Conference PaperPDF Available

12.3 Exploring PUF-Controlled PA Spectral Regrowth for Physical-Layer Identification of IoT Nodes

Authors:
1
Exploring PUF-Controlled PA Spectral Regrowth for Physical-Layer
Identification of IoT Nodes
Qiang Zhou*, Yan He*, Kaiyuan Yang, Taiyun Chi
Rice University, Houston TX 77006
2021 IEEE International Solid- State Circuits Conference - (ISSCC)
© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be
obtained for all other uses, in any current or future media, including
reprinting/republishing this material for advertising or promotional purposes,
creating new collective works, for resale or redistribution to servers or lists, or reuse of
any copyrighted component of this work in other works.
2
Exploring PUF-Controlled PA Spectral Regrowth for Physical-Layer Identification of IoT Nodes
It is projected that 75 billion IoT devices will be deployed for applications such as wearable electronics
and smart home by 2025. Securing IoT devices is one of the most significant barriers we need to overcome
for large-scale IoT adoption. Conventional wireless security has been implemented solely using upper-layer
cryptography [1]. Unfortunately, IoT nodes are often energy-constrained and may not have enough
computational resources to implement advanced asymmetric cryptographic algorithms [2-3]. To overcome
this challenge, there has been growing interest in leveraging the physical impairments of the radios that are
bonded to specific TX for secure identification [4-6], a.k.a. RF fingerprinting. If Bob (the RX) has sufficient
sensitivity, it can identify Alice (the legitimate TX) and the malicious impersonator during demodulation based
on their inherent radio signatures, similar to how we distinguish different people based on their unique voice
signatures (Fig. 12.3.1). As the device-dependent radio impairments come from process variation, it is
challenging for impersonators to forge in practice. In addition, unlike cryptographic approaches that device
IDs are inserted in preambles and checked only once a while, RF fingerprinting enables continuous
identification at any moment during communication, leading to a tighter bond between the data packet and
device.
A few RF physical-layer identification prototypes have been demonstrated using off-the-shelf radios. In
[4], carrier frequency offset (CFO) is used as the RF fingerprint. However, the measured CFO difference is
only 1.2kHz with a 2.4GHz carrier, resulting in merely 0.5ppm variation across all devices to be identified.
Such a subtle inter-device variation requires highly sensitive benchtop instruments (spectrum analyzers or
oscilloscopes) for feature extraction, far beyond the processing capability of IoT nodes.
To maximize the dynamic range of the RF fingerprint and facilitate low-overhead feature extraction, we
propose to redesign the TX frontend of IoT nodes hardened with a digital security engine (Fig. 12.3.1). Here
we assume the IoT network is asymmetric including a single RX hub and multiple energy-constrained TX
distributed in the field. First, we choose to integrate the TX spectral regrowth over a narrow frequency window
3
in which the power spectral density (PSD) presents the most significant inter-device variability and leverage
such out-of-band leakage power (OOBLP) as the fingerprint. This is because wireless standards typically
impose stringent in-band requirements such as I/Q mismatch, EVM, etc., but the specification for spectral
regrowth is fairly relaxed for low-power IoT standards such as BLE and Zigbee. As long as the spectral mask
is satisfied, exploring OOBLP will not compromise the in-band signal quality, but rather guarantee a large
identification space. Second, we implement a digital PUF (Physically Unclonable Function) to amplify the
intrinsic device variation and manipulate the probability distribution of the spectral regrowth across all the
devices. This further enhances the uniqueness of the fingerprint and relaxes the resolution requirement of
the RX feature extraction.
As proof of concept, we report an integrated physical-layer identification chip for IoT applications at
2.4GHz. It consists of a PA with 0.5V VDD, a PUF and DAC with 1V VDD, and a built-in spectral regrowth and
in-band power (IBP) monitoring circuit (Fig. 12.3.1). The power cell of the PA is based on the multi-gate
transistor (MGTR) technique [7]. The biasing of the main path (VBM) is slightly lower than the Gm3 “sweet spot”
while the biasing of the auxiliary path (VBA) is higher than that. Tuning VBA changes the shape of spectral
regrowth with minimal effect on the in-band PA output. A harmonic-rejection output network (Fig. 12.3.1) is
implemented on-chip to filter out 2nd and 3rd harmonic contents. In particular, C3p and two symmetrically
embedded branches inside the transformer forms a 3rd harmonic open. Together with the parallel resonators
at 2f0 and 3f0 on the secondary side, the measured 2nd and 3rd harmonic suppression are >48.5dBc at 0dBm
Pout.
VBA is generated by a digital PUF and a DAC to randomize the inter-device spectral regrowth. The
probability density function (PDF) of the raw PUF output is uniform, but the transfer function between OOBLP
and VBA is nonlinear, resulting in an excessively high probability when OOBLP is low (Fig. 12.3.2). To alleviate
this problem, we insert a lookup table (LUT) before the DAC to pre-distort the probability distribution of the
PUF output. Combining the measured OOBLP VBA transfer function and LUT weighting, the proposed PUF
4
engineering scheme realizes a uniform distribution for OOBLP and minimizes the chance that two devices
present very similar fingerprints (Fig. 12.3.2). A inverter-chain-based PUF cell design [8] is employed as the
entropy source (Fig. 12.3.3). Conventionally, PUFs are tested through external IOs for enrollment. But the
digital PUF values are not necessary for identification and thus are not exposed to IOs for better security. To
guarantee the reproducibility, four independent cells are implemented for each bit and a self-screening circuit
is designed to find the bit cell that does not show a single error during enrollment.
