Physical-Layer Identification of Wireless IoT Nodes Through PUF-Controlled Transmitter Spectral Regrowth

Securing low-power Internet-of-Things (IoT) sensor nodes is a critical challenge for the widespread adoption of IoT technology due to their limited energy, computation, and storage resources. As an alternative to the traditional wireless security solution based on cryptography, there has been growing interest in RF physical-layer security, which promises a lower overhead and energy cost. In this work, we demonstrate energy-efficient physical-layer identification, a.k.a., RF fingerprinting, designed specifically for resource-constrained IoT nodes. To enhance the identification performance beyond prior demonstrations using off-the-shelf radios, we propose a minor modification to the radio frontend by integrating a digital physically unclonable function (PUF). The PUF controls the transmitter (TX) spectral regrowth as the RF fingerprint (RFF), enhancing its uniqueness and identification space beyond solely relying on transistor intrinsic process variations. As a proof of concept, a 2.4-GHz physical-layer identification is implemented in the GlobalFoundries 45-nm CMOS SOI process. It achieves 4.7-dBm output power and 36% efficiency, which are comparable to state-of-the-art low-power 2.4-GHz power amplifiers (PAs). Additionally, it demonstrates significant improvement in RFF reliability, uniqueness, and identification space over prior physical-layer identification demonstrations. The identification rate and security performance of the proposed approach under different attack models are also discussed.


I. INTRODUCTION
I T IS projected that by 2025, ∼75 billion Internet-of-Things (IoT) devices will be deployed for applications, such as wearable electronics, smart homes, and smart cities, all of which involve collecting, communicating, and processing vast amounts of private or critical data.While IoT applications incorporate some familiar, well-resourced devices such as smartphones, they also involve a large number of "lowend" wireless sensor nodes that are easy targets for hackers.The authors are with the Department of Electrical and Computer Engineering, Rice University, Houston, TX 77005 USA (e-mail: peterzhou@rice.edu;yanhe@rice.edu;kyang@rice.edu;taiyun.chi@rice.edu).
Color versions of one or more figures in this article are available at https://doi.org/10.1109/TMTT.2023.3305055.
Digital Object Identifier 10.1109/TMTT.2023.3305055 Securing resource-constrained IoT nodes is widely considered one of the most significant barriers to overcome for large-scale IoT adoption [1].
Traditionally, wireless network security has been entirely protected using public-key-based cryptography [2].However, most IoT nodes lack energy and storage resources required to implement advanced cryptographic algorithms [3].For example, the energy per bit of AES-128 encryption can be 10×-100× larger than that of a typical IoT edge processor, and the ECC authentication can consume even more energy than a typical Bluetooth radio [4].
A common energy-efficient alternative to public-key infrastructures is based on preshared keys [5].To further enable low-cost key generation and storage, physically unclonable functions (PUFs) have been developed over the past two decades, which leverage device physical variabilities as unique secret keys [6], [7].However, pre-shared keys present a critical security challenge-if the secret key is stolen, the integrity of the entire security system is at risk.In addition to common software and firmware attacks that could compromise keys, research also unveils the possibility of side-channel attacks against key storage [8].Even though PUFs feature unclonability and do not store keys directly in the digital domain, the extracted keys are still used in digital cryptography, and thus, still vulnerable to digital cloning attacks by impersonators.
Recently, there has been growing interest in RF physical-layer security [9], [10], [11], [12], [13], [14], [15], which exploits the hardware properties to enhance wireless security with a lower energy cost.Physical-layer security has great potential for carrying out low security-level tasks (such as identification) and complementing digital cryptography for more advanced primitives (such as multi-factor authentication).Leveraging the concept of physical-layer security, in this work, we propose to extend the PUF concept to RF frontends that are actually responsible for wireless communications.Specifically, we aim to demonstrate energy-efficient physicallayer identification, a.k.a., RF fingerprinting, for wireless IoT nodes [16].The key observation behind RF fingerprinting is that physical radio waveforms contain unique RF impairments that are bonded to specific transmitters (TXs).RF impersonation attacks by duplicating such RF impairments often require expensive and high-end hardware, such as high-speed and high-resolution digital-to-analog converters (DACs) [17].This makes RF impersonation attacks much more challenging than digital cloning attacks that traditional digital PUFs are vulnerable to.Additionally, unlike conventional identifications where device IDs are inserted in the header, which can be easily hacked and only checked once per packet, RF fingerprinting enables continuous identification at any moment during communications [18], leading to a tighter bond between the data packet and device (see Fig. 1).
The rest of this article is organized as follows.Section II outlines our key idea of leveraging PUF-controlled spectral regrowth as the RF fingerprint (RFF), which significantly enhances the identification performance beyond prior demonstrations using off-the-shelf radios.Section III presents the design details of the proof-of-concept physical-layer identification chip.Section IV shows the measurement results.Section V discusses the security performance using different security models.Finally, Section VI concludes this article.

