Securing the Insecure: A First-Line-of-Defense for Nanoscale Communication Systems Operating in THz Band

The recent developments in the nano fabrication technologies has led to an increased interest in the design of nanoscale communication systems where small devices (of size few nm) that are few millimeter apart from each other communicate to each other [1]. Due to their small size, the existing frameworks, techniques and methods proposed for communication networks such as Wifi, 4G etc. are not suitable for exchanging information amongst the nano devices [2]. For instance, nano devices are unable to operate at microwave bands due to their small size. They will require molecular communication and Terahertz (THz) band for operation [2]. Additionally, in IoT devices, due to small energy sources, the computational processing capability is limited. Therefore, it is necessary to meet the requirements for new protocols of nano devices at all layers of protocol stack. Operating in the THz band (0.1 - 10 THz) is a promising solution at the physical layer (PL) [3] which makes the antenna size very small and thus suitable for exchanging information between nano devices. Potential applications of nanoscale communication in THz band include environmental monitoring, precision agriculture, smart health care and to name a few[4].

Like other communication networks the nanoscale communication networks are also prone to a wide range of active and passive attacks by adversaries[5]. Some of the common attacks include eavesdropping, impersonation, Denial of Services (DoS) etc. Here we investigate an impersonation attack in nanoscale communication networks. Figure 1 shows an illustration of a scenario of impersonation attack on a smart healthcare system. The nano nodes are deployed inside or on the body of a person for diseases diagnostics or to remotely monitor their health parameters. These nano devices are connected to a nano router which communicates the data to an outdoor network via a nano to micro interface. Assuming, an enemy of the person, secretly deployed its own nano nodes nearby with the aim of impersonating person’s legal nodes to report false measurements to the remote monitoring system, an incorrect response through nano machines or nearby doctors could result in devastating consequences. Therefore, we need an authentication mechanism at the nano router to allow data transmission i.e. health measurements from legal nodes only, blocking all malicious nodes.

In traditional communication systems, the countermeasures for such attacks were made at the higher layer using cryptography. Despite the wide work in the field of cryptography, the mechanism can be compromised because of its solely dependency on the predefined shared secret among the legal users. With recent advances in quantum computing, the traditional encryption become vulnerable to be easily decoded and existing crypto-based measures are not quantum secure unless the size of secret key increases to impractical length [6]. In this regard, physical layer (PL) security finds itself a promising mechanism in future communication systems. PL security exploits the random nature of physical medium/layer for security purposes [7].
Authentication is one of the pillars required for the security of any communication system. PL authentication is a systematic procedure that uses PL’s features to provide authentication. In conventional systems, asymmetric key encryption (AKE) is typically used in the authentication phase which is the realm of public key encryption (a crypto based approach). Such schemes are quantum insecure and incur overhead or high computations which not only increase the size of the device but also consume high power. The devices fabricated for nanoscale communication are energy constrained as they comprise a small source of energy (battery). PL authentication has a low overhead (simple procedure which typically includes feature estimation and testing) and is almost impossible to clone unless the devices lie on each other. Various fingerprints including RSS [8], CIR [9] [10], CFR [11] [12], carrier frequency offset [13] [14], I/Q imbalance [15] are reported for PL authentication in conventional communication systems.
Regarding security of systems operating in THz band, we found two works[5][16] in the literature. The experimental work of Jianjun et al. [5] for the first time rejected the claim about security in THz band. The claim was that the inherit narrow beamwidth of THz link makes it secure and thus impossible for a malicious node to accomplish an eavesdropping attack. A similar claim is also made for beyond the THz band [17]. The authors in [5] their experiments used reflectors of different shapes between THz transmitter and receiver. Then with the help of secrecy capacity and blockage as performance metrics, they clearly demonstrated that eavesdropping attack in THz can easily be done.The work considered an eavesdropping attack in a system operating in THz band which is different than the attack we consider in this work. In our previous work [16], we studied PL authentication for an in-vivo nanoscale communication system whereby we utilized the path loss as the device fingerprint for three nodes system (i.e. Alice, Eve and Bob). Our previous work [16] was limited to three nodes system only. In this manuscript, we extend our previous work by studying the authentication of a generic system, comprising multiple legal and malicious nodes, operating in the THz band. We exploit the high-resolution transmission molecular absorption (HITRAN)[18] data base for computing the path loss. We perform authentication by hypothesis testing. We refine the output of hypothesis testing via the hidden Markov model (HMM) viterbi algorithm. We also perform transmitter identification via the maximum likelihood and Gaussian mixture model (GMM) expectation maximization algorithm.

