Utilizing Multi-Dimensional MmWave MIMO Channel Features for Location Verification

In this paper, we address the problem of authenticating transmitters in millimeter-wave (mmWave) multiple-input multiple-output (MIMO) communication systems, and propose a location verification scheme based on multi-dimensional mmWave MIMO channel features. In particular, we first examine the mmWave MIMO channel features in terms of azimuth angle of arrival (AAoA), elevation angle of arrival (EAoA), and path gain, and then extract these fine-grained channel features through the maximum-likelihood (ML) estimation method. Based on the extracted feature parameters, authentication validation is cast in the framework of hypothesis testing theory. We also derive the analytical expressions for the typical false alarm and detection rates by using the likelihood ratio test and thus the statistical performance is analytically established. Finally, extensive numerical results are provided to demonstrate the performance of the proposed authentication scheme.


Introduction
Millimeter-wave (mmWave) multiple-input multiple-output (MIMO) systems serve as a critical technique for 5G (fifth-generation communication) and beyond wireless communication networks. The mmWave MIMO technique can lead to a significant increase in data rates, wide bandwidth, and higher spectrum efficiency. By integrating huge antenna arrays, 5G and beyond communication systems operating from 30 to 300 GHz can support huge connections among a bulk of smart devices, contributing to various applications such as the Industrial Internet of Things (IIoT) and the Internet of Vehicles (IoV).
However, mmWave MIMO communication systems may become subject to malicious attacks because of the above important applications they can support. Moreover, the mmWave wireless communication medium is open in space and thus attackers can easily access the communication network and obtain the transferred information between legitimate users and base stations. One of the main threats in mmWave MIMO systems is identitybased spoofing attack, where an attacker eavesdrops the legitimate communication links and further impersonates a legitimate transmitter to inject harmful signals into the communication network. To tackle the spoofing attacks in mmWave systems, identity authentication presents a promising solution to secure mmWave MIMO communication systems.
We note that the existing authentication schemes can be roughly divided into higher layer and physical layer authentication schemes. The higher layer authentication schemes are mainly dependent on secret keys and encryption/decryption algorithms to validate transmitter identities [1][2][3]. Meanwhile, the physical layer authentication schemes verify transmitter identities through physical layer features [4]. It is noted that the higher layer authentication may not completely adapt to the emerging mmWave MIMO systems which include distributed, dynamic and highly heterogeneous devices. Such mmWave MIMO systems may not support the cryptographic key distribution and management, high consumption of communication and computation resources in higher layer authentication schemes. As a complement and an enhancement of the higher layer authentication, physical layer authentication possesses several characteristics such as high security, low complexity and high compatibility [5]. Thus, in this paper we focus on physical layer authentication in mmWave MIMO systems.
Existing physical layer authentication schemes mainly include channel-based authentication and hardware-impairment-based authentication. The hardware-impairment-based method authenticates the legitimacy of a transmitter identity by extracting specific nonideal hardware parameters from received signals. In contrast, channel-based authentication utilizes the fact that wireless channels decorrelate rapidly as the source (e.g., a transmitter or user using transmitter is transmitting signals to an intended destination/receiver) changes location in an environment with rich scatterers and reflectors. In fact, channel-based authentication verifies the location of the current transmitter rather than transmitter physics identity, and hence is referred to as location verification. There exists some research works on physical layer authentication for mmWave systems [6][7][8][9][10][11][12][13][14][15]. In [6], the authors propose a physical layer authentication scheme by using sparse mmWave channel. A power allocation technique for the precoder and the authentication tag is first developed for fingerprintbased authentication in a multi-user mmWave UAV network [7]. Multipath time delay caused by planar specular reflectors is acquired to illustrate the authenticity of user position 5G mmWave communication with planar reflectors [8]. The intrinsic physical attributes for 5G communications are analyzed for physical layer authentication in detail and the future possible directions for the exploitation of physical attributes is demonstrated in [9]. The authors in [10] further study the physical characteristics of 5G IoT in various application scenarios and describe the possible security threats resulting from the 5G IoT physical layer. Based on virtual angles of