II. PUF-CONTROLLED SPECTRAL REGROWTH AS THE RFF
In wireless communication systems, device-dependent RF impairments generated by various building blocks in the TX chain, such as DAC nonlinearity, mixer I-Q mismatch, LO carrier frequency offset (CFO), and power amplifier (PA) nonlinearity, can serve as RFFs.The wireless channel between the TX and RX can also be used as an RFF due to its location-dependent multipath effect and Doppler shift [19].
The performance of physical-layer identification can be benchmarked using three key performance metrics: 1) reliability, which characterizes the fingerprint resilience against different environmental conditions; 2) uniqueness, which indicates the fingerprint probability distribution across all devices in the network; and 3) identification space, which specifies the fingerprint dynamic range.Although there have been prior physical-layer identification demonstrations using off-the-shelf radios such as NI USRP [17], [20], they all suffer from limited identification performance because the physical-layer security aspect of off-the-shelf radios is typically not optimized in the design phase.
In this article, we present two key ideas (see Fig. 2) to enhance the identification performance and enable on-device lightweight RFF feature extraction that is compatible with the capabilities of low-end IoT nodes.
First, we choose to use the TX spectral regrowth as the RFF [see Fig. 2(a)].This is because, while wireless standards typically impose stringent in-band requirements (such as I/Q mismatch and EVM), the specification for spectral regrowth is  relatively relaxed for low-power IoT standards, such as Bluetooth and Zigbee.By leveraging spectral regrowth as the RFF, we ensure a large identification space without compromising the in-band signal quality, as long as the spectrum mask is satisfied.
Second, we propose a minor modification to the RF frontend design by adding a digital PUF [see Fig. 2(b)].Instead of solely relying on native process variations to generate different nonlinearity behaviors for different TX devices, the digital PUF can control the RFF probability distribution in a more predictable manner to enhance fingerprint uniqueness.It also enlarges the RFF dynamic range, enabling us to fully utilize the entire identification space.
In our proposed physical-layer security model (see Fig. 3), the PUF key of the TX Alice serves as the root of trust, which is determined once the chip is fabricated and established during the chip enrollment phase.This PUF key is encoded in the spectral regrowth using a lookup table (LUT), a DAC, and PA's nonlinearity (see Section III-B for details).Alice's spectral regrowth is then digitized and securely stored in a database as the golden key.On the RX side (Bob), both the received in-band signal and spectral regrowth are processed and digitized.Given secure access to the database, Bob can continuously verify Alice's identity by comparing the received spectral regrowth with the golden key.If the verification fails, the current command will be declined, and communication between Alice and Bob will be terminated.It is noteworthy that this security model can be extended to facilitate mutual authentication, where both Alice and Bob can verify each other's identities, as long as Alice has access to Bob's golden spectral regrowth.This mutual authentication adds an

III. PHYSICAL-LAYER IDENTIFICATION CHIP IMPLEMENTATION
To demonstrate the advantages of the proposed PUF-controlled spectral regrowth as the RFF, we implement a proof-of-concept 2.4-GHz physical-layer identification chip [16] in the GlobalFoundries 45-nm CMOS SOI process and use Bluetooth standard as a demonstration vehicle.The chip architecture is shown in Fig. 4. It consists of three major building blocks: a 2.4-GHz low-power PA, a digital security engine, and a spectral regrowth and in-band power (IBP) monitoring circuit.This section presents the implementation details of these three building blocks.

