*Article* **Secure Modern Wireless Communication Network Based on Blockchain Technology**

**Radha Raman Chandan 1, Awatef Balobaid 2, Naga Lakshmi Sowjanya Cherukupalli 3, Gururaj H L 4,\*, Francesco Flammini 5,\* and Rajesh Natarajan <sup>6</sup>**


**Abstract:** Sixth-generation (6G) wireless networking studies have begun with the global implementation of fifth-generation (5G) wireless systems. It is predicted that multiple heterogeneity applications and facilities may be supported by modern wireless communication networks (MWCNs) with improved effectiveness and protection. Nevertheless, a variety of trust-related problems that are commonly disregarded in network architectures prevent us from achieving this objective. In the current world, MWCN transmits a lot of sensitive information. It is essential to protect MWCN users from harmful attacks and offer them a secure transmission to meet their requirements. A malicious node causes a major attack on reliable data during transmission. Blockchain offers a potential answer for confidentiality and safety as an innovative transformative tool that has emerged in the last few years. Blockchain has been extensively investigated in several domains, including mobile networks and the Internet of Things, as a feasible option for system protection. Therefore, a blockchain-based modal, Transaction Verification Denied conflict with spurious node (TVDCSN) methodology, was presented in this study for wireless communication technologies to detect malicious nodes and prevent attacks. In the suggested mode, malicious nodes will be found and removed from the MWCN and intrusion will be prevented before the sensitive information is transferred to the precise recipient. Detection accuracy, attack prevention, security, network overhead, and computation time are the performance metrics used for evaluation. Various performance measures are used to assess the method's efficacy, and it is compared with more traditional methods.

**Keywords:** blockchain; wireless communication network; malicious node; security protocol; intrusion detection

### **1. Introduction**

Over the last several years, the need for contemporary wireless communication networks has increased tremendously. The global deployment of 5G technologies, which has many more capabilities than 4G communications, is approaching. Between 2027 and 2030, the 6G technology, modern wireless communication network architecture with significant AI capability, is anticipated to be introduced into operation. There is an enormous amount of communication as a result of the quick growth of many developing technologies, including artificial intelligence (AI), virtual reality (VR), three-dimensional (3D) media, and the Internet of Everything (IoE). This demonstrates the value of enhancing interaction processes. A civilization with completely autonomous distant administration technologies

**Citation:** Chandan, R.R.; Balobaid, A.; Cherukupalli, N.L.S.; H L, G.; Flammini, F.; Natarajan, R. Secure Modern Wireless Communication Network Based on Blockchain Technology. *Electronics* **2023**, *12*, 1095. https://doi.org/10.3390/ electronics12051095

Academic Editors: Tao Huang, Shihao Yan, Guanglin Zhang, Li Sun, Tsz Hon Yuen, YoHan Park and Changhoon Lee

Received: 24 January 2023 Revised: 19 February 2023 Accepted: 21 February 2023 Published: 22 February 2023

**Copyright:** © 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).

is what they are moving toward. MWCN systems are gaining popularity in every aspect of life, including business, medicine, transportation, and space exploration [1]. The following list summarizes MWCN's salient features: An ultra-high-density network is needed to support 5 Gigabyte networking deployments, huge connection, and consistent quality. Small-cell networking has been identified as a key component of MWCN systems, specifically the idea of highly dense small channels. Sensor nodes tend to be placed much closer together in tiny channel networks than they are in other types of ad hoc networks. As a consequence of this, there is often a rather high amount of correlation and redundancy in the data that is perceived by several nodes. This system is also anticipated to ensure the effective utilization of cutting-edge encryption and modulating algorithms, as well as a novel waveform architecture. They will need less expensive network hardware, less expensive deployments, and improved power-saving features in both the networking and consumer device sectors. Almost 80% of mobile congestion is produced indoors. This amount of data can be transferred to indoor densely small cells, freeing up costly and important microcell capabilities. Only a few milliseconds or less will separate the beginning and the completion of the transaction [1].

Wireless signals transfer data at the speed of light in the universe using electromagnetic radiation as transport, which significantly aids in the advancement and growth of the community. At the current time, MWCN's data security problems have drawn a lot of attention as depicted in Figure 1. Anybody within the signal-covering region can eavesdrop on or assault the signal at the physiological layer due to the indigenous "genomic" faults of electromagnetic fields that are exposed by the free transmission of wireless communications. However, current security measures are mostly based on the cryptography method utilized in conventional wired communication and are created to a greater extent, making them unable to effectively address security concerns brought on by the accessibility of communication networks [2]. Blockchain innovation has the prospects to substantially improve the safety of physician and Medicare data technologies that cope with data like patient digital wellness data, medical assent, pharmacy supply chains, blockchain-based remote monitoring records, information for investment businesses, and other confidential material related to scientific experiments. The implementation of blockchain technology can increase medical data transfer efficiency, accessibility, security, and accountability. Blockchain technologies, coupled with artificial intelligence (AI) and machine learning, are about to change the medical industry. The distributed design of blockchain technology is being combined with memory innovation to guarantee the confidentiality of the information for the investors utilizing the public ledger method [3]. Various attack types have occurred during communication between nodes, whether it is within transmission range or beyond the spectrum (i.e., an insider threat or an outcast target). As a result, there are security concerns with forwarding, including data gathering, route maintenance, information propagation, etc. [4]. An unauthorized action or behavior that damages the wireless environment is referred to as an intrusion. In other terms, an intrusion is defined as an attack that compromises the privacy, authenticity, or accessibility of data in any way. Safety threats to the MWCN frequently come from both the inner and outside of the network, where legitimate network nodes can become corrupted and occasionally made to behave maliciously. The timely identification, containment, and elimination of rogue nodes inside a network are other crucial security threats. Addressing security-related challenges has drawn a lot of interest and had a significant influence on MWCN's architecture and evolution patterns [5]. Therefore, we suggested using blockchain-based technologies to safeguard MWCN by detecting malicious nodes and preventing attacks in wireless transmission.

This article is organized as follows: Section 1 describes the introduction, Section 2 examines similar works, Section 3 describes the suggested method, Section 4 presents the results and discussion, and Section 5 provides the conclusion.

**Figure 1.** Features of MWCN.

### **2. Survey of the Literature**

The Wireless Multimedia Sensor Network (WNSM) has become more popular among many groups as a result of technical developments in sensors and contemporary gadgets. A network being targeted by many attackers is known as a dispersed assault. Compared to assaults involving a single node, this form of attack greatly worsens network functioning difficulties. An improved machine learning method must be offered to protect the network from the dangers of DoS assaults. An improved Deep Neural Network technique is suggested for WMSN attack detection [6]. A wireless network uses self-organizing modules that are distributed randomly and have a tiny battery capacity to observe the area and allow real activities. Public access is maintained through wireless communication, which encourages a rise in harmful activity inside the network. The majority of network attacks are black hole attacks. In this study, they proposed the Hybrid Deep Learning Prediction (HDLP) framework in the wireless network to maximize battery life and networking reliability [7].

The implementation of fifth-generation (5G) wireless communication technologies was effectively publicized by Non-Orthogonal Multiple Access (NOMA), which is currently regarded as a key innovation in 5G networking. In this study, they created a NOMA model and used a dropping assault to recover a database from the system. Following the use of ML techniques, the retrieved data's detection accuracy for dropping assaults was 95.7%. Additionally, relying on the use of various ML and DL approaches, this study proposes a process for wireless cyber threat identification in 5G technologies [8]. This is the age of smart cognitive radio network innovation, which allows for the effective use of the bandwidth that is now accessible. The goal of cognitive radio innovation should be interference-free frequency availability for consumers. The study addresses various assaults and their causes. The relevance of the authentication system in preventing attacks and ensuring easy frequency use is shown. In this study, the mechanisms and requirements for authentication are examined along with ways to address the safety problems in cognitive networks. The scientific issues surrounding the cognitive radio network's privacy and potential solutions are discussed in this study [9].

Sensors in wireless communication are vulnerable to a variety of security risks. Wireless communication is susceptible to denial-of-service assaults because of these sensors. One of these is a wormhole assault, which alters the network's distribution pathways by using a low-latency connection between two rogue sensor nodes. This assault is harsh because it defies several security techniques and is difficult to detect inside the system. The identification and prevention of wormhole attacks in wireless sensor connectivity is the focus of a thorough assessment of the research in this study [10]. Wireless Sensor Networks (WSNs) are vulnerable to several rogue nodes as a significant information-transmitting technology. Due to the inadequacy of the current malicious node identification approaches in wireless sensor communications, this research suggested an improved lower energies adaptable clustered hierarch (Enhanced LEACH) routing protocol for harmful node identification based on reputation. A unique method aims to detect rogue nodes in the WSN [11].