To simplify the testing, we implement a built-in feature extraction circuit that is capacitively coupled to the
PA output. It consists of a power detector (PD), a down-conversion mixer, and a low-pass filter (Fig. 12.3.3).
IBP can be directly monitored using the PD and its measured output voltage against PA output is shown in
Fig. 12.3.3. In the PA measurement, we first disable the PUF and feed VBA off-chip. A 2Mb/s π/4-DQPSK
signal with a RRC pulse shaping (roll-off factor = 0.4) is used at 2.5GHz, which has the same modulation
parameters as the payload in the Bluetooth Enhanced Data Rate (EDR) mode. When VBA is changed from
220mV to 320mV, integrating the spectral regrowth from 1.2 to 1.3MHz away from the carrier introduces a
11.9dB OOBLP variation at the PA output and a 10.7dB variation at the down-converted output (Fig. 12.3.4).
The IBP varies from 3.4 to 4.8dBm, resulting in only 1.4dB difference, and the measured EVM varies from
2.8% to 4.7%. Nine chips are tested and a consistent >11.5dB OOBLP variation and <1.5dB IBP variation is
achieved (Fig. 12.3.4). Then we turn on the PUF, program it with 16 different settings for each chip, and
record IBP and OOBLP with 16×9=144 data points in total. The histogram is plotted in Fig. 12.3.4, which
presents a slight difference compared to the uniform distribution in Fig. 12.3.2 due to limited number of
samples.
To benchmark the identification performance using the measured 144 data points, we first assign a
decision threshold assuming a certain ENOB of the RX feature extraction and then calculate the false
identification rate (FIR). 5% FIR is achieved with 10-bit ENOB (Fig. 12.3.5), which is limited by the worst-
case inter-device distance of OOBLP. We also perform an over-the-air identification demonstration in a lab
5
environment by connecting six PAs to antennas (Fig. 12.3.5). We fix the location of the PAs, and move the
RX (a spectrum analyzer with an antenna) to a new location whenever we switch the PA in the setup. After
de-embedding the path loss, the measured OOBLP is compared to the 144 reference fingerprints. Tested
under three PUF settings at each location, the FIR reaches 0 with 6-bit ENOB of the RX feature extraction.
The maximum intra-device distance of OOBLP is ~2LSB, which is introduced by noise and fading of the
wireless channel. A performance comparison is summarized in Fig. 12.3.6. This work is the first
demonstration of an integrated RF fingerprinting chip. By exploring PUF-controlled spectral regrowth, the
proposed identification mechanism features a large fingerprint variability and incurs minimal
power/area/redesign overhead.
References:
[1] A. Pathan, H.-W. Lee and C. Hong, Security in wireless sensor networks: issues and challenges, 2006
8th International Conference Advanced Communication Technology, Phoenix Park, 2006.
[2] N. Potlapally et al., A study of the energy consumption characteristics of cryptographic algorithms and
security protocols, IEEE Trans. Mobile Comput., vol. 5, no. 2, pp. 128-143, Feb. 2006.
[3] M. Mahmoud and X. Shen, ESIP: Secure Incentive Protocol with limited use of public-key cryptography
for multihop wireless networks, IEEE Trans. Mobile Comput., vol. 10, no. 7, pp. 997-1010, Jul. 2011.
[4] W. Hou, X. Wang, J. Chouinard and A. Refaey, Physical Layer Authentication for Mobile Systems with
Time-Varying Carrier Frequency Offsets, IEEE Transactions on Communications, vol. 62, no. 5, pp. 1658-
1667, May 2014.
[5] B. Chatterjee, D. Das and S. Sen, RF-PUF: IoT security enhancement through authentication of wireless
nodes using in-situ machine learning, IEEE International Symposium on Hardware Oriented Security and
Trust (HOST), Washington, DC, 2018.
[6] Z. Li, W. Xu, R. Miller, and W. Trappe, Securing wireless systems via lower layer enforcements, in Proc.
5th ACM Workshop Wireless Secur., pp. 34-42, 2006.
6
[7] T. Joo, B. Koo and S. Hong, A WLAN RF CMOS PA With Large-Signal MGTR Method,IEEE TMTT, vol.
61, no. 3, pp. 1272-1279, March 2013.
[8] D. Li and K. Yang, 25.1 A 562F2 Physically Unclonable Function with a Zero-Overhead Stabilization
Scheme, IEEE ISSCC, pp. 400-402, Feb. 2019.