A. 2.4-GHz PA
As shown in Fig. 4, the PA power cell is biased using the multiple gated transistors (MGTRs) technique [21], including a main path and an auxiliary path.The main path is biased through the center tap of the input balun using a fixed biasing voltage (V BM ).The auxiliary-path biasing voltage (V BA ) is generated by the digital PUF followed by a DAC.
Spectral regrowth arises from the transistor nonlinearity, which can be analyzed using the two-tone test, as shown in Fig. 5. Modeling the large-signal transconductance nonlinearity up to the third order (G m3 ) and sending a two-tone input A(cosω 1 t + cosω 2 t) to the PA, the differential output current contains the fundamental contents and two third-order intermodulation (IM3) tones.The simulated transistor G m1 and G m3 of a W/L = 468.16µm/40 nm transistor against the biasing voltage is shown in Fig. 5.It can be seen that G m3 turns from positive to negative when the transistor shifts its operating condition from weak inversion to strong inversion [22].In our design, V BM is biased lower than the transition point, while V BA is biased higher than that.As a result, the combined G m3 is kept small to satisfy the close-in spectrum mask, which is <−26 dBc for power integrated between 1 and 1.5 MHz from the carrier for Bluetooth standard [23].Meanwhile, different devices generate different PUF output strings and the resulting V BA , thus exhibiting different IM3.
We would like to emphasize that although the device intrinsic process variations (such as the V TH variation) can lead to different IM3 for different devices even without using the PUF, the PUF-controlled V BA enables two unique advantages.First, it significantly enlarges the identification space.The simulated histogram of IM3 and fundamental output power variations under a fixed V BA of 220 mV (i.e., without using the PUF) is plotted in Fig. 6, showing a 1σ IM3 variation of only 2.1 dB.Such a small IM3 variation would make RFF classification a challenging task, especially for resource-constrained IoT nodes.On the contrary, when PUF is integrated, the tuning range of PUF-controlled V BA can be designed to be far larger than the intrinsic V TH variation (e.g., 220-320 mV tuning range in this design).As a result, a significantly larger IM3  variation of 14.7 dB is achieved in the simulation.Second, since the RFF variations are dominated by the PUF output, which has a uniform distribution across all the devices, the probability distribution of the RFF can be well-controlled to enhance its uniqueness (see details in Section III-B).In contrast, the distribution of PA intrinsic variations (such as the V TH variation) can be challenging to control in practice.
Given the low biasing voltages for V BM and V BA used in this design, a high PA efficiency is naturally achieved [24].However, one potential concern with this biasing scheme is the substantial second and third harmonic contents at the PA output, which may violate the FCC requirement on harmonic levels.For devices operating in the 2.4-GHz ISM band, FCC requires a harmonic emission of <−41 dBm.Solely relying on the MGTR technique is insufficient to meet this requirement, as the second and third harmonic leakages are found to be −24.3 and −33.1 dBm, respectively, in our simulation.Therefore, we include additional harmonic rejection to the PA output matching network design (see Fig. 7).At the fundamental frequency f 0 , the network realizes the optimum load-pull impedance (60 // 20 nH) for the power cell to achieve high efficiency.The harmonic rejection is achieved by adding low-(or high-) impedance paths to the transformer to reduce the voltage (or current) transformation at the harmonics.Specifically, at 2 f 0 , a harmonic trap is implemented using the capacitor C 2p and the inductor L 2s at the center tap of the primary winding [25].Additionally, a parallel LC resonator at 2 f 0 is added to the secondary winding to prevent 2 f 0 current flowing into the antenna load.At 3 f 0 , C 3 p and two symmetrically embedded branches inside the transformer form a third-harmonic open circuit [26].The two parallel 3 f 0 LC resonators at the secondary winding provide further rejection.Note that the harmonic rejection components only contribute 0.4 dB additional loss in the EM simulation, ensuring minimal degradation to the PA efficiency.The proposed harmonic rejection output network is verified in the testing, achieving <−48.5 dBm for the second harmonic and <−61.5 dBm for the third harmonic at 0 dBm output power.