Outline. The rest of this paper is organized as follows. Section II provides system model. Section III discusses authentication via two-step hypothesis testing. Section IV presents hidden markov model to refine the output of hypothesis testing. Section V provides transmitter identification schemes. Section VI presents simulation results with discussions and Section VII concludes the paper.

For the purpose of simulation, we considered a square 2D map/layout of size ($1$ m $\times 1$ m) where $M+N$ nano transmission (Tx) nodes, $M$ Alice (Legal) nodes $\{A_{i}\}_{i=1}^{M}$ and $N$ Eve (Malicous) nodes $\{E_{j}\}_{j=1}^{N}$, deployed according to the uniform distribution model, whilst a nano router/receiver node, Bob, is placed at origin as shown in Fig. 2. We assume that the Tx nodes transmits with a fixed/pre-specified transmit power so that the path loss can be computed by Bob.

The path loss is given as [19],[20]:

$\displaystyle L(f,d)[dB]=L_{a}(f,d)[dB]+L_{s}(f,d)[dB]$

(1)

where $f$ is the frequency, $d$ is the distance, $L_{a}(f,d)[dB]$ is the absorption loss, and $L_{s}(f,d)[dB]$ is the spreading loss. The spreading loss is given as

$$L_{s}(f,d)[dB]=20\log_{10}(\frac{4\pi fd}{c}),$$

(2)

where $c$ is the speed of light. The absorption loss is given as:

$$L_{a}(f,d)=\frac{1}{\tau(f,d)}$$

(3)

where $\tau$ represents the transmittance of the signal and is given by Beer-Lambart law:

$\displaystyle\tau(f,d)=e^{-k(f)d}$

(4)

where $k$ is the medium absorption coefficient, given as:

$$k(f)=\sum_{i,g}k_{i,g}(f)$$

(5)

where

$$k_{i,g}(f)=\frac{p}{p_{0}}\frac{T_{0}}{T}Q_{i,g}\sigma_{i,g}(f)$$

(6)

where $i$ is the isotopologue (molecule that differs in isotropic composition) and $g$ is gas, $p_{0}(T_{0})$ are standard pressure (Temperature), $\sigma_{i,g}(f)$ is the absorption cross-section and $Q_{i,g}$ is the molecular density given by

$$Q_{i,g}=\frac{n}{V}q_{i,g}N_{A}=\frac{p}{RT}q_{i,g}N_{A}$$

(7)

where $R$ is gas constant, $N_{A}$ is the Avogadro constant and $q_{i,g}$ is the mixing ration for $i$ of $g$. The absorption cross-section can be expressed as

$$\sigma_{i,g}=S_{i,g}G_{i,g}(f)$$

(8)

where, the line intensity $S_{i,g}$ and line shape $G_{i,g}(f)$ parameters can be computed using data from HITRAN database [18]

We assume that the shared channel is time-slotted, whilst the transmit nodes perform channel sensing before transmitting, hence there are no collisions. Without the loss of generality, it can be assumed that $A_{i}$ is the legitimate user for the slot $k$, but if $A_{i}$ doesn’t transmit during this time-slot, $E_{j}$ could transmit to Bob pretending to be an Alice node. Therefore, Bob needs to authenticate each message received on the shared channel and verify the transmitter identity (if no impersonation has been declared) in a systematic manner.