The information must be kept secure since it is sent through a wireless channel. The method used in this research helps to ensure that data is safely sent from the origin node to the ground station. This paper proposed a lightweight Bloom filter solution for information transport and packet loss detection in intermediate nodes. They used source data to help them find any malicious packet-discarding nodes and relied on attribution encryption and decryption methods for the model. In this, the data might be discarded while being transmitted [12]. Nodes are vulnerable to several risks as a result of their transparency, among them being deceptive suggestion attacks that provide misleading trust levels that benefit the perpetrator. The artificial bee colony algorithm (ABC) and a fuzzy trust model (FTM-ABC) are utilized in this study to propose a method for identifying malicious nodes. The fuzzy trust model (FTM) is introduced to calculate indirect trust, and the ABC technique is utilized to enhance the trust model to detect false-positive suggestion attacks [13]. In the Malicious Nodes Detection (MND) stage, the Improved Deep Convolutional Neural Network (IDCNN) locates the MN and separates those into the malicious listed box. The Extended K-Means (EKM) method groups the Trusted Nodes (TN) in the energy-efficient stage, and the t-Distribution based Satin Bowerbird Optimization (t-DSBO) method chooses a unique cluster head for every cluster centered on the remaining power of those networks [14].

Malicious assaults (such as wormhole and blackhole assaults) have become a severe problem in wireless transmission in the latest days. Wormhole and blackhole attacks use up more computer resources, network activity, and power. In this study, a brand-new Crosslayer-based Hidden Marko model (C-HMM) is suggested to identify and isolate blackhole and wormhole assaults in wireless ad hoc networks with high efficiency and low transmission costs [14]. The development of wireless communication has only been beneficial to people. In these, data is exchanged between the nodes via the wireless connection at an extremely fast pace. However, one difficulty associated with communication is maintaining confidentiality. They must guarantee that the information packets are transferred privately to the recipient without being accessed by a third party. We provide a technique that uses a node's spatial data attribute to estimate received signal strength (RSS), which is the primary variable for visualizing aggressor nodes in the system and removing the assailant nodes by using clustering methods using a radar grid [15]. This study presents a mechanism for identifying malicious nodes that will make wireless sensor networks much more trustworthy and secure, called density-based spatial clustering of applications with noise (DBSCAN). The major objective of this approach is to design a routing strategy that can detect malicious nodes, has a stronger consistency over time, and has a longer network lifespan. Densitybased clustering is a popular and often-used method in many domains. The DBSCAN is a highly popular and effective density-based clustering method that can find clusters of any kind. However, it was unable to identify every node in a network [16]. Numerous drawbacks in the above system, such as low detection accuracy, more energy consumption, and attack prevention, are not effective in wireless communication. Ref. [17] discussed cutting-edge multi-tier authentication techniques that have been presented over the years from 2011 to 2018, their flaws and security concerns, and eventually their solutions for fog computing environments. We compared the various multi-tier authentication solutions based on three criteria: deployment costs, security, and usability. Ref. [18] addressed the multi-stakeholder problem in a fog-enabled cloud. This study proposes a Privacy-Aware Log-preservation Architecture in Fog (PLAF), a comprehensive and automated architecture for proactive forensics in the Internet of Things (IoT). It takes into account the preservation of distributed edge node logs while also being security- and privacy-aware. As previously said, we have created a test bed to implement the specification by combining numerous cutting-edge technologies in one location.

### *Problem Statement*

Modern wireless communication networks (MWCN) serve as a crucial means of information transmission. Because everyone inside a wireless network's service region can seek to penetrate the system, wireless networks have insufficient privacy protection. Destructive cyber-attacks have been recorded regularly at locations with accessible, connected networks, and it has been noted that these locations are most susceptible to a total hack of the smartphone or computer data. They might be attacked by several malicious nodes. It is important to eliminate these MWCN inefficiencies. This research presented a blockchain-based mode, Transaction Verification Denied conflict with spurious node (TVDCSN) technique, in light of the ineffectiveness of the conventional malicious node identification and attack prevention approaches in wireless communication networks.

### **3. Research Method**

Contemporary technologies have advanced technologically, which has increased interest in the MWCN among diverse populations. Although, because of its wide connectivity it faces several security dangers, one of the main problems for network administrators is authenticating communications in MWCN. Each network layer may be the target of several threats. Even though it would be ideal to provide MWCN with enhanced security measures that can identify network intruders and suggest such remedies, we presented the Transaction Verification Denied conflict with a spurious node to provide secure transmission of sensitive information.

### *3.1. Dataset*

Healthcare documents, social media data, and sensor data make up the suggested system's database. Wearable biological and cognitive sensors are used to retrieve the patient's sensory data. People with hyperglycemia and high blood pressure have many variables detected using devices and smart devices. The majority of the signs of diabetes, high blood pressure, and other disorders are covered by the sensed variables. Additional data are also taken out of the person's body. Hospital documents provide information on the therapies that individuals with hypertension and high blood pressure received. They gather patients' health history, which details their health information (including procedures, blood tests, and medication use). This includes the whole patient file in a digital file. This also includes various health information about the patient's condition, including results from testing, responses to questions about one's well-being, and drugs used. A patient's medical state may be evaluated using lab test results from healthcare equipment in the perspective of standards [19].

The content of patients is retrieved from hospital social networking platforms as the initial step of the proposed solution. Nevertheless, further effort is required for this activity, and its success is entirely dependent on the privacy settings of social networking sites.

The application programming interfaces (APIs) of certain social networks are hidden from public view. In a circumstance such as this one, specialized software, such as wrappers, can be utilized to retrieve information (for example, patient posts) [20]. People with diabetes and high blood pressure typically maintain regular contact with their physicians; however, patients with these conditions also require assistance, information, and abilities to personally monitor their healthcare situation. In addition, if patients do not receive useful information from their doctors, social media may be able to perform an important role in satisfying their requirements. As a result, patients can make use of chances provided by social networking platforms such as Facebook and Twitter to acquire sufficient knowledge regarding diabetes and BP and to interact with people who have similar health problems and have had comparable experiences. Patients and medical professionals alike can benefit from the platform that social networks offer for the exchange of information regarding diabetes therapies. To improve patient care and knowledge, we collect data from social media, such as drug reviews and emotional posts made by patients. This allows us to

predict the patients' levels of stress and depression, identify the side effects of diabetes medications on diet and lifestyle, and improve patient care.

The data that make up the system that is being suggested include medical records, sensing data, and data from social networking sites. However, due to its inconsistencies, missing information, noise, multiple formats, vast size, and high complexity, real-world big data is notoriously difficult to work with. The results produced by low-quality and noisy data are also of low quality. The phase of preprocessing the data is performed before the processing itself, which both enhances the overall quality of the processing and reduces the amount of time it takes. The pre-analysis of sensor data, preprocessing and filtering of sensor data, preprocessing of medical records, and preparation of sensor data are all components of our system.

### *3.2. Transaction Verification Denied Conflict with Spurious Node (TVDCSN)*

Every node in the suggested technique must only utilize the data that is readily accessible to it, without depending on a centrally or localized trustworthy source. This method examines the validity of the WELCOME information rather than constantly verifying it by searching for inconsistencies between the information and the known architecture. This allows for single *MPR* nominations as long as there are no inconsistencies. An *MPR* may be chosen for any two-hop residents for whom it is the only access point, despite any inconsistencies. However, it cannot be proposed as the exclusive *MPR* for two-hop neighbors that are accessible by other routes.

The notations utilized in the technique are as follows:

*N* denotes the group of all nodes in the network; the victim and attacking nodes are denoted by *v*, a; *Sy* is a spurious node that y promotes; the collection of all *v*'s 1-hop neighbors is represented by *HN*(*v*) ⊂ *N*; *HN*2 (*v*) ⊂ *HN* (*v*) is the collection of all the *v*'s two-hop neighbors; the collection of one-hop nodes of v that designated *v* as their MPR is known as *MPR* (*v*) ⊆ *adi* (*v*); and the collection of one-hop nodes chosen by *v* to serve as *MPR*s is denoted by *MPR* (*v*) ⊆ *HN* (*v*).