arrival in mmWave systems and machine learning methods, the authors in [11] propose a physical layer authentication scheme to detection spoofing attacks. Two effective pilot contamination attack detection approaches are proposed for power non-orthogonal multiple access in massive MIMO 5G communications, based on the sparseness and statistics of mmWave virtual channels [12]. Following this line, the authors in [13] present a new physical layer countermeasure using channel virtual representation to defend against pilot contamination attack. In [14], unique beam pattern features are utilized to achieve physical layer spoofing attack detection and the detection problem is cast as a machine learning classification through the sector level sweep (SLS) process. The authors in [15] develop a physical layer authentication scheme by using signal-to-noise ratio (SNR) trace features to detect spoofing attacks in mmWave systems.
Frequency-selective Rayleigh channel time variations are used to detect spoofing attacks in wireless networks, considering the channel estimation errors [16]. To improve the spoofing detection accuracy, a logistic regression-based authentication approach is developed without the requirements of the known channel model [17]. The authors jointly use multipath delay and channel gain characteristics of the channel impulse response to achieve performance improvement of physical layer authentication [18]. The above existing approaches demonstrate the uniqueness and usability of physical layer features for spoofing attack detection and authentication. It is noted that the above existing approaches are developed for spoofing detection by conventional channel state information. These approaches cannot be extended directly to mmWave MIMO communication systems because it is difficult for them to sufficiently excavate fine-grained physical layer characteristics from mmWave MIMO channels. Hardware-impairment-based authentication generally needs to employ high-precision hardware equipment for hardware feature extraction and bears high computational complexity [14,15]. Moreover, machine-learning-based authentication framework requires an expensive training stage with a large amount of training data, which might be unrealistic in practice. In addition, the analytic establishment of statistical performances still remains an open problem in machine-learning-based authentication frameworks. To this end, we explore the exploitation of multi-dimensional mmWave MIMO channel features to design a new location verification scheme for mmWave MIMO communication systems. These channel features include azimuth angle of arrival (AAoA), elevation angle of arrival (EAoA) and path gain, which are jointly used to validate the legitimacy of transmitters and to improve the authentication performance. The main difference between the schemes proposed in this paper and those in previous works [16][17][18] is that the previous approaches mainly focus on channel statistics in the time domain while this paper extracts channel features in the time domain as well as the angle domain. In addition, the scheme proposed in this paper attempts to explore the exploitation of multi-dimensional mmWave MIMO channel features to achieve location verification.
The main contributions of this paper are summarized as follows: • By exploiting multi-dimensional mmWave MIMO channel features in both the time domain and angle domain, we develop a new location verification scheme to achieve validation of a transmitter location for mmWave MIMO communication systems. • To determine estimation error variances of channel features in terms of AAoA, EAoA, and path gain, we estimate the mmWave MIMO channels based on maximumlikelihood estimation theory. To analytically evaluate the performance of our proposed location verification scheme, we derive the typical two performance metrics and the statistical performance is analytically established. • Extensive numerical results are provided to demonstrate that the proposed scheme achieves desired performance. Numerical results are used to further show how the system parameters can affect the statistical performance.
The remainder of this paper is organized as follows. Section 2 introduces the concerned system model and problem formulation. Sections 3 and 4 present the proposed location verification scheme and performance analysis, respectively. Section 5 shows the numerical results and performance evaluation. Finally, Section 6 concludes this paper.
Notation: (·) H , (·) T , (·) * , (·) −1 , (·) † denote the conjugate-transpose, transpose, conjugate, inverse and pseudo-inverse of a matrix, respectively. The (m, n)-th element of a matrix H is H m,n . diag(a 1 , ..., a N ) is a diagonal matrix with a 1 , ..., a N on the main diagonal. vec(H) is the vectorization of matrix H. tr(·) and represent the matrix trace function and definitions, respectively. E{·} represents the expectation operator. || · || 2 is the Euclidean norm operator. A Gaussian random variable x with mean µ and variance c can be represented by x ∼ N (µ, c). If let X be the subspace spanned by the columns of matrix X, then P X denotes the orthogonal projection matrix onto X , that is, P X = X(X H X) −1 X H .