B. Digital Security Engine
The on-chip digital security engine consists of a PUF, a LUT, and a DAC, as shown in Fig. 8.An 8-bit inverter-chainbased PUF is employed as the entropy source [7].To guarantee the output reproducibility, i.e., zero bit error rate during testing, four independent inverter cells are implemented for each bit, and a self-screening validity detection circuit is designed to find the cell that does not present a single error during the enrollment.The overall power consumption of the digital security engine is 251 µW, with the PUF, LUT, and DAC, consuming 250, 0.2, and 1 µW, respectively.
The PUF design also employs a temporal majority voting (TMV) mechanism [27], implemented using a 5-bit up/down counter to filter out the noise at the PUF output to improve the PUF stability (see Fig. 8).In this technology node, the inverters based on regular threshold voltage transistors (RVTs) suffer from a low voltage gain, as shown in Fig. 9.As a result, a four-stage RVT-inverter-chain-based PUF has a wide distribution, where the PUF output does not always reach rail to rail, making it susceptible to noise.To address this issue, we stack ultrahigh threshold voltage transistors (UVTs) on RVT as an inverter cell (see Fig. 8), which has a much higher gain, and thus a probability distribution that well separates 0 and 1 (see Fig. 9).
To monitor the stability of the PUF output, a 2-D flip-flopbased valid checker is added to produce an "Invalid" signal once the PUF output is unstable, i.e., a particular bit of the PUF output changes from 1 to 0 or 0 to 1 (see Fig. 10).In this case, another PUF cell from the four independent PUF cells within each bit will be selected.An up counter is also added to enable the automatic selection of the stable cell.The possibility that all four PUF cells are unstable is quite small.
Note that the PUF output typically needs to be accessed externally for enrollment and to mask the unstable cells, which may introduce a security hazard.In this design, the PUF output can be distinguished using the spectral regrowth at the PA output, so only the "Invalid" signal is exposed to the chip I/Os, instead of the actual PUF output string.Since the "Invalid" signal does not contain any secret information, overall enhanced security can be achieved.
The probability distribution of the spectral regrowth at the PA output is determined by the probability density function (pdf) of the PUF and the transfer function between the spectral regrowth and PUF output string.We integrate the TX spectral regrowth over a narrow frequency window as out-of-band leakage power (OOBLP), in which the power spectral density (PSD) presents the most significant variations across all the devices.The raw PUF output pdf is uniform; however, the transfer function between OOBLP and V BA is nonlinear [28], resulting in an excessively high probability when OOBLP is low (see Fig. 11).To alleviate this problem, a LUT is inserted between the PUF and DAC to predistort the probability distribution of the PUF output.Combining the OOBLP-V BA Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.transfer function and LUT weighting, this scheme can realize a uniform distribution for OOBLP and minimizes the chance that two devices present similar RFF, achieving the best fingerprint uniqueness.