### 3.2.1. Conflict Rules

We outline the conditions that should be achieved for a node to recognize the sender of a WELCOME text. Take into account *HN* (*v*) = b, c, *x* and *NH2* (*v*) = d, e. Depending on the protocol, *v* must choose *MPR* (*v*) = b, c to encompass *HN2* (*v*). Assuming that x wants to isolate victim *v*, *y* sends a false Welcome text with the following contents: *HN* (x) = *v*, d, e, *Sy*. The Laws are:


**Figure 2.** Detecting conflicts.

#### **Algorithm 1: Testing criterion**

Testing–criterion (*TM*, *H*, *X*, *V*) *U* ← Φ For each *rTM do* If r.last *HN*(*y*) *do U* ← *U Z* {*r*, *dest*} If r.dest *HN*(*x*) *do U* ← *U Z* {*r*, *last*} For each *u U do* If *u U* ∩ *HN*(*v*) *do U* ← *U* − {*u*} For each *m MPR* (*x*) *do* For each *UU do* If {*m*, *y*} *TC such that z is encompassed by m do U* ← *U* − {*u*} *if U* ← Φ *do* Consider *y* as a malicious node Else Consider *y* as a trustworthy *MPR*

Using a spurious node, this looks for discrepancies between a WELCOME signal and the system architecture as it is known from previous WELCOME and *TM* messages. However, make sure to double-check each node that the WELCOME message mentions. There are situations in which a node isolation assault is still possible. Think about Figure 3, where y falsely claims that *HN*(*y*) = *v*, f, e, and g. *MPR* (*y*) = "f, h" and *HN2*(*x*) = "a, b, e, j, l". There are no contradictions that v can find because y does not assert that it is aware of any node in *HN*(*v*) except itself (rule No. 1). a, b, e, j, and l are the *MPR*s that were chosen by *y* to access all of *HN2*(*y*). Since d is previously approachable by f (rule No. 2) and *y* does not claim to be aware of all of *HN* (*v*), in particular b, it is predicted that *x* would not designate c as one of its *MPR*s (rule No. 3).

Regrettably, if each node in the system declared an extra fake node, all nodes would be recognized as *MPR*s as a result of their false advertisements, and the network would return to Link-State Forwarding. As a result, a technique for restricting false messages must be developed that finds a balance between the requirement to minimize node usage and preserving the network against separation assault.

**Figure 3.** Node attack with no conflicts.

To avoid nodes in the networking from informing the others of misleading data about their connection, we built up a method enabling each node to determine if an attack may be launched via itself. If such a falsehood is feasible, the node creates a spurious node and connects it to the network to stop others from believing they are connected to it. In other words, the nodes themselves are in charge of ensuring that the connection data is accurate since they should prevent others from misusing it. The following provides the limiting method for introducing or eliminating spurious nodes:


There are no nodes in Figure 4 with a separation equal to 3 from any of the nodes {*y*, j} ∈ *HN2*(b). As a result, node c should add a spurious node to the system following rule No. 1 of the fake setting method. Because node *y* should designate b as an *MPR* to approach *Sv*, this prevents the assault and safeguards node *v*. This would be reported as a conflict and in violation of rule No. 2 of the conflict rules. Through this method, the attacks can be prevented, and malicious nodes are identified.

The trust levels of every node in a system, including malevolent nodes, are updated by block transactions. A block will be created by the validating node or a delegation node, which receives all activities. Transactions are distributed by *MPR* nodes under the mechanism used by this method. Every node n will deliver an encoded session (n, transaction) prKeyn, where the secret key of n is used to encode the operation. If the abovementioned process reveals a malevolent node, it will be given a low Trust value (TV) and removed from the system. Even though a node is not an enemy, one node could mistakenly attribute a negative rating to it. Transactions including malevolent node data must first be verified by neighbors before being forwarded to the delegation node to avoid this problem. Because hackers may assert that two neighborhoods of a target are their counterparts in a node attack (NA), the intruder's data and any discrepancies they create must be notified by two neighborhoods. The suspect's secret key is used to encode the target ID (*v*), assailant ID (*y*), and Reporting Attempt (discovered discrepancies) in a response signal (*v*, *y*, Report Attack) prKeyv that is transmitted. Because the malignant welcome data contain the suspect's two-hop neighborhood, this signal is delivered by piggybacking onto it until it is within two hops of the recipient.

**Figure 4.** Sample Block Configurations.

If the surrounding nodes accept the transaction, it will respond (i AckReport) prKeyi, validating the transaction. It is hard to receive consensus from all endpoints since the hacker might also incorporate the spurious nodes. Furthermore, the node asking for permission can alternatively be an intruder attempting to identify a reliable node. As a result, the transaction is approved if at least half of the neighbors who received the intruder's Welcome approve. Additionally, even if the intruder states that they are its neighborhood, saying "accept" suggests that they have no link to them. As a result, each node evaluates whether or not they agree using the same criterion. Nodes that have TVs greater than q are the only ones that can transmit non-attacking standard TV transactions. The delegation node will tally the nodes participating in a specific transaction's vote. The delegation will choose the transaction order and create a block depending on the quantity. As a result, using *MPR* nodes across the network, the delegates will disseminate the new block (dl, Block) prKeydl. Every node responds with a verification signal (n, BlockAck) prKeyn after receiving the

block from all other nodes. Every node links the new block to a localized blockchain if the most of other nodes approve it. Through this procedure, the suggested method will identify the malicious node and eliminate the node and its attack in the MWCN transmission.

### 3.2.2. Block Configuration

When building a block, it is important to specify the data that will be contained within it as well as how the delegate node will configure it. In a blockchain system, the pool's transactions are compiled into a block and chained throughout the network because it offers immutability. A hash value (SHA-256 algorithm) is attached to the block in a blockchain and is directly derived from the transaction data. As a result, the hash value will alter even a minor modification in the data. A data update in one block might cause all the other blocks in a blockchain to become disorganized since the hash of the previous block will be incorporated as data in the current block for chaining. There is only one format that the block hash accepts (e.g., a hash signature starting with 10 consecutive zeros). The term "nonce" refers to a piece of data that complies with this criteria. Until a valid hash signature is obtained, the nonce value is continuously modified.

Blocks in a MANET trust blockchain are made up of block transaction data and the aforementioned metadata (timestamp, hash of the transaction, delegate ID, and the nonce). To ensure non-repudiation for the block transactions offered by any nodes, the transaction generator ID, the TVs recommended by the transaction generator, and the delegate ID will all be included when a transaction is hashed.

The first block in the blockchain, known as a "genesis block" (blockchain jargon), is defined as an empty list of transactions when the network is created. Figure 4 displays a sample arrangement for a block.

### 3.2.3. Block Maintenance

There are two sorts of nodes in a blockchain environment: full nodes, which maintain the blockchain, and lite nodes, which mostly rely on full nodes for information but do not maintain the whole blockchain. We included this idea in our environment as well by the nature of MANETs. A new node will have access to the blockchain data whenever it joins the network. As seen in Figure 2, a node should initially join the network as a light node, which allows it to only download the block's header. A new node can nevertheless produce transactions (attacker detection/TV calculation) in the network even though it will initially function as a light node. To relay block headers until the new node becomes a full node, the network's host node will act as a temporary full node.

### **4. Results and Discussion**

This section displays the findings of the graphical assessments of the efficacy of the suggested and existing strategies. Using the suggested TVDCSN approach, malicious node elimination and intrusion avoidance are carried out. The performance indicators for evaluation include detection accuracy, attack prevention, security, network overhead, and computation time. The suggested TVDCSN is used to compare the performance of the Transfer learning (TL), AdaBoost Regression Classifier (ABRC), malicious intrusion data mining algorithm (MIDTA), and dynamic reputation algorithm (DRA).

### *4.1. Detection Accuracy (%)*

Accurately identifying malicious nodes in a wireless communication network is the definition of detection accuracy. The malicious node will reduce the network's communication speed, which would reduce the network's service time. It is necessary to identify these wireless communication nodes. Figure 5 displays the detection accuracy of malicious nodes using both existing and suggested methods. It shows that the proposed approach is effective in detecting precise malicious nodes. Table 1 displays the results for the detection accuracy.

**Figure 5.** Proposed and existing methods of detection accuracy.



### *4.2. Attack Prevention (%)*

During the process of transmitting sensitive information through the MWCN, the network is subject to several attacks. Numerous vulnerable attackers that want to steal sensitive information are the ones who carry out these attacks. In the transmission process, the prevention of attacks is vital. The attack prevention employing both recommended and existing approaches is shown in Figure 6. The attack prevention results are shown in Table 2. It demonstrates how well the suggested strategy works to prevent attacks in MWCN.

**Figure 6.** Proposed and existing methods of attack prevention.


**Table 2.** Values of proposed and existing methods of attack prevention.

### *4.3. Security (%)*

It is essential to have security because it protects sensitive data from being compromised by malicious cyber activity and ensures that the network can be relied upon and is functional at all times. Various security measures are used in effective network security plans to shield people and companies from ransomware and digital threats. Figure 7 shows the security utilizing both the recommended and existing techniques. This demonstrates that the strategy that was proposed is an effective one for providing security. The outcomes for the security are shown in Table 3.