Problem Formulation
Similar to previous works [16][17][18], we also use a three-entity model including a legitimate transmitter (Alice), a malicious attacker (Eve) and a legitimate base station (Bob), where Alice and Eve are both equipped with a single antenna and Bob is equipped with N r antennas, as shown in Figure 1. Eve intends to spoof Bob by using the identity of Alice and thus may launch some more advanced attacks, such as a man-in-the-middle attack and session hijacking attack while Alice communicates with Bob. Suppose Alice transmits one data frame to Bob at time t − 1 and this data frame was validated by cryptography-based higher layer authentication approaches. In this process, Bob measures and stores physical layer features information, e.g., mmWave MIMO channel features, with the help of signal estimation techniques. Subsequently, at time t, an unknown transmitter (either Alice or Eve) sends another data frame to Bob and Bob needs to validate the data frame origin (i.e., the current transmitter identity) to avoid impersonation attack.
Eve has data frame structure information by probing the transmitted signals between Alice and Bob and some publicly known information (e.g., training sequences and pilot signals). The estimation techniques and authentication schemes that Bob utilizes cannot be known by the attacker, Eve. Further, we exploit the carrier sense multiple access/collision detection protocol.

Channel Model
Bob has a N r -antenna uniform planar array (UPA) where the numbers of antennas in the horizon and vertical directions are M and N, respectively, where N r = MN. The number of radio frequency chains of Bob is M RF [19]. Let d be the distance between any arbitrary two adjacent antennas, and G RF be the analog beamformer equipped at Bob. Considering the limited scattering characteristics of the mmWave communication environments, we here adopt the extended Saleh-Valenzuela (SV) model to characterize the mmWave MIMO channels [20,21]. Denote φ l as the azimuth angle of arrival (AAoA) of the l-th propagation multipath of the transmitter and θ l as the elevation angle of arrival (EAoA) of that, for l = 1, 2, · · · , L, respectively. We assume where λ is the wavelength of the carrier signal [22]. For simplicity, let v 1,l = 2πd λ cos φ l and v 2,l = 2πd λ sin φ l cos θ l . The steering matrix A(φ l , θ l ) can be further written as where [23], the mmWave channel with L being the number of propagation paths is modeled as where is the path gain of the l-th propagation path [22,24,25].
Path gain is assumed to keep unchanged during one frame [26]. Based on [27], we use first-oder Gauss-Markov process to model the time-varying path gain as where ρ α is the path gain correlation coefficient [28] and u α l (t) is zero-mean Gaussian noise, i.e., u α l (t) ∼ CN (0, σ 2 α l,XB ). Similarly, we use first-order Gauss-Markov process to model the time-varying azimuth angle of arrival as where ρ φ is the AAoA correlation coefficient [28] and u φ l (t) is zero-mean Gaussian noise, i.e., u φ l (t) ∼ N (0, σ 2 φ l,XB ). We also use first-order Gauss-Markov process to model the time-varying elevation angle of arrival as where ρ θ is the EAoA correlation coefficient [28] and u θ l (t) is zero-mean Gaussian noise, i.e., u θ l (t) ∼ N (0, σ 2 θ l,XB ). Channel-based verification utilizes the fact that wireless channels decorrelate rapidly as the source (e.g., a transmitter or user using transmitter is transmitting signals to an intended destination/receiver) changes location in an environment with rich scatterers and reflectors. This indicates that wireless channel features are spatially decorrelated between different geographic locations. When the distance between a legitimate source and an adversary is greater than half of the wavelength, it is extremely difficult for the adversary to obtain the accurate wireless channel features. Although the channel-based method essentially authenticates the practical geographic location related to the inherent properties of channel features, it is an effective authentication to achieve legitimacy validation of the source identity. Therefore, this paper aims to design a new location verification scheme for validating data frame origin to resist against the impersonation attack.

Communication Model
The baseband signal received by Bob at time t is written as where • s(t) is the transmitted signal at time t. The signal power is p = E{|s(t)| 2 }. • H XB (t) denotes the channel matrix between transmitter X (either Alice or Eve) and receiver Bob. • n(t) is a zero-mean complex additive white Gaussian noise (AWGN), i.e., n(t) ∼ CN (0, σ 2 n I).

