Wi-Fi 6 connection establishment is vulnerable to relay and impersonation attacks, and existing security mechanisms lack real-time defense capability. To address this, we propose a lightweight physical-layer authentication mechanism embedding fragmented digital signatures within the PHY preamble. Operating within the IEEE 802.11ax framework, it embeds time-constrained signatures directly into the preamble—requiring no frame extension and bypassing MAC-layer parsing—thus achieving zero overhead and full backward compatibility. We introduce the first AP identity verification scheme based on PHY header pattern consistency, enabling concurrent authentication of multiple clients. Through formal security proofs and empirical evaluation on a USRP-based testbed, our approach achieves 96–100% relay attack detection rates and 100% identity recognition accuracy.

Wireless local area networks remain vulnerable to attacks initiated during the connection establishment (CE) phase. Current Wi-Fi security protocols fail to fully mitigate attacks like man-in-the-middle, preamble spoofing, and relaying. To fortify the CE phase, in this paper we design a backward-compatible scheme using a digital signature interwoven into the preambles at the physical (PHY) layer with time constraints to effectively counter those attacks. This approach slices a MAC-layer signature and embeds the slices within CE frame preambles without extending frame size, allowing one or multiple stations to concurrently verify their respective APs' transmissions. The concurrent CEs are supported by enabling the stations to analyze the consistent patterns of PHY-layer headers and identify whether the received frames are the anticipated ones from the expected APs, achieving 100% accuracy without needing to examine their MAC-layer headers. Additionally, we design and implement a fast relay attack to challenge our proposed defense and determine its effectiveness. We extend existing open-source tools to support IEEE 802.11ax to evaluate the effectiveness and practicality of our proposed scheme in a testbed consisting of USRPs, commercial APs, and Wi-Fi devices, and we show that our relay attack detection achieves 96-100% true positive rates. Finally, end-to-end formal security analyses confirm the security and correctness of the proposed solution.