The standard technique for employing the physical layer to detect a spoofing attack is to construct a hypothesis test that tests some characteristic(s) of the received signal against the recent history of received symbols. Using a likelihood ratio test, the problem is transformed into a simple comparison of a test statistic with a suitably tuned threshold. However, the appraoch suffers from poor ROC performance – that is, it results in high false alarm probabilities for required detection probabilities, especially if the transmitter is mobile.
Intuitively, this problem arises because we have only one symbol to base the decision on – the most recent one. If instead, we were able to tolerate a delay, by creating an out-going queue of received messages, the amount of information available to make the decision could be increased. This would help lower the false alarm rate for any given detection rate.
Allowing a delay before declaring an authentication failure has another advantage to declaration based on a single bad received symbol. The latter approach allows Eve to continue masquerading as the legitimate transmitter in the event of a miss detection. This is because the test statistic is based only on the most recent received symbol [See Xiao et al.] so a single miss detection ensure that Eve goes undetected.