Estimation of MmWave Channels
To exploit the fine-grained mmWave channel features, we estimate the channel parameters separately. We first estimate AAoA and EAoA, and then estimate the mmWave path gain. We can write the estimations of φ l,XB (t), θ l,XB (t) and α l,XB (t), respectively, aŝ where ∆φ ∼ N (0, σ 2 ∆φ ), ∆θ ∼ N (0, σ 2 ∆θ ) and ∆α ∼ CN (0, σ 2 ∆α ) are the corresponding estimation errors, respectively. Next, we calculate the variances of the estimation errors, i.e., σ 2 ∆φ , σ 2 ∆θ and σ 2 ∆α . For notational simplicity, here we ignore the time index t and the path index l. The signal received by Bob at time t is given by where A is the M × N steering matrix with its (m, n)-th element given by The conditional PDF of r is expressed by The maximum-likelihood (ML) method in [29] is used to estimate mmWave channel features v 1 , v 2 , and α. The estimation of these features can be expressed as Based on (14) and (15), we can equivalently write (15) as When giving v 1 and v 2 , the estimation of α is calculated aŝ Substituting (17) into (16), the estimations of v 1 and v 2 is written as where g(v 1 , v 2 ) is the cost function related to v 1 and v 2 , σ 2 s = s * s is the signal power and Next, we give Lemma 1 regarding the variance of the estimations for v 1 and v 2 .
where P ⊥ b = I − P b . V 1 and V 2 are the diagonal matrices given by Proof. The received signal without noise can be written as When considering the receiver noise, the received signal can be further written as r = r s + n. By using Taylor series expansion, the first derivative of the cost function g(v 1 , v 2 ) is given by where ∆v k =v k − v k denotes perturbation on v k . Setting (23) equal to zero, ∆v k is given by whereġ(v 1 , v 2 |v k ) andg(v 1 , v 2 |v k ) are the first-and second-order derivatives of the cost By substituting (22) into (25) Due to the independence between n and r s , we have The second-order conditional derivativeg(v 1 , v 2 |v k ) with respect to v k is written as Similarly, E{g(v 1 , v 2 |v k )} is calculated as Based on (28) and (29),g(v 1 , v 2 |v k ) is further written as where f 2 (n) and f 2 (n 2 ) represent the linear and quadrature functions of n ing(v 1 , v 2 |v k ), respectively.ġ(v 1 , v 2 |v k ) can be written aṡ where f 1 (n) and f 1 (n 2 ) are the linear and quadrature functions of n inġ(v 1 , v 2 |v k ), respectively.
Based on (19), the statistical characteristics of the estimation error of the mmWave path gain is calculated as

Location Validation
The location validation is implemented by comparing the similarity between the current channel parameters and the previous ones with preset thresholds, based on a binary hypothesis test. If we denote the difference between the current channel parameters (i.e., φ, α, θ) at successive time as Θ ζ for ζ ∈ {φ, α, θ}, then we have Let η φ , η θ and η α be preset thresholds for AAoA, EAoA and path gain, respectively. Next, we design a simple binary hypothesis testing for location validation as Under H 0 , the current transmitter is Alice. In contrast, H 1 means that the current transmitter is Eve.
The fundamental principle for the proposed scheme in this paper is that location validation decision is implemented by comparing the similarities between current estimated channel features at time t and previous ones at time t − 1 with the corresponding preset thresholds, based on the framework of hypothesis testing theory. Channel statistics and the temporal values for AAoA, EAoA and path gain at time t − 1, and correlation coefficients can be modeled as side information that is known at both the transmitter (Alice) and the legitimate receiver (Bob), but not the adversary (Eve). The legitimate transmitter (Alice) and intended legitimate receiver (Bob) cooperate to secure communication transmission by means of the knowledge of this side information; this is beneficial for both partners. It should be stressed that the validation and efficiency of this idea were already studied from an information-theoretical point-of-view in [30], and the work [30] also provided the right guidance to the appropriate code design in practice.

Performance Analysis
In this section, we focus on the modeling of false alarm rate (denoted by P f ) and detection rate (denoted by P d ). To facilitate the calculation of the two probabilities, we denote P Θ ζ ,H i the probability of (Θ ζ > η ζ ) under H i for i = 1, 2 and ζ ∈ {φ, α, θ}, and we consider σ 2 ζ l,AB = σ 2 ζ AB , and σ 2 ζ l,EB = σ 2 ζ EB . Based on authentication decision in (45), we establish the following lemmas regarding the probability P Θ ζ ,H i .