[9] M. Babaie et al., A Fully Integrated Bluetooth Low-Energy Transmitter in 28 nm CMOS With 36% System
Efficiency at 3 dBm,IEEE JSSC, vol. 51, no. 7, pp. 1547-1565, July 2016.
[10] S. Yang, J. Yin, H. Yi, W. Yu, P. Mak and R. P. Martins, A 0.2-V Energy-Harvesting BLE Transmitter
With a Micropower Manager Achieving 25% System Efficiency at 0-dBm Output and 5.2-nW Sleep Power in
28-nm CMOS,IEEE JSSC, vol. 54, no. 5, pp. 1351-1362, May 2019
7
Fig. 12.3.1. Exploring device-dependent spectral regrowth as the RF fingerprint for identification of IoT nodes.
The spectral regrowth is controlled by the PA auxiliary biasing (VBA) which is generated by a digital PUF.
2:6
4:3 PA
Output
Output Network with
Harmonic Rejection
VBM 3f0
fC
Same Message but Unique
Voice Signatures
Similar In-Band Signal but Distinctive Spectral
Regrowth due to Unique TX Nonlinearity
Device-Dependent
Leakage as Fingerprint
PUF+LUT+
DAC
MGTR
RF In Output
Balun
LO
IF Out
PD Out
Digital
Security
Engine
2.4GHz IoT PA
Spectral Regrowth and In-
Band Power Sensing
VBM
VBA
Aux
Main
VBA from
PUF+DAC
VDD C3p
C3p
3f0
2f0Spectral
Regrowth
Sensing
Input
PA Schematic
Aux
Main
BobAlice
Impersonator
I am Alice
Input
Balun
Alice (TX)Bob (RX)
Impersonator
8
Fig. 12.3.2. Probability distribution of the out-of-band leakage power (OOBLP) with and without the LUT. A
uniform distribution is achieved for OOBLP using the proposed PUF engineering scheme.
VBA (V)
OOBLP (μW)
VBA (V)
PDF (V-1)
Raw PUF Output
0.22 0.24 0.26
Pre-Distort PUF
Output Using LUT
Meas. OOBLP VBA
Transfer Function
VBA (V)
0
0.2
0.4
0.6
0.32
VBA (V)
PDF (V-1)
7
8
9
10
11
12
5
10
15
20
25
Probability Distribution of
OOBLP with LUT
00.2 0.4 0.6 0.8 1.0
0
1000
2000
3000
4000
Counts
1M Samples
256 Bins
OOBLP (μW)
OOBLP (μW)
Uniform Distribution with LUT
fc
fc
fcfc
fc
PUF
VBA1
Node #1
DAC
8PA LUT
PUF
VBA1
Node #1
DAC PA
8
PUF
VBA2
Node #2
DAC
8PA
PUF
VBAN
Node #N
DAC
8PA
LUT
PUF
VBA2
Node #2
DAC PA
8
LUT
PUF
VBAN
Node #N
DAC PA
8
fc
0.28 0.30 0
0.22 0.24 0.26 0.320.28 0.30 0.22 0.24 0.26 0.320.28 0.30
0.8
1.0
Meas. OOBLP VBA
Transfer Function
0
0.2
0.4
0.6
0.22 0.24 0.26 0.320.28 0.30
0.8
1.0
Probability Distribution of
OOBLP without LUT
00.2 0.4 0.6 0.8 1.0
0
10000
20000
30000
40000
Counts
1M Samples
256 Bins
OOBLP (μW)
9
Fig. 12.3.3. Schematic of PUF, LUT, DAC, and the spectral regrowth and in-band power monitoring circuit.
Measured power detector output voltage and system efficiency vs. in-band power.
8:256
DEC
VDACMIN
×
8
OUT
Weak Pseudo-
nMOS Pullups
LUT
Inverter Chain-Based PUF
4 to 1 MUX
8-Bit DAC
Digital Security Engine A0
A1
A2
A3
A4
A5
A6
A7 1
0
VDACMIN
VDACMAX
IF
Out
+
-
+
-
+
-+
-
LO
Mixer
Instrumentation
Amplifier
LO VREF
VREF
Low-Pass Filter
VREF
Down-Convert
to IF = 3MHz
Differential to Single-
Ended Conversion
VBN
Power Detector (PD)
PD
Out
VBP
PA
fC = 10MHz
In-Band Pout (dBm)
PD Vout (mV)
System Efficiency
...
×8
...
×256
word0
word1
word2
word3
A0 A1 A2 A3
10
Fig. 12.3.4. Measured PA output spectra, down-converted output spectra, EVM, and a summary of the
measured IBP and OOBLP variations of nine chips when PUF is disabled. Measured histogram of OOBLP
from nine chips each with 16 different PUF settings.