The formula for network security NS = P + Pr + Pe + M + T; NS—Network security, P—policy, Pr—procedure, Pe—people, M—management, and T—technology. The effective collection of data to test and evaluate situational awareness and treat assessment tools for cyber security will be made possible by this adaptable simulation modeling framework.

### *4.4. Network Overhead (Bits)*

Any unlawful use of services such as data, processing, storage, and bandwidth is referred to as network overhead in computing. To hold the additional data required to transport specific information from its source to its recipient, more assets are required. Figure 8 depicts the network overhead of the suggested and current strategies. It shows that the recommended solution has minimal overhead, which enhances the wireless communication network. Table 4 displays the overhead values. The below equation illustrates the comparison of network overhead.

**Figure 7.** Proposed and existing methods of security.


**Table 3.** Values of proposed and existing methods of security.

**Figure 8.** Proposed and existing methods of network overhead.



In that situation, O = 2l, where l is the number of connections that calculates the number of overhead networks, O.

### *4.5. Computation Time (%)*

Computation is the amount of time required to accomplish a calculation (also known as "execution periods"). It is a fundamental efficiency criterion that professionals in the fields of software engineering and science have used to evaluate a method's effectiveness. Figure 9 displays the computation times for the suggested and traditional methodologies. Table 5 displays the values of calculation time. It indicates that the suggested strategy operates effectively and rapidly.

**Figure 9.** Proposed and existing methods of computation time.

### *4.6. Block Latency*

Block latency is improved even more if an attack detector node serves as the delegate since less communication is needed to send attack information to the delegate. The block duration and transaction ratio are significantly lower when collusive attacks take place in a network. The block generation latency, determined based on attack transactions, can be depicted in Figure 10.


**Table 5.** Values of proposed and existing methods computation time.

*Attack*\_*ratio* <sup>=</sup> *number*\_*o f* \_*attacker*\_*in*\_*the*\_*network number*\_*o f* \_*nodes*\_*in*\_*the*\_*netowrk* (1)

For instance, if two different attackers initiate attacks simultaneously in two different locations, two assault transactions will be included in a block, increasing the effectiveness of the suggested technique. The attack ratio measurement is shown in Equation (1).

**Figure 10.** Block Generation Latency Based on Attack Transactions.

### **5. Discussion**

In the area of WCN data analysis, wireless transmission system assault detection is crucial. In unsupervised wireless systems, link forecasting is a challenging issue that can be effectively handled by transfer learning (TL). A link prediction approach relying on the dispersion functional fitting technique of the area diagonal term group is utilized to gather more precise and comprehensive data in the target area [21]. Several security failures have occurred lately as a result of the unfavorable growth of automation. Services are maximized with increased network lifespans to resist those safety dangers and intrusions, particularly for hacking attempts. Artificial intelligence depended on innovation and has advanced to resist intrusions. Deep learning (DL) depended on a categorization strategy for detecting cyber-attacks provided in this article [22,23]. The intrusion detection system using the suggested AdaBoost Regression Classifier (ABRC) uses a deep learning structure. The presented ABRC with DL architecture is implicated in the assessment of network security assault. The privacy of private details in wireless technology cannot be guaranteed because invasive information in the transmission process readily affects wireless private interaction networks. The malicious intrusion data mining algorithm (MIDMA) presented in this study [24,25] is founded on valid large information from wireless personal interaction systems. The main point of malicious infiltration data is repeatedly obtained using the grouping technique, and its predicted participation is determined. The inherent complexity of wireless communication networks makes it difficult to identify rogue nodes using standard approaches, which creates several safety threats in the network setting. In this research, a dynamic reputation algorithm-based technique for detecting rogue wireless transmission nodes is proposed [26,27]. The above methods take a long time to identify and detect malicious activity with less accuracy and fail to effectively prevent attacks.

### **6. Conclusions**

In a "wireless communication network" where the communication of information is fully automated by utilizing electromagnetic waves, like radio waves, which are typically instituted in the physical layer of the system, one of the most significant methods for transferring data between nodes without utilizing wires is used. In the area of data transfer, wireless communication systems have made significant progress to date. This is because they are easy to operate, affordable, and have sufficient bandwidth. The security risks to wirelessly transferred data have risen even if the safety and bandwidth gaps between different kinds of networks have decreased as a result of ongoing advancements in wireless communication innovation. The MWCN has to take measures to reduce the number of

security-related issues. As a result, we offered the blockchain-based modal, Transaction Verification Denied conflict with spurious node (TVDCSN) methodology, to be used in MWCN because of the inefficiency of the traditional methods for identifying malicious nodes and preventing attacks. The efficacy of the proposed system is assessed using a variety of performance characteristics, including detection accuracy, attack prevention, security, network overhead, computation time, and average block latency. The proposed method's efficacy is compared with that of conventional techniques such as Transfer learning (TL), AdaBoost Regression Classifier (ABRC), Malicious Intrusion Data Mining Algorithm (MIDTA), and Dynamic Reputation Algorithm (DRA). These assessment results demonstrate the effectiveness of the suggested approach in MWCN for detecting malicious nodes and preventing attacks. Even if an attacker moves around and attacks different nodes from different places, the network will still be safe. No information or time is lost, and the overall level of complexity goes down. Additionally, because of collaborative detection, each node is much less responsible for its actions. The more nodes there are in a network, the less each one is responsible for detecting. In the future, optimization strategies may be introduced into the system to enhance its performance. The proposed scheme will be put to the test with different routing protocols in a wireless communication network.

**Author Contributions:** Conceptualization, R.R.C.; Methodology, R.R.C.; Software, N.L.S.C.; Validation, N.L.S.C.; Investigation, N.L.S.C.; Resources, A.B.; Data curation, A.B.; Writing—original draft, G.H.L. and F.F.; Writing—review & editing, G.H.L., F.F. and R.N.; Supervision, R.N. All authors have read and agreed to the published version of the manuscript.

**Funding:** This research received no external funding.

**Conflicts of Interest:** The author declares no conflict of interest.

### **References**


**Disclaimer/Publisher's Note:** The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

**Eduard Zadobrischi 1,2**


**Abstract:** The most controversial technology—visible light communication—is becoming increasingly promising in the field of wireless networks, being ideal for many indoor and outdoor applications. This article proposes VLC methods and architectures capable of providing high security in vehicles and in their communications with the environment or other cars in traffic. The architectures proposed involve the inclusion of ambient lighting equipment and systems and indoor and outdoor lighting systems, such as headlights, traffic lights, and stoplights. Securing data within vehicular networks and validating them through multiple layers of filtering at the level of the physical PHY layer would drastically strengthen the position of VLC. They are the only source of information through which direct contact is maintained with the other entities in the network. The evaluations and proposals presented here are highly viable and deserve future consideration in light of the results obtained in the practical steps carried out in the research process.

**Keywords:** in-vehicle communication; inter-vehicle communication; optical communication; security wireless; visible light communication; wireless optical communication

**1. Introduction**

Visible light communication (VLC) represents an important component of optical wireless communication (OWC) and has brought many challenges to the research community, as well as those attracted to this field [1]. VLC could become an extremely remarkable technology because, in addition to being used for lighting, it can also be used for data communication between devices, users, and the outside environment. This approach is important in terms of the benefits it can bring, as well as in terms of its huge potential for future development across extremely vast areas [2]. VLC is different from the technologies we know. It can be developed at the level of pre-existing lighting infrastructure or at the level of equipment containing LEDs, offering the opportunity for the mass development of a fast and cost-effective network [3]. According to the specialized literature, the basic principle of VLC is that the data are transported using an optical carrier without leading to higher energy consumption, which is another advantage of this technology [4]. Most studies conclude that LED light, in conjunction with the data transmission process, is becoming more and more common in our society and employ the lens of avoiding health risks due to exposure to emissions and radiation, as VLC is one of the greenest technologies. The specialized literature demonstrates the high potential of VLC technology and elucidates several of its aspects through the lens of its standardization by competent organizations, including the IEEE [5]. In terms of energy efficiency, VLC uses LED light to transmit data, and this is known as a low-power-consumption factor. Wi-Fi low power is designed as a restrained form of energy consumption but, compared to VLC, it is much more expensive. Channel bandwidth represents a constraint for the number of data packets that can be transmitted over a certain channel. Wi-Fi has a much higher channel bandwidth than

