The security of communication networks is usually discussed in cryptographic terms, such as asymmetric cryptography and symmetric encryption. However, these cannot easily be applied to the billions of low-cost, limited-capability Internet of Things (IoT) devices coming online. This presents a major security risk, potentially giving malicious actors a back door into our private lives.

Yet every wireless connection – from a baby monitor to a satellite link – fundamentally depends on electromagnetic signals travelling through the physical environment. This ‘physical layer’ of radio frequency (RF) communication is becoming a promising new frontier for providing security across the wireless network.

What is RF physical layer security?

Physical layer security (PLS) describes security protocols applied to the very lowest layer of communications, and which exploit the inherent physical properties of channels. For RF PLS, this means harnessing characteristics such as noise, interference, and channel fading.

Unlike cryptography, which relies on the difficulty of solving a mathematical problem and hiding algorithms, PLS exploits physics – in particular the randomness of the wireless environment and the unique behaviour of real-world hardware.

Every wireless link has its own, location-dependent behaviour. Walls, furniture, other objects, and people moving around all cause signals to reflect, scatter and fade in ways that are unique to the positions of the transmitter and receiver.

Two legitimate devices in fixed positions ‘see’ the same rapidly changing channel between them and can treat it as a shared source of randomness for generating keys or authenticating each other. An eavesdropper in a different place, even a few wavelengths away (over 10 cm for Wi-Fi), experiences a different channel pattern, so cannot easily reproduce the same measurements or derive the same secret information. In this way, the physical environment itself becomes part of the security mechanism.

Why does physical layer security matter now?

Traditional cybersecurity tools have worked reasonably well for laptops, servers, and smartphones. These devices have powerful processors and large memories that can support heavyweight cryptographic algorithms.

The picture is different for the tens of billions of IoT devices now being deployed in homes, factories, cities, and elsewhere. Many of these sensors and embedded devices are:

• extremely low cost,
• battery-powered, with tight energy constraints,
• designed for ‘install and forget’ deployments in unattended environments.

In these settings, strong cryptography can be difficult to deploy or maintain. PLS, on the other hand, can be implemented with lightweight signal processing, can operate continuously, and be applied to legacy devices. Ultimately, PLS is not a replacement for cryptography, but a way to raise the baseline for these vulnerable endpoints – the ‘Achilles heel’ of the network.

HASC leadership

Researchers within the Hub for All Spectrum Connectivity (HASC) are leading the charge in three PLS areas in particular:

1. Physical-layer authentication

Physical-layer authentication uses channel measurements – for example, detailed channel state information – to create an ‘environmental fingerprint’ for a device. If a device suddenly appears with a channel profile that does not match its historical pattern, this could indicate spoofing or impersonation. HASC researchers have developed a practical deep learning-based physical-layer authentication scheme that can cope with mobile, time-varying wireless channels.

By training a neural network on a mix of synthetic and real Wi-Fi channel data, they reduced the amount of field measurements needed while still learning to distinguish between genuine devices and impostors. This shows that channel-based authentication can remain reliable even when users and devices are moving.

2. Wireless key generation

In wireless key generation, two legitimate devices observe their shared channel and run signal-processing algorithms to extract a shared secret key from the common randomness in the channel. Because an eavesdropper does not see the same channel, they cannot easily derive the same key.

Much early work in this area has been based on a single link between a pair of users. However, in real IoT networks, a central node typically interacts with many devices. HASC researchers have addressed this challenge by designing an efficient multi-user key generation protocol based on Wi-Fi 6 orthogonal frequency-division multiple access (OFDMA), which allows a central node to split the spectrum into many subchannels and talk to multiple users at the same time. The protocol uses OFDMA capability so that the access point can probe and harvest randomness from several user channels in parallel.

HASC researchers have also conducted extensive experimental work on key generation for Wi-Fi and long-range IoT technologies, opening up additional security options for future multi-technology 6G systems.

3. Radio frequency fingerprinting (RFF)

Every RF transmitter, even when manufactured to the same specifications, has subtle hardware imperfections in its amplifiers, oscillators, mixers, and other components. These imperfections imprint a unique, repeatable signature on the transmitted waveform.

Machine learning-based RF fingerprint identification (RFFI) can learn and recognise these signatures, enabling device-level authentication at the physical layer. Deep learning models, originally developed for image and speech recognition, are particularly well-suited to learning these patterns and classifying multiple signals.

HASC researchers have carried out comprehensive studies on exploring how RF fingerprinting could add an additional layer of security to networks the moment a device starts transmit information, without relying solely on user credentials. Their work ranges from LoRa, Wi-Fi, Bluetooth low energy to LTE.

HASC researchers at the University of Liverpool, Heriot-Watt University, and Queen’s University Belfast have demonstrated real-time RF fingerprinting using off-the-shelf Wi-Fi USB dongles, identifying which of multiple dongles sent a given packet based purely on their RF ‘fingerprints.’

Another HASC research focus is developing methods to ensure that RFF is applicable in the real world, and not just controlled, laboratory settings. For instance, a recent HASC study showed that advanced AI models, such as denoise diffusion models, can first suppress channel noise and effectively ‘amplify’ unique RF fingerprints, making them detectable and reliable even in noisy, real-world wireless environments.

Challenges and open questions

PLS could play a key role in supporting the UK Government’s Secure by Design agenda, and recently-introduced laws that require device manufacturers to implement minimum security standards.

But despite the rapid progress in PLS research, several challenges need to be addressed before this can become routine in commercial products:

• Standardisation and integration: PLS techniques are not yet widely embedded in mainstream standards. Integrating them without disrupting existing communication systems is a major research and engineering challenge.
• Scalability: Many experimental studies focus on tens of devices, but real deployments may involve thousands or millions of devices. Ensuring that key generation, authentication, and RF fingerprinting scale robustly remains an open question – one that requires more realistic testbeds and larger trials to answer.
• Access to physical-layer data: Techniques like channel-based authentication often require detailed channel state information that is not typically exposed by commercial RF chipsets. Closer collaboration with chipset vendors and equipment manufacturers will be important to unlock these capabilities at scale.
• All-spectrum connectivity: As we move towards a vision of multi-tech networks spanning RF, millimetre-wave, terahertz and optical links, this will create new opportunities to harness the diversity of channels for security – but also new opportunities for attack that need to be understood and managed.

PLS will never replace cryptography, but it offers a promising pathway to making wireless systems more resilient, adaptable, and trustworthy. By leveraging the underlying physics of the radio environment, HASC research is helping to make future networks inherently more secure from the moment a device connects.