-90
-80
-70
-60
-50
-40
-30
-20
-10
0
-90
-80
-70
-60
-50
-40
-30
-20
-10
0
-80
-70
-60
-50
-40
-30
-20
-10
0
-80
-70
-60
-50
-40
-30
-20
-10
0
Min. VBA = 220mV
IBP = 3.4dBmOOBLP = -40.3dBm
Max. VBA = 320mV
2.5GHz
2.5GHz
LO
Down-Converted Output
3MHz
3MHz
LO
Span = 10M
Span = 10M
OOBLP = -40.8dBm
OOBLP = -30.1dBm
Span = 6M
Span = 6M
IBP = 1.7dBm
EVM = 2.8%
EVM = 4.7%
9
8
7
6
5
4
3
2
1
0
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 1.1 1.2
OOBLP (μW)
Counts
OOBLP Distribution for
9 Devices × 16 PUF
IBP and OOBLP (dBm)
Chip #
5
-30
-35
-40
-45
2
13
-25
4 5 6 7 89
0IBP Variation < 1.5dB
OOBLP Variation > 11.5dB
IBP = 3dBm
PA Output
Tuning VBA from Min. to Max. for 9 Chips
IBP = 4.8dBmOOBLP = -28.4dBm
11
Fig. 12.3.5. Calculated false identification rate (FIR) vs. ENOB of the RX feature extraction based on 144
measured data points and an identification demonstration with over-the-air testing in a lab environment.
0
0.2
0.4
0.6
0.8
1
1 2 3 4 5 6
Data Base
Measured
0
10
20
30
40
50
60
70
80
90
100
1 2 3 4 5 6 7 8 9 10
Location
OOBLP (µW)
12 3 4 5 6 78 9 10
0
20%
RX
ENOB
False Identification Rate (FIR)
RX Locations in OTA Testing
1
2
3
4
5
6
RX
Chips
3.5m
Data Base
Measured
40%
60%
80%
100%
Minimum Inter-Device
Distance ~1LSB
Maximum Intra-Device
Distance ~2LSB
FIR = 0 when
ENOB = 6 bit
1 2 3 4 5 6
0
0.2
0.4
0.6
0.8
1.0
PA Chips
Variation
Variation
12
Fig. 12.3.6. Performance summary and comparison.
This Work [9] [10]
Peak Pout
(dBm) 4.7 3 0
Peak PA
Efficiency
32%* min V
BA
36%* max V
BA
41% 30%
Modulation
Type
2Mb/s π/4-
DQPSK
1Mb/s
GFSK
1Mb/s
GFSK
Modulation
Error
2.8%-4.7%
EVM
2.7% FSK
Error
2.84% FSK
Error
Strongest
Harmonic
(dBm)
HD2/-48.5 at
0dBm
HD3/-
47
at 0dBm
HD3/-
47.4
at 0dBm
Active Area
(mm2)0.6 0.650.53
Technology
45nm CMOS
SOI
28nm
CMOS
28nm
CMOS
This Work [4] [5]
RF
Fingerprint Spectral Regrowth CFO CFO + I/Q +
Channel
Fingerprint
Variability
1.4µW
/100kHz
OOBLP,
124µW/100kHz IBP,
11300ppm
1.2kHz CFO,
2.4GHz Carrier,
0.5ppm
23kHz CFO,
2.4GHz Carrier,
9.6ppm
Fingerprint
Dynamic
Range
>11.5dB for all 9
Devices N/A N/A
Fingerprint
Probability
Distribution
Uniform
Gaussian,
σ=10kHz for
CFO
Gaussian,
σ
=20.1kHz for
CFO
Number of
Devices
Measured
9 PA × 16 PUF
Settings Per PA = 144 2 2
False
Identification
Rate
5% with 144 Devices
(meas.)
5% with 20K
Devices (sim.)
1% with 8K
Devices (sim.)
Platform Integrated USRP USRP
* Including dc power of PUF and DAC
Including PLL
Comparison with 2.4GHz Low-Power PA Comparison with Physical-Layer Identification TX
13
Fig. 12.3.7. Die micrograph.
1.4mm
0.9mm
Input Balun MGTR
Cell
PUF + DAC Output Network
Spectral Regrowth
Monitoring
PD
14
Fig. 12.3.S1. Measurement setup. The chips are wire-bonded to FR4 PCBs for testing. In the over-the-air
test, we connect the spectrum analyzer to an antenna and move it to six different locations in the lab. At each
location, we test one PA chip and record the IBP and OOBLP under three unique PUF settings.
RX AWG to Generate
Input Modulated
Signal
SPI
Programming
Signal Analyzer
for Debugging
Oscilloscope
for Debugging
Function Generator to
Generate PUF CLK Voltage Meter to
Detect PD Out
Chip on
Board w/ Ant
Ant
15
Fig. 12.3.S2. Measured spectra of the PA output and down-converted output using a two-tone signal and
measured fundamental power and IM3 from nine chips each with 16 different PUF settings. A good correlation
is achieved when comparing the two-tone measurement with the π/4-DQPSK-based measurement in Fig. 4.
In the design phase, the VBA tuning range is determined from the two-tone IM3 simulation, instead of
modulated-signal-based envelope simulation, to speed up simulation time.