**Citation:** Zadobrischi, E. The Concept regarding Vehicular Communications Based on Visible Light Communication and the IoT. *Electronics* **2023**, *12*, 1359. https:// doi.org/10.3390/electronics12061359

Academic Editors: Tao Huang, Shihao Yan, Guanglin Zhang, Li Sun, Tsz Hon Yuen, YoHan Park and Changhoon Lee

Received: 28 January 2023 Revised: 7 March 2023 Accepted: 9 March 2023 Published: 12 March 2023

**Copyright:** © 2023 by the author. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).

VLC, but low-power Wi-Fi operates in the 2.4 GHz or 5 GHz frequency bands and has bandwidths of 20 MHz or more. Although it is a technology brought back to the public after a period of evanescence, VLC reappeared with prototypes developed and the first standardization, recognized with the acronym IEEE 802.15.7, was achieved in 2011 and later benefited from new updates [6]. VLC is showing an upward trend and represents an opportune moment for today's society, branching out into more and more fields. In the early days of the technology, it was used to make high-speed wireless connections, as it is extremely suitable for broadband internet. In this field, VLC technology has proven its capabilities: it can ensure data transfer at speeds of several gigabits per second and, in ideal cases and laboratory tests, the technology can also establish connections that reach transfer values of over 100 Gb/s [7,8]. These aspects make VLC an extremely promising candidate for systems based on technologies such as 5G or 6G. VLC is suitable for most fields due to its ability to reuse space and small communication cells. Therefore, 5G and 6G technologies could achieve much higher transfer rates than known before; low latencies, even below <1 ms; and extremely wide coverage [9,10]. In accordance with the extremely wide distribution of LED lighting sources, in addition to applications related to its information- and energy-transfer capacities, VLC could also be used in Internet of Things-type applications, see Figure 1. Great progress could be made in the transition towards Industry 4.0 or 5.0 through the application of wireless communication in production lines and automation. VLC's simplified implementation, cost efficiency, flexibility, and versatility would help in significantly scaling these processes, and it can be declared an ideal technology. Automation and robotization processes could use VLC for communication, control, management, and location tasks, and identification of equipment could also be controlled with it [11].

**Figure 1.** Illustration of the most representative scenarios and applications that use visible light communication.

Perhaps the most representative and popular field of use for VLC technologies is in road and safety and the design of applications dedicated to vehicular communications. This field also receives increased attention in light of the loss of human life involved, as road accidents are the second leading cause of death worldwide. Implementations in this direction are more and more numerous, proving that VLC is extremely reliable and can provide adequate resistance against noise. Communication distances can exceed 200 m and

latencies meet the requirements of some vehicle-to-vehicle communication applications [12]. Analyzing all the research and the specialized literature, perhaps the most important aspect for today's society is that VLC is safe for the human body and for other equipment that can be influenced by or is sensitive to interference [13], and VLC is recommended even in RF-restricted areas. VLC can be used in medical procedures, transportation, logistics, security, oil rigs, nuclear power plants, highly confined areas, and even in aquatic research. VLC technology offers many unique benefits, including very high bandwidth and high transfer rates, in addition to the green zone aspects already presented [14]. This technology is increasingly being exploited by research groups, as well as in the private environment, to open up new fields and explore applications that could fix certain pressing problems of our society.

The effectiveness of current networks for communication between vehicles has been demonstrated, as well as their use in communication and control in autonomous cars, but aspects related to safety and information protection have been neglected. Therefore, this study focused on the analysis, presentation, and development of an architecture capable of providing a high degree of security in the process of communication between vehicles and between vehicles and infrastructure through the distribution of light in the indoor and outdoor environment [15]. The application of the solution is oriented toward both the user and the infrastructure or vehicles. The large number of systems produced by research groups so far proves the usefulness of this technology. The experimental evaluation process and the implementation were carried out in different stages, and the concepts were determined at the architectural level but without the implications related to the hardware and software components through which these processes were carried out. The data security aspect is extremely important for both the user and other traffic participants. The data communicated can be intercepted and, subsequently, the control of autonomous vehicles or on-board systems can undergo changes that may jeopardize the condition of the vehicle and endanger the driver, pedestrians, and other traffic participants [16]. Many of the major challenges currently impeding the implementation of new technologies, such as 5G, can be mitigated by using VLC [17,18]. The most important point is that VLC provides an alternative by not having a limitation in the radio frequency spectrum, which is already loaded and limited, and VLC even has a capacity more than 10,000 times higher than that of RF [19,20]. As the VLC spectrum remains unregulated and unlicensed, it can be considered an extremely important solution from a bandwidth perspective, capable of mitigating the limitations of the RF spectrum. New approaches and an increase in the degree of security for VLC, as well as development of an implementation method, are imperative. The most important contributions of the article are the proposal for a network architecture for future implementation in relation to vehicular communication and the enhancement of data security through multiple connections based on primary authentication keys and the parameterization of information using unique IDs. Section 2 reviews the methodology, outlines a proposal, while Section 3 is related to the implementation, and describes some of the results. Section 4 includes further discussion of the experimental results, and Section 5 is dedicated to the conclusion and future approaches.

### **2. Methodology and Design Parameters**

Based on experience in the field of optical communication, research groups have consistently focused on adding new functions and generating related applications for VLC, including in relation to the IoT and vehicular communication. Several papers have discussed the use of VLC as part of various wireless technologies, but very few have focused on the IoT and road safety applications. In [21], architectures were proposed for VLC systems employing the IoT and its integration in the dark, using orthogonal frequency division modulation (OFDM) to overcome the identified limits [22]. In [23], VLC-over-UART-type systems were proposed that used the bit error rate and system evaluation. Another research paper [24] elucidated the potential of Li-Fi and its capacity for use in outdoor lighting, stating that it may represent a new backbone in the field of

wireless communications. The activation of 5G wireless access using Li-Fi technology was addressed in [25] based on OFDM, demonstrating speeds of 200–300 kbps. Many of the challenges related to VLC, as well as the potential it has for industrial applications, were presented in [26], along with other concepts. Another review can be found in [27] that discusses various aspects and contributions, as well as providing an ensemble presentation, including aspects related to the optical IoT (OIoT). One new approach in V2V technology is the use of light fidelity (Li-Fi), which is an alternative medium in data transmission. The capacity of this technology to send data over an optical medium wirelessly using light-emitting diodes that propagate the signal makes it very promising. In the case of Li-Fi technology, data are extracted from the vehicle and spread via headlights or stoplights to other traffic participants or infrastructure, but there are many challenges related to bandwidth and data latencies. As shown in Figure 2, Li-Fi systems are composed of luminous media (LEDs) that transmit data and information, and the receiving system is based on a photo-detector that processes the data and analyzes the obtained signal. It is imperative to implement systems of this type because the actions that traffic participants take are based on information obtained from other vehicles and involve short durations of time and extremely low-validity data. Thus, in the case of systems of this type, GPS and Wi-Fi units are not necessary because Li-Fi technology can use interface or PIC controllers to emit tiny pulses of sound, which can penetrate barriers and be employed with straight roads or those of the T-junction type [24].

**Figure 2.** Illustration regarding the fields of communication within VANETs.

V2V technology can accurately calculate the moment T of a collision and highlight its severity when used synchronously with a laser detector or laser rangefinder (LRF). The guarantee that this is a highly viable system comes from the accumulation of adjustable vehicle functions, which can allow the generation of protocols and procedures to expedite the activation of pre-crash systems or airbags even before collisions occur [28]. Communication between vehicles is dependent on the distance of the convergence or divergence between them because the density of cars on roads is involved in the first process of the information transmission mechanism. In the case of congested roads where the traffic density shortens the distance between vehicles, the communication process takes place in a platoon-type network with vehicles separated by small distances, and hybrid implementation of VLC-RF is necessary [29]. In the case of visible light, data can be transmitted with a single data-stream instance extremely quickly [30]. In addition to what has been presented above, there are also aspects of the topic related to the exploitation of THz bands dedicated to vehicular networks, which have intrinsic properties. As millimeter-wave technology moves toward

commercial implementation, it is clear that the terahertz (THz) band is the next frontier of communications. Summaries of all the RF techniques are provided in Table 1, where we show how they can be used under different traffic density conditions, and in Table 2, where other related work is addressed.