Assuming that the noisy measurement $z(k)=L+n(k)$ has been obtained at time $k$ (for instance, by using the pulse based method as discussed in [21]), where $n(k)\sim N(0,\sigma^{2})$ and $L$ is the path loss. Furthermore, in line with previous studies[16],[22], we assume that Bob has already learnt the ground truth via prior training on a secure channel. The ground truth vector can be denoted by $\mathbf{l}=\{L_{1},...,L_{M}\}^{T}$. The maximum likelihood (ML) hypothesis test can be explained by the following equation:

$$(T^{*},i^{*})=\underset{i}{\min}\quad|z-L_{i}|$$

(9)

Next, the binary hypothesis test works as follows:

$$\begin{cases}H_{0}(\text{no impersonation}):&T^{*}=\underset{i}{\min}|z(k)-L_{i}|<\epsilon\\ H_{1}(\text{impersonation}):&T^{*}=\underset{i}{\min}|z(k)-L_{i}|>\epsilon\end{cases}$$

(10)

Equivalently, we have:

$\displaystyle T^{*}\gtrless_{H_{0}}^{H_{1}}{\epsilon}$

(11)

where $\epsilon$ is a small threshold - a design parameter. This work follows the Neyman-Pearson theorem [23] which states that, for a pre-specified $P_{fa}$, $\epsilon$ can be chosen such that $P_{md}$ is minimized.

The error probabilities for the above hypothesis tests are:

$$\begin{split}P_{fa}&=P(H_{1}|H_{0})=\sum_{i=1}^{M}P(T^{*}>\epsilon|A_{i})\pi(i)\\ &=\sum_{i=1}^{M}2Q(\frac{\epsilon}{\sigma})\pi(i)=2Q(\frac{\epsilon}{\sigma})\sum_{i=1}^{M}\pi(i)=2Q(\frac{\epsilon}{\sigma})\end{split}$$

(12)

where $Q(x)=\frac{1}{\sqrt{2}\pi}\int_{x}^{\infty}e^{\frac{-t^{2}}{2}}dt$ is the complementary cumulative distribution function (CCDF) of a standard normal distribution, and $\pi(i)$ is the prior probability of $A_{i}$. Thus, the threshold could be computed as follows:

$$\epsilon=\sigma Q^{-1}(\frac{P_{fa}}{2})$$

(13)

Then, $P_{md}$ is given as:

$$\begin{split}&{P}_{md}=P(H_{0}|H_{1})=P(T^{*}<\epsilon|H_{1})\\ &=\sum_{j=1}^{N}\sum_{i=1}^{M}\bigg{[}Q(\frac{L_{i}-L_{j}-\epsilon}{\sigma})-Q(\frac{L_{i}-L_{j}+\epsilon}{\sigma})\bigg{]}\pi(j)\end{split}$$

(14)

where $\pi(j)=\sum_{i=1}^{M}\alpha_{ij}\pi(i)$ is the prior probability of $E_{j}$. $0<\alpha_{ij}<1$ is the fraction of slots which are originally dedicated to $A_{i}$ but are found idle and thus utilized by $E_{j}$.

Since $P_{md}$ is an R.V., the expected value $\bar{P}_{md}:=\mathbb{E}(P_{md})$ is as follows:

$$\begin{split}&\bar{P}_{md}=\sum_{j=1}^{N}\frac{1}{\Delta}\pi(j).\\ &\bigg{(}\int_{L_{min}}^{L_{max}}\sum_{i=1}^{M}Q(\frac{L_{i}-L_{j}^{(E)}-\epsilon}{\sigma})-Q(\frac{L_{i}-L_{j}^{(E)}+\epsilon}{\sigma})dL_{j}^{(E)}\bigg{)}\\ &=\sum_{j=1}^{N}\frac{1}{\Delta}\pi(j).\\ &\bigg{(}\int_{L_{min}}^{L_{max}}\sum_{i=1}^{M}Q(\frac{L_{i}-L^{(E)}-\epsilon}{\sigma})-Q(\frac{L_{i}-L^{(E)}+\epsilon}{\sigma})dL^{(E)}\bigg{)}\end{split}$$

(15)

where we have assumed that the unknown path loss $L_{j}\sim U(L_{min},L_{max})$ $\forall j$, and $\Delta=L_{max}-L_{min}$.