Lemma 2.
Based on (44) and (45), P Θ φ ,H 0 is expressed by where Proof. To calculate the probability distribution of Θ φ in (44), we define Λφ as Under H 0 , by substituting (9) into (47), Λφ H 0 is obtained as One can see that Λφ H 0 is a zero-mean Gaussian distribution with variance Therefore, Θ φ under H 0 is a central chi-square distribution random variable and the PDF of Θ φ under H 0 is then written as where Γ(·) is a Gamma function. The CDF of Θ φ under H 0 is written as (50) Accordingly, P Θ φ ,H 0 is written as Similarly, based on (47), we derive Λφ H 1 under hypothesis H 1 as Because φ l,EB (t), ∆φ l (t), φ l,AB (t − 1) and ∆φ l (t − 1) are independent zero-mean Gaussian random variables with variances σ 2 φ l,EB , σ 2 ∆ φ , σ 2 φ l,AB and σ 2 ∆ φ , respectively, and then the PDF of Θ φ under H 1 is written as where Then, the CDF of Θ φ under H 1 is written as According to (54), P Θ φ ,H 1 is written as (55) Lemma 3. Using (45), P Θ θ ,H i (i = 1, 2) is evaluated as where Lemma 4. Using (45), P Θ α ,H i (i = 1, 2) is evaluated as where Based on the above lemmas, we can establish the following theorem regarding the closed expressions of P f and P d . Figure 1, P f and P d of the proposed authentication scheme are determined, respectively, as

Theorem 1. For the mmWave MIMO communication model shown in
Suppose that Bob has no knowledge of the channel parameters from data frame at time t such asζ l,AB (t − 1) and ρ ζ for ζ ∈ {φ, α, θ}, l = 1, ..., L. In this case Θ ζ becomes Following similar steps for the derivation of P Θ ζ ,H i , we can obtain P u Θ ζ ,H i with u being without the knowledge of channel parameters at time t − 1, and then we have where In this case, P u f and P u d of the proposed authentication scheme are determined, respectively, as Suppose that legitimate Alice and adversary Eve transmit signals to Bob with equal probability. We use P s to denote the secrecy rate improvement afforded by the knowledge of data frame at time t − 1 for both legitimate transmitter and receiver, relative to the case in which the knowledge is not used. Then, P s can be calculated as

System Parameters and Simulation Settings
Let signal-to-noise ratio (SNR) denote as SNR = p to denote the ratio of Eve's and Alice's path gain variances. We set the number of the receiver antennas as N r = M × N. In the simulations, the first frame is validated based on a higher layer verification scheme and the second frame is validated by using the proposed location verification scheme.

Impact of SNR on the Verification Performance
We plot in Figure 2 ROC (receiver operating characteristic, ROC) variations under the settings of (N r = 128, L = 20, k φ = 2 dB, k θ = 2 dB, k α = 2 dB) at different SNRs. From Figure 2, we can see that the authentication performance (P f and P d ) under SNR = 5 dB outperforms that of the others and the performance for SNR = −5 dB is poorest. This indicates that the SNRs have severe impacts on the authentication performance. One can improve the authentication performance by setting a higher SNR. However, the SNR level usually has a limit due to the practical conditions. In many practical environments, P f < 0.1 and P d > 0.9 are usually a required constraint pair to satisfy the requirements of a practical authentication system. As shown in Figure 2, the authentication performance (P f and P d ) for SNR = 0 dB and SNR = 5 dB can satisfy the practical requirements and the performance at SNR = 5 dB is best. From Figure 2, we also can see that when P f is fixed, P d increases when SNR increases. This means that a higher SNR can lead to a better authentication performance.

Impact of the Number of Antennas on the Authentication Performance
We show in Figure 3 the ROC results under different receiver antenna numbers with the settings of (SNR = 10 dB, L = 20, k φ = 2 dB, k θ = 2 dB, k α = 2 dB). From Figure 3, we can see that the authentication performance (P f , P d ) under 64 receiver antennas outperforms that of the others, and the performance under 16 receiver antennas is poorest. This is because multiple antennas can improve feature dimensions and further improve the authentication performance. When P f is fixed, P d increases when the number of receiver antennas increases. Moreover, the authentication performance (P f , P d ) under 64 receiver antennas can satisfy the practical authentication requirements.

Impact of the Number of Multipaths on the Authentication Performance
We show in Figure 4 the ROC curves under different numbers of multipaths with the settings of (SNR = 10 dB, N r = 64, k φ = 2 dB, k θ = 2 dB, k α = 2 dB). From Figure 4, we can see that the authentication performance (P f , P d ) under L = 15 multipaths outperforms that of the others, and the performance under L = 5 multipaths is poorest. This means that more multipaths can contribute to the authentication performance. We can also see that when P f is fixed, P d increases when the number of multipaths increases.