C. Spectral Regrowth and IBP Monitoring Circuit
In practical deployment, a spectral regrowth monitoring circuit is needed at the RX to extract the RFF.Instead of designing the entire RX chain, here, we implement the spectral regrowth monitoring circuit at the TX output through a capacitive coupler [29] to simplify the design and testing [see Fig. 12(a)].It consists of a power detector (PD) to measure the IBP and a down-conversion mixer followed by a low-pass filter (LPF) to monitor the spectral regrowth.The PD is verified through testing-its measured output voltage increases monotonically with the PA output power, as shown in Fig. 12(a).
For the down-conversion chain, its linearity requires special attention since the strong in-band signal and weak spectral regrowth are both down-converted to the IF.Specifically, the IM3 generated by the down-conversion chain has to be much smaller than the amplified PA output IM3 [see Fig. 12(b)], as where A Fund. and A IM3 are the amplitudes of the fundamental and IM3 tones at the down-conversion chain input, respectively, α 1 is the gain of the down-conversion chain, and α 3 is the third-order nonlinearity coefficient.
Given that A IM3 can be 31 dB lower than A Fund. in the simulation, the desired A IIP3 of the down-conversion chain can To satisfy this linearity requirement, we optimize the mixer biasing voltage such that the mixer output IM3 components are minimized, as shown in Fig. 12(c).The simulated A IIP3 of the down-conversion chain is 1.19 V.In this case, only 0.67 mV of IM3 is generated by the down-conversion chain, which is negligible compared to the amplified PA IM3 of 9.66 mV.
The differential mixer output is converted to single-ended through an instrumentation amplifier, followed by an LPF with a cut-off frequency f c = 6 MHz.The LPF output can be readily sampled by an off-the-shelf ADC.

IV. MEASUREMENT RESULTS
The physical-layer identification chip is wire-bonded to a PCB for testing.A chip micrograph is shown in Fig. 13.The chip input signal is generated by an arbitrary waveform generator (AWG), and the output is monitored using a spectrum analyzer (SA).This section presents the measured PUF-controlled spectral regrowth and its RFF performance.

A. Spectral Regrowth Evaluation
We first disable the on-chip PUF and feed V BA off-chip.To characterize the PA nonlinearity against V BA , a two-tone signal at 2.5 GHz ± 1 MHz is sent to the chip input.For PA chip #1, changing V BA from 220 to 320 mV introduces a 14.1 dB IM3 variation and a 1.6 dB fundamental power variation at the PA output [see Fig. 14(a)].Tested under 18 chips, a consistent IM3 variation of >13.4 dB and a consistent fundamental power variation of <1.6 dB are achieved, as shown in Fig. 14(b).The measured IM3 and fundamental power variations agree well with our simulations.Moreover,   it demonstrates that using spectral regrowth as the RFF allows for a significantly larger identification space compared to the in-band signal.
Next, the PA input is fed with a 2-Mb/s π/4-DQPSK signal, the same modulation used in the Bluetooth-enhanced data rate (EDR) mode.When V BA is changed from 220 to 320 mV, integrating the spectral regrowth from 1.2 to 1.3 MHz away from the carrier introduces an 11.9 dB OOBLP variation at the PA output, as shown in Fig. 15(a).Given the small modulation bandwidth, the lower sideband and higher sidebands of the spectrum closely resemble each other, so we only use the Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.lower sideband for the OOBLP calculation.As a comparison, the IBP varies by only 1.4 dB, and the measured EVM only ranges from 2.8% to 4.7% [see Fig. 15(a)].The measured OOBLP variation and IBP difference at the down-converted IF output are consistent with the PA output when adjusting V BA , demonstrating the effectiveness of the built-in spectral regrowth monitoring circuit.Again, 18 chips are measured during the modulation testing.A consistent OOBLP variation of >11.5 dB and a consistent IBP variation of <1.5 dB are achieved.Since the measured spectrum with V BA = 320 mV is on the borderline of the spectrum mask, to avoid potential violations and leave an additional 1 dB margin, we can slightly reduce the V BA tuning range by setting the maximum V BA to 310 mV.
Finally, we turn on the digital security engine to directly bias V BA on-chip.The ideal situation would be to measure the OOBLP across a large number of physical devices, which can be quite challenging for lab testing.With the help of our PUF design that utilizes four independent inverter cells for each bit, we are able to select different cells, and in turn, generate different PUF output strings to create multiple virtual devices on one chip.In the testing, 16 PUF output strings are generated per chip, and the OOBLP of 16 × 18 = 288 virtual devices are collected.The histogram of the measured OOBLP is shown in Fig. 16, presenting a close-to-uniform distribution.This validates the proposed PUF and LUT engineering scheme to control the probability distribution of the RFF (see Fig. 11).