At a given time instant $k$, the system is in one of the two states with the state-space: $\mathcal{S}=\{s_{0},s_{1}\}$. The states $s_{0}$ and $s_{1}$ imply that there is no impersonation, impersonation respectively at time $k$. However, the true state of the system is hidden; therefore, what we observe through the hypothesis test is another observable Markov chain. The connection between the true/hidden state and the observable state is given by the emission probability matrix:

$$\mathbf{R}=\begin{bmatrix}r_{0,0}&r_{0,1}\\ r_{1,0}&r_{1,1}\end{bmatrix}$$

(16)

where $r_{i,j}=Pr(x[k]=i|s[k]=j)$, $i,j\in\{0,1\}$. The off-diagonal elements in the $i$-th row of $\mathbf{R}$ represents the errors made by the ML test, i.e., deciding the state as $s[k]=j$, $j\in\{0,1\}\setminus{i}$ while the system was actually in state $s[k]=i$.

The transition from state $i$ to state $j$ occurs after a fixed interval of $T=t_{k}-t_{k-1}$ seconds where $1/T$ is the measurement rate. Assuming that the system was in state $s_{0}$ at time $k=0$, i.e. $\mathbf{x}[0]=[1,0]^{T}$ and we are in time $k-1$ and we want to predict the probability vector $\mathbf{x}[k]$ at time $k$ and the system is in state $s_{i}$, $i\in\{0,1\}$. To this end, we have the following transition probability matrix:

$$\mathbf{P}=\begin{bmatrix}p_{0,0}&p_{0,1}\\ p_{1,0}&p_{1,1}\end{bmatrix}$$

(17)

where $p_{i,j}=P(x[k]=j|x[k-1]=i)$, $i,j\in\{0,1\}$. Then, we have the following relation: $\mathbf{x}[k]=\mathbf{P}^{k}\mathbf{x}[0]$. Alternatively, we can write: $\mathbf{x}[k]=\mathbf{P}\mathbf{x}[k-1]$.

The probability of misclassification error resulting from Eq. 9 is given as:

$$P_{mc}=\sum_{i=1}^{M}P_{mc|i}.\pi(i)$$

(19)

where $P_{mc|i}=P(\text{Bob decides }A_{j}|A_{i}\text{ was the sender})$. For the hypothesis test of (11), $P_{mc|i}$ is given as:

$$P_{mc|i}=1-\bigg{(}Q(\frac{\tilde{L}_{l,i}-\tilde{L}_{i}}{\sigma})-Q(\frac{\tilde{L}_{u,i}-\tilde{L}_{i}}{\sigma})\bigg{)}$$

(20)

where $\tilde{L}_{l,i}=\frac{\tilde{L}_{i-1}+\tilde{L}_{i}}{2}$, $\tilde{L}_{u,i}=\frac{\tilde{L}_{i}+\tilde{L}_{i+1}}{2}$. Additionally, $\mathbf{\tilde{l}}=\{\tilde{L}_{1},...,\tilde{L}_{M}\}=\text{sort}(\mathbf{l})$ where sort operation (.) sorts a vector in an increasing order. For the boundary cases, e.g., $i=1,i=M$, $\tilde{L}_{l,1}=L_{min}$, $\tilde{L}_{l,M}=L_{max}$ respectively.

We kept $M=N=10$, $\alpha_{ij}=0.5\ \forall j$, $f=1$ THz, $T=285$ k and $p=1$ atm. Both Alice and Eve nodes were deployed according to uniform distribution in $1m\times 1m$ area. Total $10^{5}$ random realisations (independent for Alice and Eve nodes) of nodes’ deployment were taken and then errors were averaged over the realizations.

$P_{fa}$ and $P_{md}$ are two well-known probabilities resulting in hypothesis testing. The $P_{fa}$ was defined as the probability that any $i-$th Alice node can be considered as any of the Eve nodes. While the $P_{md}$ is the probability of the event that any $j-$th Eve node can be considered as any of the Alice nodes.

Fig. 3 represents the two probabilities against the SNR $=\frac{1}{\sigma^{2}}$ where the improvement in error probabilities with an increasing SNR can be seen clearly. The designed parameter $\epsilon$ decreases ${P}_{md}$ but increases $P_{fa}$.

