Physical-layer authentication is a popular alternative to the conventional key-based authentication for internet of things (IoT) devices due to their limited computational capacity and battery power. However, this approach has limitations due to poor robustness under channel fluctuations, reconciliation overhead, and no clear safeguard distance to ensure the secrecy of the generated authentication keys. In this regard, we propose a novel, secure, and lightweight continuous authentication scheme for IoT device authentication. Our scheme utilizes the inherent properties of the IoT devices transmission model as its source for seed generation and device authentication. Specifically, our proposed scheme provides continuous authentication by checking the access time slots and spreading sequences of the IoT devices instead of repeatedly generating and verifying shared keys. Due to this, access to a coherent key is not required in our proposed scheme, resulting in the concealment of the seed information from attackers. Our proposed authentication scheme for IoT devices demonstrates improved performance compared to the benchmark schemes relying on physical-channel. Our empirical results find a near threefold decrease in misdetection rate of illegitimate devices and close to zero false alarm rate in various system settings with varied numbers of active devices up to 200 and signal-to-noise ratio from 0 dB to 30 dB. Our proposed authentication scheme also has a lower computational complexity of at least half the computational cost of the benchmark schemes based on support vector machine and binary hypothesis testing in our studies. This further corroborates the practicality of our scheme for IoT deployments.

翻译：物理层认证是物联网设备因计算能力和电池容量受限而采用的、替代传统基于密钥认证的常用方案。然而，该方法存在鲁棒性差（易受信道波动影响）、协调开销大以及缺乏明确安全距离来保证生成认证密钥机密性等局限性。为此，我们提出了一种新颖、安全且轻量的连续认证方案，用于物联网设备认证。该方案利用物联网设备传输模型的固有属性作为种子生成和设备认证的源。具体而言，所提方案通过检查物联网设备的接入时隙和扩频序列实现连续认证，无需重复生成和验证共享密钥。因此，该方案无需获取一致密钥，从而有效隐藏了种子信息，使其免受攻击者窃取。与依赖物理信道的基准方案相比，我们提出的物联网设备认证方案性能更优。实验结果表明，在活跃设备数量高达200台、信噪比从0 dB到30 dB的多系统设置下，非法设备的漏检率降低近三倍，虚警率趋近于零。此外，该认证方案的计算复杂度至少是研究中基于支持向量机和二元假设检验的基准方案的一半。这进一步验证了该方案在物联网部署中的实用性。