B. Characterization of Measurement Uncertainty, Reliability, and Uniqueness of RFF
To further evaluate the reliability and uniqueness of the spectral regrowth as the RFF, we perform a study on the intra-and inter-device RFF variations.Intra-device variation characterizes the RFF reliability under varying environmental conditions; inter-device variation measures the RFF probability distribution across all the devices.Their definitions are adopted from the intra-and inter-Hamming distances, which are widely used as benchmarks for digital PUFs [7].
1) Measurement Uncertainty: Before delving into intra-and inter-device variations, we first investigate the RFF measurement uncertainty against the video bandwidth (VBW) of the SA.A large VBW can introduce measurement errors, causing the OOBLP reading to vary across different measurements even under the same environmental condition.To quantify this uncertainty, we connect the PA output directly to the SA and then measure the OOBLP under different VBWs, as shown in Fig. 17(a).Each histogram plot represents the summary of 1000 independent measurements.As can be seen, a smaller VBW results in a smaller standard deviation of the measured OOBLP, due to more stable reading from the SA.With a VBW of 10 Hz, the 1σ variation is 0.6%.A similar standard deviation is obtained at other V BA values using the same 10-Hz VBW, as shown in Fig. 17(b).False identification can happen in practice due to measurement uncertainty, which becomes more significant as the number of devices N TX increases.With the measured histogram at different V BA , we benchmark the identification rate against N TX in Fig. 18.Ideally, for N TX devices, their RFF values should be uniformly distributed from RFF min to RFF max .Without losing generality, we assume the ideal RFF of the ith device to be We can then define the threshold to distinguish between the ith and i + 1th devices, as The measured RFF of an unknown device under test (DUT) is compared with the Threshold i,i+1 ∀i ∈ 1, 2, . .., N TX − 1, based on which its device ID is determined.A successful identification is achieved if the determined ID matches its actual ID; otherwise, it is considered a false identification.As shown in Fig. 18, based on a single-shot measurement, a >95% identification rate can be realized when N TX is <67.
Note that the identification rate can be improved by using the average OOBLP reading since the measurement uncertainty is reduced by averaging (see Fig. 18).For example, with an average of 100, the maximum N TX can be identified with a 95% identification rate increases to 612.Here, we utilize timemoving averages, which can be realized using a digital FIR LPF with low hardware overhead.
2) Intra-Device Variation: To decouple the intra-device variation from the measurement uncertainty introduced by the SA, 10 Hz VBW and an average of over 1000 measurements are used for data collection.To characterize intra-device variations against the distance between the TX and RX, we perform over-the-air measurements in a lab environment, where we fix the TX location and move the RX.Additionally, to characterize intra-device variations against the temperature and supply voltage, we place the PA sample in a temperature chamber with its output directly connected to the SA.
The power difference between OOBLP and IBP is recorded under different TX-RX distances, temperatures, and supply voltages, each measured with multiple V BA settings, as shown in Fig. 19.As IBP varies due to environmental changes, we use the power difference between OOBLP and IBP as the RFF and plug into (3) and ( 4) for the identification rate calculation.The measured RFF variation is less than 1 dB across different environmental conditions, demonstrating the robustness of the RFF.Temperature-and supply-independent biasing techniques can be potentially incorporated into the PA design to further improve the RFF reliability.The identification rate is calculated again under measured distance, temperature, and supply voltage variations.As shown in Fig. 20, a >95% identification rate can be realized for N TX < 67 with an average of 100.
3) Inter-Device Variation: The inter-device variation is a metric that measures the uniqueness of the RFF, i.e., how distinct the RFF is when compared to those of other devices.Since we only have 18 packaged physical devices, it is necessary to synthesize a large number of virtual devices to arrive at statistically meaningful conclusions.Since our prior work using a similar PUF cell design [30] has demonstrated a close-to-ideal uniform distribution, here, we assume the PUF output can generate 64 equally spaced biasing voltages from 220 to 320 mV as 64 virtual devices for each chip.Then, we measure the OOBLP for all 64 biasing voltages programmed by an external power supply across 18 chips to synthesize an overall 64 × 18 = 1152 virtual devices.The V TH  variation of each chip is calibrated in this testing such that the PUF dominates the OOBLP distribution.This calibration is done by tuning the DAC programming range.The OOBLP histogram of all virtual devices, as shown in Fig. 21 presents a close-to-ideal uniform distribution, demonstrating the unique benefit of controlling the RFF distribution using an on-chip PUF.