**Table 1.** Network systems and approaches in relation to coverage.


**Table 2.** Existing approaches and prospects for development.


The proposed solution could make major contributions to the emergency transmission of priority messages, the avoidance of road accidents, and the safety and security of data. In all these processes, it is extremely important to also consider the adoption of vehicular ad hoc network (VANET) technology, which can guarantee the safety of vehicles and transmits information through central roadside units (RSUs) or electronic control units (ECUs) that can pre-secure data with up to six encryption cycles [42]. With vehicular ad hoc networks (VANETs), it is possible to manage multiple vehicles that have on-board units or roadside units, as illustrated in Figure 2. Further measures at the security level could involve Euclidean distance calculation components, which can provide data on the distance between vehicles and RSUs or on the occurrence of adverse events at the edge of the road surface. Therefore, the protocols used to secure data could be based on event detection crawling and information filtering procedures, sending the data only through repetitive loops to the RSU-type units or concatenating the input data with the output data to encrypt them. If an accident is detected, the system sends the information to nearby vehicles and, through a filtering process that also uses an advanced driver-assistance system (ADAS), implements assistance processes, even providing traffic updates. Data are pre-swapped and routed through band-switching to ensure security and privacy, then initialized and keyed into the cloud. Any sudden change in the amount of data or any data modification result in a software trigger that processes each routine and compares it with the additional sets [43,44].

### *2.1. Li-Fi Communication System Proposal*

The most important advantage that this new Li-Fi technology brings to the field of communications is greater security through the lower radius of the coverage area, as well as data encoding. As a consequence of limiting the coverage area, VLC cannot penetrate opaque surfaces or obstacles, even when geographically limited. In addition, VLC systems can employ connectivity based on unique IDs to encrypt the information in a format that can only be decoded with an adapted receiver. Therefore, this approach is extremely important in terms of the security and integrity of data communication, both for users and within vehicular networks. In the design process for a VLC system, the transmitter is not necessarily the central component, although it is important for the communication process, but an extremely volatile and important part of the system rests on the shoulders of the receiver. This idea was deduced from the specialized literature [45,46] (see Figure 3).

**Figure 3.** Illustration presenting Li-Fi technology and its general utility.

The IEEE 802.15.7 standard provides additional functions, some of which are complementary to lighting devices, and, in this case, they do not negatively influence the process [47]. Even if these systems have to be able to provide both lighting and data communication, they must not induce a flickering effect perceptible to the human eye, and it is necessary to implement functions capable of diminishing the light intensity if this is required. Hardware and software solutions have been found for this problem. Figure 4 shows a complete VLC diagram, as well as a way to secure the communication. The diagram includes an ARM Cortex M7 microcontroller component with a frequency of 1008 MHz, which is the central element around which the entire system gravitates. The basic function of the microcontroller is to transmit the data and transform/demodulate them to obtain a continuous stream of information/bitstream [48,49].

Thus, the microcontroller facilitates the processing, encoding, modulation, and contouring of bit matrices to expose them and transmit them further. Through the prism of its versatility, its performance and data security can be substantially improved, including by using on–off keying (OOK) at the emission and modulation side. The improved security process is also based on the central anti-flicker aspect; the VLC transmitter runs a code based on unique IDs and a run-length-limited (RLL) code, which can overlap the logic levels "1" and "0" at the same light intensity. Encrypting data by using security keys with unique IDs assigned to each data matrix also increases the data transmission speed and the instantiation capacity; in some cases, the speeds are around 250–300 kb/s [50]. To validate the security process carried out, the GVLC comparator structured based on the message intent iterates a log with the purpose of validating the receiver as a part of the system; everything is undertaken based on unique IDs. Subsequently, the message header provides the VLC receiver with information regarding the modulation technique, coding, transfer rate, and length of the message, aspects that ultimately validate the communication and security process. The instance frame contains all the transmitted data, and it is followed

by a stop and validate header, the purpose of which is to inform the VLC receiver that the data have arrived.

**Figure 4.** Architecture of the proposed visible light communication system at the road infrastructure level.

As shown by communications tests, the intermittency of the signals between data frames also facilitates the implementation of an additional security protocol. The top microcontroller component can generate data and transmit them to other devices, but, at the same time, it can be interfaced with other devices through CAN, I2C, or SPI ports, which increases the safety and veracity of the information [51]. Regarding the level of frame data and the data quantity, solutions related to the cadence of the data transmission can be established with the help of an LED driver. The generation of the light beam that contains that data is related to the dynamics of the environment and the data quantity; the light contains the data that must be provided to the receiver, and the data take a path through the optical channel in free space (see Figure 4).

To obtain a more robust structure, this research focused on the development of a system capable of providing information and connectivity with any other device. For the reception side, as can be seen, the collector optical system had a processing component and a processing unit. These components integrate optical filters that adjust the signal to noise ratio (SNR) and remove unwanted components from the optical spectrum. For the optical detection part, a PDA component and PIN photodiodes connected to direct transimpedance circuits were used. For the processing blocks, bandpass filters were introduced with certain cutoff frequencies determined by the spectral densities. The data encoding and decoding process are carried out using quadratic triggers and other types of triggers, and the final signal is ultimately analyzed and received by the ARM Cortex M4-type controller. The final data arrive at the last unit and can be accessed by the end user [52,53].

### *2.2. Proposal for Software Infrastructure and Architectural Components*

In accordance with the prospects for future use of Li-Fi networks for V2V interactions, the proposed algorithm validates and authenticates users in vehicles based on the queries it makes within the internal nomenclature, which includes all IDs and encryption codes related to users. The interaction between the device and the vehicle involves a database located at the level of the vehicle ECU infrastructure. The risk of information leakage is minimal due to the degree of encryption and the transmission of information through light, the identifiers being encrypted at the level of the internal stack without generating an exact reference to a specific device and constantly reinitialized every time they are reintegrated into the system. Regarding the security protocol for VLC-based networks such as Li-Fi, the process by which this occurs takes places in several stages. Devices are verified before connecting to the network and, if a device is in range, it receives a query asking for an access code and its verification leads to the first process. When the code is valid, the data are checked for identifiers and for whether there have been any previous logins. When the device authenticates and authorizes itself, the data are encrypted and sent within the network, with the traffic on that network being constantly monitored. In addition to these aspects, there are functions dedicated to the additional protection of the network from possible external attacks or penetrations.

Therefore, encrypting and transmitting data through a Li-Fi-type network can be achieved using a symmetric encryption algorithm. A symmetric encryption algorithm is based on the use of unique keys that encrypt and decrypt data. In a Li-Fi network, these keys are generated and distributed across the network to all devices. One example of an algorithm based on symmetric encryption is the advanced encryption standard (AES). According to specialist studies, it is considered one of the most viable and powerful algorithmic structures in terms of symmetric encryption, and it is used in more and more security standards and, now, in VLC [54].

The structure in this case could be implemented according to the following steps:


The existence of new technologies dedicated to cryptography has a direct connection with quantum cryptography, which is advancing quickly around the world. Specifically, quantum cryptography involves quantum key distribution (QKD) and subsequent redistribution of a cryptographic key. Later, the degree of security can be proven by using new instantiations on the bases of computational complexity and processing with emerging quantum computers [55]. In QKD, the quantum key can be exchanged between network users in the form of light to increase security. When quantum sequences are iterated, they are measured post-processing to generate identical keys on both sides of the network. A first step in this direction is the QuINSiDa project, which is the first to incorporate a "QKD over Li-Fi"-type system [56]. This aspect makes QKD data transfer possible, which is more widely used in communications between buildings and offices. The project aims to demonstrate that a quantization-based data communication network can be flexible in its secure backbone infrastructure and can make the step to the vehicular area. In summary, the project aims to realize wireless data communication in a point-to-point scenario but, at the same time, simultaneously secure all individual communication channels through quantum keys [57].

An extremely important aspect in any network is maintaining the confidentiality of the generated key at all times and, in cases where new external connections are introduced, generating authentication keys after a certain time interval. The security of wireless networks and their data security routines are based on encrypted connections centered on protocols for data transmission, such as WPA2 or WP3. Another aspect of security is related to the use of firewalls, which limit access to networks and, at the same time, do not let external entities connect. In addition, two- or three-step authentication systems can be used to increase safety.

For our proposal regarding securing Li-Fi data communication networks for vehicles, we considered aspects related to the creation of an encryption and decryption algorithm

to limit access to the infrastructure created. Li-Fi networks offer a high degree of security because this technology is bidirectional and can only be accessed through certain decoding procedures with dedicated systems. There are no generally valid programming languages that can be used to create security protocols in Li-Fi networks or to define a security standard to date. Therefore, this approach is extremely important for the scientific environment and, as a result of the experience accumulated in this field, presents a viable alternative through which this technology will soon be able to branch out into more fields. Even if technological advances favor communication based on the 802.11 p/a standard, 4G, 5G, and even 6G, the complementarity and usefulness of VLC are undeniable [58,59].