Power/dBm
Chip
5
-20
-25
-30
-35
2
13
-15
4 5 6 789
0
-5
-100
-80
-60
-40
-20
0
-100
-80
-60
-40
-20
0
Fundamental Variation < 1.5dB
IM3 Variation > 13.4dB
Tuning VBA from Min. to Max. for 9 Chips
2.5GHz Span = 8M
-30.7dBm
-1.2dBm
-16.6dBm
0.4dBm
2.5GHz Span = 8M
Min. VBA = 220mV Max. VBA = 320mV
PA Output PA Output
... However, the variety of classifiable RFFs resulting from inherent manufacturing variations is very limited. In [10], spectral regrowth-based features from a power amplifier (PA) are tuned to generate 16 RFFs, and this number is further expanded to 220 in the previous work by using feature augmentation of a reconfigurable PA [11], [15]. However, such limited tunability is still vulnerable to interception by adversary receivers using prolonged observation time to mimic the transmission signals. ...
... This is the author's version which has not been fully edited and content may change prior to final publication. In paper [10], a differential PA structure consisting of Main and Auxiliary paths, as depicted in Fig. 5, is utilized. By adjusting the gate voltage of the Auxiliary PA, the out-ofband leakage power can be tuned to generate device-specific features. ...
... The application of multi-gate transistors and PUFcontrolled techniques in paper [10] effectively reduces the in-band power variation during PUF operation and generates identifiable out-of-band power features. However, an in-band power fluctuation of 1.2 dBm is still noticeable, and the number of identifiable PA patterns is limited by the PUF's tunability. ...
Article
Full-text available
The rapid growth of Internet of Things (IoT) devices and communication standards has led to an increasing demand for data security, particularly with limited hardware resources. In addition to conventional software-level data encryption, physical layer security techniques, such as Device-Specific Radio Frequency Fingerprints (RFFs), are emerging as promising solutions. This paper first summarizes prior arts on time-stamped RFFs generation and reconfigurable power amplifier (PA) designs. Following that, an innovative 2-stage power amplifier incorporating a reconfigurable class A stage with a Doherty amplifier, designed in 65nm CMOS to generate 4,096 time-stamped RFFs without introducing in-band power variation, is presented. Multiple 3-bit resistive Digital-to-Analog Converters (RDACs) are applied to control body biasing units within the two-stage power amplifier, facilitating the generation of massive and distinguishable RFFs. Subsequently, Time-Varying Unequally Spaced Multi-Tone (USMT) techniques are proposed to further elevate the count of available time-stamped RFFs from 4,096 to 16,384. The validation results of RFFs utilizing 64QAM WiFi-6E advertising packets, employing Time-Varying Unequally Spaced Multi-Tone transmitted within the 5.39-5.41GHz band, confirm the successful generation of 16,384 distinct RFF patterns. Moreover, the measurement results demonstrate that more than 11,504 RFFs among the generated patterns can be classified with an accuracy exceeding 99%.
... Leveraging the concept of physical-layer security, in this work, we propose to extend the PUF concept to RF frontends that are actually responsible for wireless communications. Specifically, we aim to demonstrate energy-efficient physicallayer identification, a.k.a., RF fingerprinting, for wireless IoT nodes [16]. The key observation behind RF fingerprinting is that physical radio waveforms contain unique RF impairments that are bonded to specific transmitters (TXs). ...
... To demonstrate the advantages of the proposed PUF-controlled spectral regrowth as the RFF, we implement a proof-of-concept 2.4-GHz physical-layer identification chip [16] in the GlobalFoundries 45-nm CMOS SOI process and use Bluetooth standard as a demonstration vehicle. The chip architecture is shown in Fig. 4. It consists of three major building blocks: a 2.4-GHz low-power PA, a digital security engine, and a spectral regrowth and in-band power (IBP) monitoring circuit. ...
Article
Full-text available
Securing low-power Internet-of-Things (IoT) sensor nodes is a critical challenge for the widespread adoption of IoT technology due to their limited energy, computation, and storage resources. As an alternative to the traditional wireless security solution based on cryptography, there has been growing interest in RF physical-layer security, which promises a lower overhead and energy cost. In this work, we demonstrate energy-efficient physical-layer identification, a.k.a., RF fingerprinting, designed specifically for resource-constrained IoT nodes. To enhance the identification performance beyond prior demonstrations using off-the-shelf radios, we propose a minor modification to the radio frontend by integrating a digital physically unclonable function (PUF). The PUF controls the transmitter (TX) spectral regrowth as the RF fingerprint (RFF), enhancing its uniqueness and identification space beyond solely relying on transistor intrinsic process variations. As a proof of concept, a 2.4-GHz physical-layer identification is implemented in the GlobalFoundries 45-nm CMOS SOI process. It achieves 4.7-dBm output power and 36% efficiency, which are comparable to state-of-the-art low-power 2.4-GHz power amplifiers (PAs). Additionally, it demonstrates significant improvement in RFF reliability, uniqueness, and identification space over prior physical-layer identification demonstrations. The identification rate and security performance of the proposed approach under different attack models are also discussed.
... The Internet of Things (IoT) is one of these technologies that plays a significant role in changing the traditional way of life into a high-tech lifestyle [2]. According to recent research, the number of IoT devices getting connected to the Internet is exponentially increasing, roughly reaching 75 billion by 2025 [3]. The number of studies in IoT from 2000 to 2019 was about 9589, and numerous challenges need further research to tackle them [4]. ...
