatives for both kinds of attackers. As all G sensors follow a similar behavior, we focus on the first sensor and show the corresponding numerical results in Fig. 3. First, the results show that the equal choice of the two threshold values η P (t ) and η C (t ) has a very different impact on the two kinds of attackers as the parameters of the process system and the channel system differ. Moreover, the results show that for a fixed η, the security level is time-varying. This shows that it is required to choose time-varying threshold values if the security level should be kept constant over time.
Next, we fix the tolerated number of false negatives tõ P = 0.05 and optimize the pairs of threshold values for each time instant. We focus again on the first of the three sensors and show the optimized threshold values in Fig. 4. The results show that the threshold values obtained with the chi-square approximation (with α = 0.5) and the Gaussian approximation show similar temporal behavior. For the two methods, only the amplitudes of the threshold values chosen slightly differ. While the threshold choice of the chi-square and Gaussian approximation show a significant temporal dependency, the temporal dependency of the thresholds obtained with the asymptotic approximation is reduced. Thereby, the optimized threshold values are often below the values obtained with the other methods. Moreover, the asymptotic approximation shows that there is a transient process occurring at the beginning until the system behavior reaches a stabilized functionality. To analyze the quality of the threshold choices, we now simulate the temporal behavior of the numbers of true and false negatives, which can be obtained for the selected threshold choices. Fig. 5 shows that in all cases the numbers of false negatives fluctuate around different constant values. In the simulation considered here, the numbers of false negatives P(t ) of the chi-square approximation match the toleratedP best, but this might vary for differently chosen parameters. However, due to the temporal dependency of η P (t ) and η C (t ), larger fluctuations occur for the simulated number of true negatives (especially in the case of the Gaussian approximation). This means that for a small fraction of the packets, only relatively low reliability can be obtained. For these packets, one option is to introduce additional methods to secure these packets with a higher computational complexity at a cost. However, the results also show that this effect can be limited by using a larger threshold value, such as the one of the chi-square approximation, as long as the security constraint remains fulfilled.

2) WEIGHT MATRICES FROM REMARK 3
We now employ the weight matrices discussed in Remark 3, while the other parts of the setup remain as before. For this case, we first again generate the reliability and security for various threshold values η = η P (t ) = η C (t ), as shown in Fig. 6. The results show that the amplitude of the plot changes, i.e., the value of the optimal η itself will be very different. However, for constant pairs of threshold values, the temporal variations of the security and reliability are similar to the ones in the previous subsection.
We now optimize the threshold values with the three methods to optimally fulfill a tolerated number of false negatives P = 0.05. In Fig. 7, the optimized thresholds with all three optimization methods is considered over time. The results of the asymptotic approximation show that the transient behavior at the beginning occurs only within the threshold values with the weight matrices of (56) and (57). With the matrices of The levels of security and reliability obtained with these threshold values and the weight matrices from Remark 3 can be found in Fig. 8. The results validate that the number of false negativesP(t ) obtained with the chi-square approximation equal almost exactly the toleratedP . For the Gaussian approximation and the asymptotic approximation, the weight matrix choice of Remark 3 leads to an enhanced number of true negatives compared to the weight matrix choice from (56) and (57) within the considered setup. From these results, it remains open for now, how the exact system performance changes over M P and M C . We address this in the next subsection.

B. IMPACT OF M P AND M C
The theoretical analysis has shown that the quality of the approximations depends on the vector lengths M P and M C . To investigate the system behavior over these parameters, we focus on a system with G = 1 sensor, in which only one of the two kinds of measurements is employed for authentication (i.e., by setting M P = 0). We simulate the probability of true and false negatives for the packets received at each   time instant similar to the previous section. The results are then used to empirically calculate the mean and the CDF of these probabilities based on packets received over 400 time instants and 100 transmission sequences. Note that at each time instant, the probabilities are generated numerically by investigating the number of true and false negatives occurring over a constant number of packets. Hence, the simulation introduces a binomial distribution for each received packet, which reduces the steepness of the CDF curves. To limit this effect, we use 100 000 generated follow-up packets for the CDF plots. When calculating the mean of the probabilities, 2000 possible follow-up packets are sufficient.
Thereby, we first focus on the case of the channel with identity-based parameters from [14] as presented above. Fig. 9 shows the mean of the two probabilities over the vector length M C and the CDF ofP(t ) for two values of M C . Thereby, the results of both considered weight matrix choices are identical. In the considered special case of scaled identity matrices, no approximations are involved in the chi-square plots. Consequently, Fig. 9 shows that the chi-square approximation allows an excellent fulfillment of the toleratedP . As the quality of the Gaussian approximation increases over M C , the corresponding expected false alarm rate converges toP for large  M C . Fig. 9(c) and (d) show that both approximations lead to a security level, which is almost constant over time. This means that by using slightly modified values ofP , the tolerated number of false negatives can be fulfilled very well. Similar to the mean, also the CDF of the number of false negatives obtained with the Gaussian approximation converges towards the CDF of the chi-square approximation for large M C . The asymptotic approximation however requires a longer vector length until the CDF convergences.
Nevertheless, the chi-square approximation is not in general exact as the channel parameters might not follow an identity-based structure. Hence, we now consider a system with the parameters A C = a c diag(ä) and U C = −2a C diag(ü). Thereby, the vectorsä andü are M C -dimensional, and their entries are distributed unitary on [0.5,1.5] and [0,2], respectively. The other parameters remain unchanged from the previous simulation. Fig. 10 shows the mean of the probabilities of true and false negatives over M C together with the corresponding CDF. Therein, Fig. 10 shows that the chisquare approximation reaches the toleratedP for M C = 1 with both weight matrix choices. For larger M C and the weight matrix (57), the achieved number of false negatives changes and can be either slightly too large or slightly too small. When the weight matrices proposed in Remark 3 are used, the false negatives obtained with the chi-square approximation reach the toleratedP exactly. Moreover, the number of false negatives obtained with the Gaussian approximation and the asymptotic approximation also move closer toP with this weight matrix choice. Additionally, Fig. 10(c) and (d) show that when selecting the weight matrix (57), the obtained security level has higher variations due to the randomized system parameters and the approximations involved in the plots. The variations decrease over M C for chi-square and Gaussian approximations and the Gaussian approximation achieves an almost constant security level for M C = 100. A further decrease of the variations is obtained with the threshold choice proposed in Remark 3.

VI. CONCLUSION
In this work, we have designed a Kalman-based physical layer authentication framework, which employs channel and process values jointly to provide authenticity. The security and reliability of the framework have been analyzed based on three approximations, which approximate the cases of few antennas and small measurement vectors, massive SIMO, as well as massive SIMO together with channel hardening. The approximations enable the optimization of the threshold values of the hypothesis test for each received packet individually. While a constant threshold choice provides temporal variations in the security level, the numerical results show that only time-varying threshold values lead to a constant security level. As the thresholds connect the levels of security and reliability, this choice might also lead to temporal variations in the reliability level. The numerical results further validate that in the special cases where no approximations are involved, the proposed scheme can guarantee the desired security level. In the general case, the results are good approximates.