The encryption and formation of a security protocol at the physical level in a data network based on VLC could have the following structure (Algorithm 1).


In Algorithm 1, an attempt was made to create a much stronger encryption process compared to those known from the much more widespread networks that encrypt data within wireless networks. In the previously presented case, security keys are outlined in the function header, after which the imports are undertaken and the user and password are validated sequentially as the first iterator.

In Algorithm 2, a firewall-type procedure is outlined that can manage the network more efficiently, restrict access to it, and prevent external attacks. Towards the end, the created traffic network and its port are also highlighted. A final step in accomplishing the process of securing a network is authentication and the creation of a way to validate previous data. Therefore, in Algorithm 3, all the data from the encrypted validation files are imported, along with the user input data to be filled in by the handler, and the password is maintained at the same time as the credentials. All the data are saved in a nomenclator in the VLC database and requested for access and validation through iterative instance comparators. In the last stage, the algorithm decides whether access is allowed depending on the degree of portability of the user and the password.

**Algorithm 2**: Pseudocode for the import and filtering of access data for the generated address.

```
from ipvlctables import Iptablesvlc
ipt = Ipvlctables()
ipt.block_all_trafficvlc()
ipt.allow_traffic(100.100.1.0/88)
```
**Algorithm 3**: Pseudocode for final validation and authentication in the created communication process.

```
from passlibvlc.hash import sha256_crypt
usr = input("Enter user: ")
pass = input("Enter pass: ")
stored_passvlc = "hashed_pass_from_databasevlc"
if shabvlc_crypt.verify(pass, stored_pass):
print("Access granted LiFI.")
else:
print("Access denied to Li-Fi.")
```
The proposed architecture provides, using several LEDs, an authentication ID regarding the location and identification data for the vehicle, these being managed with

cryptography [60,61]. The network undertakes the distribution of the authentication ID and the lighting sources, a process that increases the degree of security through power lines. Extremely high scalability can be achieved through the efficient management of IDs, highlighting how the use of VLC in a direct approach with new technologies can be extremely interesting. Therefore, ID management guarantees the validity of the IDs and offers a control mechanism through which the necessary data can be obtained. The combination of the existing infrastructure with the IDs generated through validation within the existing nomenclature with preset IDs interchangeable between vehicles offers a new security policy for optical communications.

### **3. Implementation and Results**

The proposal was tested using various methods and tools based on the Linux operating system capable of intercepting data or connections, such as BackTrack and WireShark. These methods' connections and their traffic management were analyzed. These aspects are important and each type of amendment was staged, which was the purpose of the study, starting from the unstructured ones and then the structured, external, and internal ones. In vehicular networks in particular, we can experience unstructured threats from other users without a high level of training; these practices are undertaken only out of pure curiosity and their method of operation is extremely easy to identify. These types of penetration are carried out by users who know the methods of operation and the vulnerabilities of networks and later develop scripts capable of disrupting access to them.

Vehicular network security and communications between infrastructure, pedestrians, cars, and intelligent traffic systems are extremely pressing topics for today's society. Attacks from the outside can be initiated at the level of intelligent transportation systems (ITSs) by capable individuals who gain access to the entire infrastructure, generating chaos and panic in addition to pursuing extremely well-defined goals of controlling certain areas of activity. Many of the attacks from outside target issues that are closely related to bank fraud, personal information, and the mining of confidential data. Analyzing the subject in detail, persons with hidden intentions could take control of autonomous vehicles, as well as intelligent traffic systems. Attacks of an internal type, however—and at this moment it is much too early to take these aspects into account—have more to do with the accuracy and degree of security established by existing users and the way they set up their accounts.

### *Analysis of the Security Process and the Threats to Which the Network Is Exposed*

When there are security and privacy concerns, in order to ensure reliable communication between the sender and the recipient, we need to perform certain tests that can give us feedback on the VLC's compliance with the requirements imposed by other wireless systems. Therefore, the system proposed in this study aims to provide protection against external connections and rejects data assignment to other users outside the network or who may compromise the network. The proposed system does not fully behave like a commercial Internet network but, as shown by the simulation process, it provides the most important features: authenticity, confidentiality, integrity, and availability.

The authenticity feature aims to limit the introduction of messages into the communication channel that may disturb the receivers and prevent them from transmitting messages. The privacy feature imposes limits on data access to prevent disclosure of communication routes or routes created between senders and receivers. The integrity feature maintains the accuracy of content throughout its transmission from source to destination. If available, it prevents authentication from being given to unauthorized users, while for others, it requires access keys, in addition to the username and password. For such a system based on VLC to meet the mandatory requirements, several critical issues must be addressed in the final implementation. In the case of much more established communications, the network layer assumes all responsibilities of protecting the data and keeping them private from all points of view, including the legal and the commercial perspectives. In terms of the VLC channel, it can be vulnerable to attacks within vehicular networks, and the confidentiality of the

data transmitted between the vehicles may be endangered. The measurements and tests presented here were carried out to track how a VLC system can be protected from various types of attacks in the network, such as flooding attacks, poisoning attacks, and cache attacks. These types are the ones that could endanger the integrity of the system, and this study proves that the security breaches in the case of VLC are much more critical than in the case of standard VANET communications (Figure 5).

**Figure 5.** Analyses regarding the risk to which the infrastructure is exposed.

According to the research carried out, the sources of and exposure to external risks can only come about when there are failures in the physical infrastructure or the system itself. Matrix data approaches and evolutionary determinants of attacks within the physical layers have been considered and these threats to VLC do not compromise data security and integrity. To penetrate a VLC network or a communication system based on this technology, dedicated modules and receivers are needed, and if the communication system behaves like a classic wireless network, the penetration procedure is difficult and the contamination time is relatively long (see Figures 6 and 7).

Regarding the connectivity of such a network, the insertion of data packets capable of providing a perspective on the network through their iteration was also considered. Therefore, cascading data templates were used, and these were split into multiple data matrices that randomly populated the network. A premature conclusion regarding their capacity and accuracy should not be drawn, but, regarding the main aspect of security, there were many indications that confirmed that the data were in a network capable of providing them with a high degree of protection. As shown by Figure 8, no technical problems were encountered, and the data packet penetration process, which was constantly monitored, could not be derailed.

**Figure 6.** Report on the use of the communication channel in relation to the other active networks.

**Figure 7.** Spectrogram of the created communication channel.


**Figure 8.** Communication testing with a dataset created in order to validate its reliability.

### **4. Discussion**

Following the analysis of the proposal offered as a communication and security alternative, new directions were generated, especially concerning the use of VLC-RF and the two systems' integration in lighting systems, both in public and in vehicle lighting systems, to achieve communication of permanent data and in complete safety. These new approaches can address extremely pressing problems in today's society. It should not be overlooked that pollution and congestion are causes of traffic and mismanagement. The purpose of the proposal was to highlight the usefulness of VLC in systems other than the standard ones while, at the same time, indicating the high degree of security offered by the new standard compared to the existing ones. The communication through visible light employed in the proposed approach is performed in the PHY layers, resulting in unidirectional UDP connections in the first instance. The tests are in the early stages and have not passed the first stages where addresses are generated and packets with digital samples and minimal processing blocks are sent. Various parameters, sample rates, data rates, and modulation schemes have been studied, but no conclusions have yet been drawn, as these digital samples are routed internally without processing. An outline of a GNURadio-type processing block can be proposed that targets a future direction of being able to modulate the transmission bandwidth in both directions of the optical channel. When the intensity of the transmitted light is detected by a receiver and converted into an electrical current, unforeseen effects can occur. In this case, a file-type protection board on the transmitter–receiver path that can demodulate the received carrier signal is imperative. Thus, the data in Table 3 were extracted from the first stage of analysis of the presented proposal. The sources were retrieved and identified as the main data providers within the network, while the nodes represented the control units with destinations and sources. Figure 8 presents the degree of security of the data exposed in the information transmission process, showing that they do not deviate in the process they follow, nor do they present certain violations.


**Table 3.** Testbed routing.

Visible light communication is considered extremely important because it is a new physical environment that promises to alleviate the pressure hovering over the use of the RF spectrum. This tool is becoming more and more common, highlighting the performance of VLC in the case of end-to-end network integrations. The purpose of this article was to highlight the diverse applications of VLC, its complementarity with RF, and, in particular, to process of emergence through which it can have an important role within the same system. The VLC model was validated by the tests and the measurements undertaken, but there is a need for the independence of VLC to be finalized, and questions arise as to how it can be used with Wi-Fi and RF, encouraging proposals for hybrid networks at scale.