Impact of k α on the Authentication Performance
To investigate the impact of the distance between Eve-Bob and Alive-Bob on performance, we need to characterize σ 2 α l,XB being the variance of the path gain of the l-th propagation path from the transmitter X to Bob. According to [31], baseband path gain α l,XB is written as α l,XB = β l,XB exp(− j2π f c d l,XB c ), where β l,XB is the attenuation coefficient of l-th propagation path and f c is carrier frequency. According to the Central Limit Theorem, the path gain can be modeled as a zero-mean complex circular symmetric Gaussian process and for large-scale fading channels, σ 2 α l,XB can be modeled by applying ( [32], Chapter 2), as where K is a reference path gain value; d 0 is a reference distance for antenna far-field; ς is a path loss exponent ranging between 2 and 5 in free space propagation wireless environments; and Ω is a shadowing factor modeled as a log-normal random variable. Because the distance between the transmitter and receiver is much larger than antenna separation, we can use the approximation d l,XB ≈ · · · ≈ d L,XB = d XB for X = {A, E}. From (67), we have σ 2 α 1,XB ≈ · · · ≈ σ 2 α L,XB = σ 2 α XB . Both Alice and Eve are assumed to be randomly deployed at arbitrary locations in a circular area centered on Bob, and there is no shadow fading in that area. By using (67), k α by dB value without shadow fading is given We make an assumption (without loss of generality) that Alice is in a fixed location, i.e., d AB is a constant and we adjust the distance between Eve and Bob d EB to obtain different k α .
We show in Figure 5 how P d varies with k α under different P f s and with the settings of (SNR = 10 dB, N r = 128, L = 25, k φ = 2 dB, k θ = 2 dB). From Figure 5, P d increases when k α increases for a given P f . This clearly indicates that if Eve is closer to Bob, she might be successfully detected by Bob, and Eve might select an appropriate location in which she has a high probability of succesfully impersonating Alice. In addition, the authentication performance under P f = 0.08 outperforms that of the others, and the performance under P f = 0.02 is poorest. This is because a lower P f value means a stricter performance requirement and there would be a trade-off between P d and P f . We can also see from Figure 5 that when k α is fixed, P d increases when P f increases.  Figure 6 displays a performance comparison between the authentication scheme proposed in [16] and our scheme. From Figure 6, we can see that the performance (P f , P d ) of our scheme jointly using AAoA, EAoA and path gain outperforms that of the scheme only using path gain [16]. This is because the scheme in [16] uses coarse-grained channel information while our scheme uses multi-dimensional mmWave MIMO channel features (i.e., AAoA, EAoA and path gain) to effectively utilize the fine-grained channel information. It is also noted that when P f increases, the detection rates of both schemes increase. Moreover, the authentication performance (P f , P d ) of our scheme can better satisfy the practical authentication requirements. This is beneficial for exploiting both the AAoA and EAoA features, and allows us to gain important insights on the impacts of angle domain features on authentication performance. The scheme using channel gain Our scheme Figure 6. Performance comparison between the scheme in [16] and our scheme with the settings of (SNR = 5 dB, N r = 128, L = 20, k φ = 2 dB, k θ = 2 dB, k α = 2 dB).

Impact of ρ α on the Authentication Performance
We show in Figure 7 ROC variations under the settings of (SNR = 10 dB, N r = 128, L = 20, k φ = 2 dB, k θ = 2 dB, k α = 2 dB) at different correlation coefficients of path gain. From Figure 7, we can see that the authentication performance (P f , P d ) under ρ α = 0.9 outperforms that of the others, and the performance under ρ α = 0.7 is the poorest. This is because a larger ρ α means that the communication entities move slower. When P f is fixed, P d increases when ρ α increases. Moreover, the authentication performance (P f , P d ) under ρ α = 0.9 can satisfy the practical authentication requirements.

Conclusions
By utilizing multi-dimensional mmWave MIMO channel features, this paper developed a location verification scheme for mmWave MIMO communication systems. Furthermore, we modeled the three-dimensional mmWave channel features (i.e., AAoA, EAoA and path gain) and extracted these feature parameters through maximum-likelihood estimator. We also derived the analytical expressions for the typical performance metrics. Numerical results indicate that the proposed authentication scheme can benefit from using multi-dimensional mmWave channel features. The results in this paper reveal that the proposed scheme is general in nature and can be applied to more communication systems, and we expect the methodology developed in this paper to be valuable for devising new physical layer authentication schemes in other network scenarios.