Fig. 4 shows the efficacy of HMM. At low SNR the performance of HMM was far better than HT and at high SNR HT was closed to HMM. The results were produced after monte carlo based simulation. The total number of transmissions were kept to $10^{5}$ (more specifically, $10^{5}$ binary states ($s_{0}$, $s_{1}$) were generated), $\epsilon=1$, $\mathbf{P}=0.5I_{2\times 2}$, where $I$ is the identity matrix and $K=10^{3}$. The error resulting from HT and HMM methods were calculated as the number of times the predicted/estimated state was not equal to actual state divided by total transmissions. The accuracy was then computed accordingly. The entries of $\mathbf{R}$ were calculated according to $P_{fa}$ and $P_{md}$. Fig. 5 shows the Receiver Operating characteristic (ROC) curves for different configurations of node and transmissions from Eve nodes (i.e. $\alpha_{ij}$). Typically, the ROC contains two error probabilities ($P_{d}$ and $P_{fa}$), but due to multiple nodes in this study, we had three probabilities. For any $P_{fa}$ value the $P_{mc}$ was constant which was obvious from Eq.20. Increasing SNR not only improved $P_{d}$ but also improved $P_{mc}$ as well. The $P_{fa}$ was chosen as an independent variable and swept on the range $0$ to $1$. Using Eq. 13, the threshold was calculated for a given SNR value. Further, $P_{d}=1-P_{md}$ (the detection probability) and $P_{mc}$ were computed as average after doing $10^{5}$ uniform realisations of nodes deployment. We observed that increasing the number of nodes does not affect the $P_{d}$ but $P_{mc}$ increases with an increase in number of Alice nodes ($M$). We further observed that the less the nodes (Alice nodes) remain idle during their allocated slot the more the $P_{d}$ we had.

$P_{mc}$ is the probability of deciding $i-$th Alice node, as any Alice node without $i$. $P_{mc}$ becomes an important metric when dealing with multiple nodes’ identification. Here, $P_{mc}$ resulted from both transmitter identification’s algorithms (ML which is a bi-product of two-step HT based authentication and GMM). As GMM is a learning approach, it requires training data to learn its parameters. That is the reason that we only performed transmitter identification using GMM. We assumed no data was available for Eve nodes.

Fig. 6 (a) was generated by assuming actual ground truths (noiseless $(L_{i}\ \forall i)$) of Alice nodes available for performing ML based transmitter identification. The ML was implemented using Eq.9 with having noiseless ground truths. Fig. 6 (a) shows that the two approaches perform equally. To test the efficacy of the GMM approach, we performed another experiment and plotted the results in Fig. 6 (b). This time we assumed that the ground truths of Alice nodes were noisy $L_{i}+n\ \forall i$ (i.e when the ground truths were obtained on secure channel it also included noise or an error). This time the the ML based approach was implemented using Eq.9 to include noisy ground truths. The GMM parameters were estimated on $10^{4}$ training data generated from the legal nodes and then tested on $10^{5}$. The error was calculated as number of times the estimated state was not equal to the actual value divided by the total transmissions for both approaches and for both cases. We observed from Fig. 6 (b) that the overall performance of GMM was improved. The performance improved even further for lower SNR or higher $\sigma^{2}$.

This paper provided an authentication mechanism using path loss as a fingerprint at the physical layer in nanoscale communication systems operating in terahertz band. The work’s importance was advocated by illustrating envisioned smart healthcare application of nanoscale communication systems. The complex and quantum insecure crypto measures can be complemented using this approach which is simple and quantum secure (i.e. no encryption or shared secret key is involved). This was observed from ROC curves after doing monte carlo based simulation for nodes deployment under uniform distribution that with $20\%$ false rate the detection probability is almost one when operating with SNR $=10$ dB. A generic system was considered comprising multiple legal and malicious nano nodes operating in Terahetrz band. Specifically, for simulation purpose, nodes were deployed in $1m\times 1m$ area under uniform distribution and air was considered as a medium among the nodes and path loss was calculated using HITRAN data base.

This work was made possible by NPRP grant number NPRP 10-1231-160071 from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors. Waqas Aman would also like to thank Higher Education Commission of Pakistan for providing him IRSIP scholarship to travel to University of Glasgow for his studies.