C. PA Performance Benchmark
While the major focus of this work is to demonstrate physical-layer identification, we would like to emphasize that adding such a capability incurs minimal design, size, and performance overhead on the transceiver frontends.As shown in the performance comparison table (see Table I), this design achieves output power, efficiency, and linearity that are comparable to those of state-of-the-art Bluetooth PAs [31], [32].

V. DISCUSSIONS ON THE SECURITY PERFORMANCE A. Adversarial Model
Here, we consider an adversary who aims to falsely authenticate itself as a legitimate device, thereby compromising the authenticity of the communication.We assume that the adversary can passively eavesdrop, arbitrarily generate in-band data and manipulate the transmitted spectral regrowth within the capabilities of off-the-shelf equipment.Our adversarial model covers a wide range of such equipment, from lowcost software-defined radios (SDRs) such as NI USRP to powerful benchtop high-speed DACs such as AWGs, which are common instruments for RF impersonation attacks [33].Note that the state-of-the-art Keysight AWG M8190A has an effective number of bits (ENOB) of only 8 at the Nyquist frequency of ∼5 GHz, corresponding to 50 dB SNR.Given that the PSD of the OOBLP can be ∼35 dB lower than that of the in-band signal, the SNR for the OOBLP is only ∼15 dB, which is insufficient to accurately reproduce all the OOBLP levels for identifying up to 612 devices (see Fig. 18).Attacks using custom-developed sophisticated hardware and software exceed the security level of our proposed protocol and are beyond the scope of this research.

B. Attacks and Defenses
We demonstrate the effectiveness of our security model by analyzing the resistance against the following attacks: 1) Replay attack [34]; 2) Modification attack; 3) Denial of sleep (DoSL) attack [35]; and 4) Man-in-the-middle (MitM) attack [36].These attacks are known to be effective against Bluetooth devices.We assume these attacks are performed within the adversarial capability defined in Section V-A.
1) Replay Attack: As shown in Fig. 22(a), the adversary Eve records Alice's waveform and then impersonates Alice by replaying the prerecorded waveform.Since Eve cannot accurately control its OOBLP, Bob will be able to detect the incorrect leakage power and reject the communication.
2) Modification Attack: In the Modification attack [see Fig. 22(b)], Eve records Alice's waveform and then modifies the message without changing identification signatures when retransmitting the signal to Bob.Compared with the Replay attack, the Modification attack is more demanding for Eve to implement, but the damage it can cause is more severe.Despite its effort to preserve the original identification signatures, its incorrect OOBLP will still be detected by Bob, and therefore its attack will be rejected.
3) DoSL Attack: DoSL attack aims at exhausting Bob's battery by frequently inducing unnecessary energy-consuming duties [see Fig. 22(c)], i.e., decoding messages, transmission, etc.It is a popular form of denial of service (DoS) attack that most IoT devices are vulnerable against, as it is challenging to detect abnormal uses of high energy-consuming tasks.DoSL can be easily thwarted by the proposed security model because: 1) all commands sent by Eve, either using replay or modification attack, will be rejected and 2) it is a lot less power-consuming to perform the proposed physical-layer identification than traditional public-cryptography-based authentication.Therefore minimal energy is wasted by an illegitimate attacker.4) MitM Attack: MitM attacks the authenticity of the communication, as shown in Fig. 22(d).The attacker aims to control the back-and-forth communications between Alice and Bob.Relay attack is the most prevalent form of MitM in Bluetooth devices.When Alice and Bob are located further than the allowed communication distance, Eve can place two TXs that are close to Alice and Bob, respectively, and relay the communications between them.Relay attack has been used to hack many Bluetooth-enabled devices, most infamously keyless vehicles [37].Based on previous discussions, a successful MitM attack is not possible when the attacker's capabilities are constrained within our adversarial model, as MitM relies on fundamental attack techniques such as Replay and Modification attacks.