Article
Full-text available
Using Internet of Things (IoT) and deep learning techniques in the healthcare sector has gained significant momentum in recent years. These technologies have the potential to transform traditional healthcare monitoring systems into real-time data collection, analysis, and decision-making capabilities. While several models have been developed to assist people with heart diseases, numerous obstacles still impede the effectiveness of the current solutions, such as power consumption, latency, accuracy, and scalability. Therefore, this study aims to develop a promising smart healthcare monitoring model that integrates IoT and deep learning techniques for saving patient lives. In addition, it clarifies the current research gap. The methodology used in this study was a literature review, which was conducted to identify relevant studies on IoT and deep learning applications in healthcare and find the gaps in each. This model consists of three main components: data acquisition through IoT devices, data processing using deep learning algorithms, and decision-making based on analyzed data. Moreover, it showed an unstable rate of accuracy in the current studies, which were taken from 2021 to 2023. In the future, our proposed smart healthcare monitoring model will solve that gap, which is already available in the current studies, and that will be proven using real-time materials such as Arduino and heart disease sensors. Article Info
Conference Paper
In an era when healthcare was becoming increasingly crucial, many developing nations, including Yemen, struggled to provide basic medical services. Nearly half of Yemen's population lacked access to adequate healthcare, with the situation being even more dire in rural and remote areas. While sectors such as industry, agriculture, and environmental science rapidly embraced technological advancements, healthcare systems in these regions lagged, with limited research addressing affordable and accessible solutions. This gap was further highlighted by the global healthcare crisis and the urgent need for innovative, cost-effective approaches. In response, this study outlined the creation and deployment of a cost-effective health monitoring system utilizing Internet of Things (IoT) technology to address these challenges. The system was designed to monitor vital signs, specifically heart rate (HR), using an Arduino Uno and ECG sensor, at a meager total cost of $27.25. It provided real-time monitoring for situations requiring immediate intervention. Power consumption tests demonstrated that the system operated efficiently, consuming between 1.061 and 1.35 watts, making it practical and affordable. Additionally, the potential integration of deep learning techniques promises to enhance the system's accuracy and efficiency. Although this study focused on IoT-based health monitoring, its potential extended beyond this, offering broader implications for future healthcare technology solutions.
Article
This article presents the design and analysis of a millimeter-wave (mmWave) four-way Doherty power amplifier (PA), aiming to enhance the PA energy efficiency when amplifying orthogonal frequency-division multiplexing (OFDM)-based 5G new radio (NR) signals with a 10–12-dB peak-to-average power ratio (PAPR). We first introduce a systematic approach to extending a conventional two-way Doherty PA to N ways, followed by a new transformer-based N -way Doherty network synthesis flow. The proposed network synthesis achieves N -way Doherty load modulation using ( N1N-1 ) transformers, one fewer transformer and thus lower loss than conventional designs. In addition, it enables the desired impedance transformation from RANTR_{\text{ANT}} to ROPTR_{\text{OPT}} and effectively absorbs the parasitic capacitance of the power cells. Along with the Doherty network, we also introduce a high-speed adaptive biasing circuit, addressing the modulation bandwidth bottleneck in prior Doherty PA demonstrations. As proof of concept, a four-way Doherty PA prototype is implemented in the 47-GHz 5G band (band n262) using the GlobalFoundries 45-nm CMOS silicon-on-insulator (SOI) process. It achieves 24.0-dBm saturated power ( PSATP_{\text{SAT}} ), 23.7-dBm output 1-dB compression point ( P1dBP_{1\,\text{dB}} ), 26.8% peak power-added efficiency ( PAEPEAK\text{PAE}_{\text{PEAK}} ), 26.3% PAE at P1dBP_{1\,\text{dB}} ( PAE1dB\text{PAE}_{1\,\text{dB}} ), 21.7% PAE at 6-dB back-off ( PAE6dB\text{PAE}_{6\,\text{dB}} ), and 13.1% PAE at 12-dB back-off ( PAE12dB\text{PAE}_{12\,\text{dB}} ), demonstrating state-of-the-art performance. In the modulation tests, the PA achieves 14.1-dBm average output power ( PavgP_{\text{avg}} ) and 13.7% average efficiency ( PAEavg\text{PAE}_{\text{avg}} ) when amplifying a 2000-MHz 5G NR 64-QAM OFDM signal. To the best of our knowledge, this is the first silicon PA demonstration of 2000-MHz channel modulation bandwidth for 5G NR OFDM along with back-off efficiency enhancement up to 12-dB back-off.
Article
A reconfigurable power amplifier (PA) is implemented in CMOS 65nm to enable radio identification for secure wireless communication by injecting tunable radio frequency fingerprints (RFFs) into the physical layer. The large ensemble of RFFs is achieved by offsetting the distributions of process variations affecting the PA’s hardware features. The resulting large RFF capacity is exploited to increase resilience to noise and temperature changes by selecting distinct RFFs from the ensemble and reconfiguring the PA to restore nominal RFFs following temperature shifts. The secure PA achieves over 14000 time-varying RFFs while consuming only 22 mW and occupying a core area of << 0.0951 mm 2^{2} . A reinforcement learning (RL)-based control has been implemented on FPGA for closed-loop reconfiguration of the transmitter to achieve robust and low-overhead security measures that overcome noise and temperature influences in dynamic environments.
Article
Ensuring the security of wireless networks entails ensuring the authenticity, confidentiality, integrity, and availability of the data exchanged through them. In this data-dependent era, global communications systems have been experiencing rapid increases in the amount of data shared daily, thanks to the evolution of technologies that enable low-cost and ubiquitous wireless connectivity. In the last two decades, there has been a continuous increase in wireless traffic due to wireless technology advancements and a wide range of applications, and the increase in wireless network users [1] , [2] . Although the total annual Internet traffic was a few exabytes of data fewer than 15 years ago, more than two hundred exabytes have been reached in the last two years. Moreover, by next year, the average Wi-Fi speed is predicted to be 92 Mb/s, up from 30 Mb/s in 2018 [3] , [4] . This evolution has been driven by user demand, which includes higher data rates and broader coverage and bandwidth capabilities in wireless networks. Promising updates for current communication tools are in the making, but the boom in the amount of the data shared by them is making global communication systems a larger and easier target for security attacks [5] , [6] .
Article
Radio frequency fingerprint (RFF) identification distinguishes wireless transmitters by exploiting their hardware imperfection that is inherent in typical radio frequency (RF) front ends. This can reduce the risks for the identities of legitimate devices being copied, or forged, which can also occur in conventional software-based identification systems. This paper analyzes the feasibility of device identification exploiting the unique non-linear memory effect of the transmitter RF chains consisting of matched pulse shaping filters and non-linear power amplifiers (PAs). This unique feature can be extracted from the received distorted constellation diagrams (CDs) with the help of image recognition-based classification algorithms. In order to validate the performance of the proposed RFF approach, experiments are carried out in cabled and over the air (OTA) scenarios. In the cabled experiment, the average classification accuracy among systems of 8 PAs (4 PAs of the same model and the other 4 of different models) is around 92% at signal to noise ratio (SNR) of 10 dB. For the OTA line-of-sight (LOS) scenario, the average classification accuracy is 90% at SNR of 10 dB; for the non-line-of-sight (NLOS) scenario, the average classification accuracy is 79% at SNR of 12 dB.
Article
Full-text available
A novel physical layer authentication scheme is proposed in this paper by exploiting the time-varying carrier frequency offset (CFO) associated with each pair of wireless communications devices. In realistic scenarios, radio frequency oscillators in each transmitter-and-receiver pair always present device-dependent biases to the nominal oscillating frequency. The combination of these biases and mobility-induced Doppler shift, characterized as a time-varying CFO, can be used as a radiometric signature for wireless device authentication. In the proposed authentication scheme, the variable CFO values at different communication times are first estimated. Kalman filtering is then employed to predict the current value by tracking the past CFO variation, which is modeled as an autoregressive random process. To achieve the proposed authentication, the current CFO estimate is compared with the Kalman predicted CFO using hypothesis testing to determine whether the signal has followed a consistent CFO pattern. An adaptive CFO variation threshold is derived for device discrimination according to the signal-to-noise ratio and the Kalman prediction error. In addition, a software-defined radio (SDR) based prototype platform has been developed to validate the feasibility of using CFO for authentication. Simulation results further confirm the effectiveness of the proposed scheme in multipath fading channels.
Article
Full-text available
In multihop wireless networks, selfish nodes do not relay other nodes' packets and make use of the cooperative nodes to relay their packets, which has negative impact on the network fairness and performance. Incentive protocols use credits to stimulate the selfish nodes' cooperation, but the existing protocols usually rely on the heavyweight public-key operations to secure the payment. In this paper, we propose secure cooperation incentive protocol that uses the public-key operations only for the first packet in a series and uses the lightweight hashing operations in the next packets, so that the overhead of the packet series converges to that of the hashing operations. Hash chains and keyed hash values are used to achieve payment nonrepudiation and thwart free riding attacks. Security analysis and performance evaluation demonstrate that the proposed protocol is secure and the overhead is incomparable to the public-key-based incentive protocols because the efficient hashing operations dominate the nodes' operations. Moreover, the average packet overhead is less than those of the public-key-based protocols with very high probability due to truncating the keyed hash values.
Conference Paper
Full-text available
Although conventional cryptographic security mechanisms are essential to the overall problem of securing wireless networks, these techniques do not directly leverage the unique properties of the wireless domain to address security threats. The properties of the wireless medium are a powerful source of domain-specific information that can complement and enhance traditional security mechanisms. In this paper, we propose to utilize the fact that the radio channel decorre-lates rapidly in space, time and frequency in order to to establish new forms of authentication and confidentiality that operate at the physical layer and can be used to facilitate cross-layer security paradigms. Specifically, for authentication services, we illustrate two channel probing techniques that can be used to verify the authenticity of a transmitter. Similarly, for confidentiality, we examine several strategies for establishing shared secrets/keys between two communicators using the wireless medium. These strategies range from extracting keys from channel state information, to utilizing the channel variability to secretly disseminate keys. We then validate the feasibility of using physical layer techniques for securing wireless systems by presenting results from experiments involving the USRP/GNURadio software defined radio platform.