VI. CONCLUSION
In this article, we present a new approach to realizing physical-layer identification of resource-constrained IoT nodes.Compared to existing demonstrations using off-theshelf radios, we propose a slight modification to the TX frontend design by integrating a digital PUF.The digital PUF allows us to control the RFF probability distribution in a predictable fashion to enhance the RFF uniqueness.It also enlarges the RFF dynamic range so we can take full use of the entire identification space.A 2.4-GHz physical-layer identification chip is implemented in the GlobalFoundries 45-nm CMOS SOI process.In addition to achieving competitive PA performance, it demonstrates significant improvements in the identification performance in terms of RFF reliability, uniqueness, and identification space compared to prior demonstrations.Our results highlight the potential of PUF-controlled RF impairments as an effective RFF for IoT nodes.

Manuscript received 23
March 2023; revised 10 June 2023 and 24 July 2023; accepted 28 July 2023.Date of publication 24 August 2023; date of current version 7 February 2024.This work was supported in part by the Semiconductor Research Corporation (SRC) under Task HWS 2990.001.(Qiang Zhou and Yan He contributed equally to this work.)(Corresponding authors: Qiang Zhou; Taiyun Chi.)

Fig. 1 .
Fig. 1.Different from conventional identification methods where device IDs are inserted in the header, physical-layer identification enables continuous identification at any moment during communications.

Fig. 2 .
Fig. 2. (a) Leveraging TX spectral regrowth as the RFF for identification.(b) On-chip digital PUF enables control of the RFF probability distribution and enlarges the identification space beyond native process variations.

Fig. 3 .
Fig. 3. Security model of the proposed physical-layer identification scheme.

Fig. 5 .
Fig.5.PA power cell adopts the MGTR technique, including a main path biased using V BM and an auxiliary path biased using V BA .Different devices generate unique PUF output strings and corresponding V BA , resulting in different IM3.additional layer of security to the communication between Alice and Bob.

Fig. 6 .
Fig. 6.Simulated histogram of IM3 and fundamental power introduced by the PA intrinsic V TH variation without PUF.

Fig. 10 .
Fig. 10.Schematic of the validity detection circuit and its timing diagram.

Fig. 11 .
Fig. 11.Probability distribution of the OOBLP with and without the LUT.A uniform distribution is achieved for the OOBLP using the proposed PUF engineering scheme.

Fig. 12 .
Fig. 12.(a) Schematic of the spectral regrowth and IBP monitoring circuit, and the measured power detector output voltage and system efficiency versus the IBP.(b) IM3 components generated by the down-conversion chain need to be minimized.(c) Simulated mixer conversion gain versus its biasing voltage.

Fig. 14 .
Fig. 14.(a) Measured PA output spectra under the two-tone test.(b) Summary of fundamental power and IM3 variations of 18 chips when PUF is disabled.

Fig. 17 .
Fig. 17.(a) Measurement uncertainty against different VBWs under a fixed V BA of 230 mV.(b) Measurement uncertainty for different biasing voltages with VBW = 10 Hz.

Fig. 18 .
Fig. 18.Identification rate against the number of devices N TX under different averages with VBW = 10 Hz.

Fig. 19 .
Fig. 19.Measured power difference between OOBLP and IBP under (a) distance, (b) temperature, and (c) supply voltage variations, and nine detailed histograms under different environmental conditions with V BA = 230 mV.

Fig. 20 .
Fig. 20.Identification rate against the number of devices N TX under distance, temperature, and supply voltage variations.

TABLE I COMPARISON
WITH 2.4 GHZ LOW-POWER PA