Conference Paper
Full-text available
Wireless sensor network (WSN) is an emerging technology that shows great promise for various futuristic applications both for mass public and military. The sensing technology combined with processing power and wireless communication makes it lucrative for being exploited in abundance in future. The inclusion of wireless communication technology also incurs various types of security threats. The intent of this paper is to investigate the security related issues and challenges in wireless sensor networks. We identify the security threats, review proposed security mechanisms for wireless sensor networks. We also discuss the holistic view of security for ensuring layered and robust security in wireless sensor networks
Article
This paper reports an ultralow-voltage (ULV) energy-harvesting bluetooth low-energy (BLE) transmitter (TX). It features: 1) a fully integrated micropower manager (μPM) to customize the internal supply and bias voltages for both active and sleep modes; 2) a gate-to-source-coupling ULV voltagecontrolled oscillator (VCO) using a high-ratio (5.6:1) stacking transformer to improve the phase noise and output swing; 3) an ULV class-E/F2 power amplifier (PA) with an inside-transformer LC notch to suppress the HD3, and finally 4) an analog type-I phase-locked loop (PLL) with a reduced duty cycle of its masterslave sampling filter (MSSF) to suppress the jitter and reference spur. The TX prototyped in 28-nm CMOS occupies an active area of 0.53 mm 2 and exhibits 25% system efficiency at 0-dBm output at a single 0.2-V supply. Without resorting from any external components, both the output HD 2 (-49.6 dBm) and HD 3 (-47.4 dBm) comply with the BLE standard. The FSK error is 2.84% and the frequency drift in a 425-μs data packet is c5 kHz under open-loop modulation. The use of negative-voltage power gating suppresses the sleep power of the entire TX to 5.2 nW.
Article
We propose a new transmitter architecture for ultra-low power radios in which the most energy-hungry RF circuits operate at a supply just above a threshold voltage of CMOS transistors. An all-digital PLL employs a digitally controlled oscillator with switching current sources to reduce supply voltage and power without sacrificing its startup margin. It also reduces 1/f noise and supply pushing, thus allowing the ADPLL, after settling, to reduce its sampling rate or shut it off entirely during a direct DCO data modulation. The switching power amplifier integrates its matching network while operating in class-E/F2 to maximally enhance its efficiency at low voltage. The transmitter is realized in 28 nm digital CMOS and satisfies all metal density and other manufacturing rules. It consumes 3.6 mW/5.5 mW while delivering 0 dBm/3 dBm RF power in Bluetooth Low-Energy mode.
Article
A CMOS linear power amplifier for wireless local area network IEEE 802.11b/g application is presented. To achieve high linear output power and high efficiency, a large-signal multigated transistor linearization method is proposed with an envelope injection gate bias circuit. A novel inter-stage matching transformer, which functions as a power splitter, is designed to implement this method. It is fabricated with a TSMC 0.13-μm standard RF CMOS process. Measurement shows 19.5-dBm Pout with 24.8% power-added efficiency (PAE) at - 25-dB error vector magnitude with an orthogonal frequency-division multiplexing 64-QAM 54-Mb/s 802.11g signal source and 23.15-dBm Pout with 31.73% PAE with DSSS, CCK, and 11-Mb/s 802.11b signal source without digital pre-distortion.
Article
Security is becoming an everyday concern for a wide range of electronic systems that manipulate, communicate, and store sensitive data. An important and emerging category of such electronic systems are battery-powered mobile appliances, such as personal digital assistants (PDAs) and cell phones, which are severely constrained in the resources they possess, namely, processor, battery, and memory. This work focuses on one important constraint of such devices-battery life-and examines how it is impacted by the use of various security mechanisms. In this paper, we first present a comprehensive analysis of the energy requirements of a wide range of cryptographic algorithms that form the building blocks of security mechanisms such as security protocols. We then study the energy consumption requirements of the most popular transport-layer security protocol: Secure Sockets Layer (SSL). We investigate the impact of various parameters at the protocol level (such as cipher suites, authentication mechanisms, and transaction sizes, etc.) and the cryptographic algorithm level (cipher modes, strength) on the overall energy consumption for secure data transactions. To our knowledge, this is the first comprehensive analysis of the energy requirements of SSL. For our studies, we have developed a measurement-based experimental testbed that consists of an iPAQ PDA connected to a wireless local area network (LAN) and running Linux, a PC-based data acquisition system for real-time current measurement, the OpenSSL implementation of the SSL protocol, and parameterizable SSL client and server test programs. Based on our results, we also discuss various opportunities for realizing energy-efficient implementations of security protocols. We believe such investigations to be an important first step toward addressing the challenges of energy-efficient security for battery-constrained systems.