Instrumenting binaries with additional code sequences can be used to achieve a higher degree of routing by passing each instruction into the buffer dedicated to validation and generation of execution. Implementation at the architecture or prototype levels demonstrates leaps in tracking binary macs. Arguably, this implies the detection of unknown exploits from the previous parsing that trigger new routines in the buffer and create tags for system-wide validation.

Therefore, any type of attack against the networks outlined on board vehicles can be successfully mitigated because such attacks cannot be backed by classic exploitation techniques, penetration tests, buffer overflows, packet injection, or fake routines. Through such an approach, it is possible to ensure that the information is and will remain private and the data are kept within the ECUs until the moment of validation by the issuer and confirmation that the data can travel the unidirectional route. The major problem is created when binary tools need a larger number of binary tags; these must be extracted from multiple sources until MAC addresses can have one-byte characteristics with the ability to expose distinct tags for IDs, they must obtain contains eight characteristics generated for each. It is possible to limit the volume of data and the sources, but the goal is to secure a small dataset, which is a priority for optical communication dedicated to road safety and vehicular communication. A brake pressed suddenly in a major emergency triggers a request from a certain distance, and the existing cryptographic security process inserts labels for each VLC code and transmits them to the other sensors to verify the veracity of the data. The role of tags is to validate data from several sources: at least three tagging sources for each court validating code, cause code, or sub-cause code. These codes are already developed with a nomenclature dedicated to the traffic codes that the V2X–DSRC networks have, and they are called CAM and DENM messages. The presented solution is at an early stage and requires intensive study of the codes that the ECUs generate and analysis of data flows and the protocols they use, as well as identification of efficient ways of processing data in a relatively short time. The process cannot be used by all existing vehicles but may be an extremely important feature for future approaches.

### **5. Conclusions**

When resource-intensive computing services employing big data are used and they contain location data or large-scale derivations, query requests also arise. They are encrypted and transmitted to vehicles to efficiently manage the processes carried out by the RSUs. The roadside control and management units can calculate the shortest routes to the desired destinations, a feature that transforms the network into a continuous flow of variants. In addition to these features, distance and location data are only captured at the user's physical level of inquiry and are shown in standard CPSs. The transfer of information and its sharing between vehicles is undertaken through a different environment that can control each physical level and a layer of the sharable service query. When the data are collected, they are adjusted with on-board units capable of branching the information into distinct stages and iterative processes through which the filtering of the usual information from that of control and management is distinctly achieved. Regardless of the area in which communications are used or their type, keeping personal information confidential and encrypting it are of paramount importance. The future is extremely promising for the application and development of such systems but, at the same time, the accumulation of factors and the dangers to which individuals and users are exposed can create more identity and authentication intrusions. Location and destination monitoring may make new systems veritable maps of possible targets for malicious individuals. Another approach that the scientific community can consider is that of generating fake data for the external environment and constantly updating IDs, producing a model capable of maintaining some degree of discretion in terms of safety and security.

**Funding:** This research received no external funding.

**Acknowledgments:** This work was supported by a grant of the Ministry of Research, Innovation and Digitization, CNCS-UEFISCDI, project number PN-III-P1-1.1-TE-2021-1371, within PNCDI III.

**Conflicts of Interest:** The author declares no conflict of interest.

### **References**


**Disclaimer/Publisher's Note:** The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

**Jeffrey D. Long, Michael A. Temple \* and Christopher M. Rondeau**

Department of Electrical and Computer Engineering, US Air Force Institute of Technology, Wright-Patterson AFB, Dayton, OH 45433, USA

**\*** Correspondence: michael.temple@afit.edu

**Abstract:** Reliable detection of counterfeit electronic, electrical, and electromechanical devices within critical information and communications technology systems ensures that operational integrity and resiliency are maintained. Counterfeit detection extends the device's service life that spans manufacture and pre-installation to removal and disposition activity. This is addressed here using Distinct Native Attribute (DNA) fingerprinting while considering the effects of sub-Nyquist sampling on DNA-based discrimination. The sub-Nyquist sampled signals were obtained using factor-of-205 decimation on Nyquist-compliant WirelessHART response signals. The DNA is extracted from actively stimulated responses of eight commercial WirelessHART adapters and metrics introduced to characterize classifier performance. Adverse effects of sub-Nyquist decimation on active DNA fingerprinting are first demonstrated using a Multiple Discriminant Analysis (MDA) classifier. Relative to Nyquist feature performance, MDA sub-Nyquist performance included decreases in classification of %C<sup>Δ</sup> ≈ 35.2% and counterfeit detection of %CDR<sup>Δ</sup> ≈ 36.9% at SNR = −9 dB. Benefits of Convolutional Neural Network (CNN) processing are demonstrated and include a majority of this degradation being recovered. This includes an increase of %C<sup>Δ</sup> ≈ 26.2% at SNR = −9 dB and average CNN counterfeit detection, precision, and recall rates all exceeding 90%.

**Keywords:** convolutional neural network; CNN; counterfeit detection; device fingerprinting; distinct native attribute (DNA); information and communications technology; multiple discriminant analysis; MDA; WirelessHART; wireless communications security

### **1. Introduction**

The development of new electronic, electrical, and electromechanical device technologies supporting critical information and communications technology systems will continue for decades to come. The deployment and availability of new devices provides certain benefits for expanding interconnectivity capabilities within the critical information and information technology arena. This expansion has heightened awareness and increased concerns associated with maintaining operational integrity and resiliency within the information and communications technology supply chain [1,2]. The adverse effects caused by a loss of operational integrity or resiliency range from increased inconvenience (degraded, inefficient, or intermittent service) at one extreme to premature lifecycle termination (removal from service) at the other extreme.

Supply chain integrity concerns are not unique within the information and communications technology community and are shared among other service communities that rely on electronic communications. Activities within these other service communities vary widely but are generally embodied within critical infrastructure, internet of things, industrial internet of things, and/or fourth industrial revolution frameworks [3–6]. Regardless of the framework, the use of digital communications requires that integrity assurance measures be taken during all phases of the device's technical lifespan (service life) [5].

**Citation:** Long, J.D.; Temple, M.A.; Rondeau, C.M. Discriminating WirelessHART Communication Devices Using Sub-Nyquist Stimulated Responses. *Electronics* **2023**, *12*, 1973. https://doi.org/ 10.3390/electronics12091973

Academic Editors: Tao Huang, Shihao Yan, Guanglin Zhang, Li Sun, Tsz Hon Yuen, YoHan Park, Changhoon Lee and Cheng-Chi Lee

Received: 8 February 2023 Revised: 11 April 2023 Accepted: 17 April 2023 Published: 24 April 2023

**Copyright:** © 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).

The demonstration emphasis here is on pre-deployment protection (i.e., counterfeit detection) applied within the near-cradle phase of the device's technical lifespan. This includes pre-deployment manufacturing and distribution protection.

Lifespan assurance is addressed here using Radio Frequency (RF)-based Distinct Native Attribute (DNA) fingerprinting to provide reliable pre-deployment detection of counterfeit devices. Such protection can be considered during manufacturing, following manufacturing, and/or at any point in the supply chain as the device makes its way into service. A form of active DNA fingerprinting is considered here that uses fingerprint features extracted from externally stimulated responses of non-operating, non-operably connected WirelessHART communication devices. The operational and technical motivations for making this choice are presented in Sections 1.1 and 1.2, respectively.

### *1.1. Operational Motivation*

The operational motivation for considering Wireless Highway Addressable Remote Transducer (WirelessHART) field device discriminability is generally unchanged from that put forth in prior related works [5,7–10]. It is even reasonable to argue that the motivation today remains stronger than ever given that (1) the number of fielded WirelessHART devices has reached into the tens-of-millions [11], and (2) hundreds of thousands of WirelessHART devices are manufactured annually and enter the supply chain [12]. Since its initial introduction WirelessHART has been well-received in European and North American industries given that [3,9,11,12]:


It has been noted that a five-device WirelessHART network provides "sufficiently redundant operation" [12] and flexibility to support general industrial network architectures [11] and the communications lifeline between critical infrastructure elements [13]. Thus, the consideration and demonstration of counterfeit detection using NDev = 8 hardware devices here is not overly simplified and has appropriate applicability to small-scale networks supporting information and communications technology applications.

The concerns with maintaining operational integrity and resiliency in critical information and communications technology systems [1,2] are not new and related protection criteria was established early in November 2009 by the Society of Automobile Engineers under SAE-AS6462 guidelines [14]. This guidance targeted aerospace applications and was adopted by the US Defense Logistics Agency in May 2014 [15]—they subsequently reaffirmed SAE-AS6462 relevance in April 2020. To cope with an expanding supply chain attack space, the SAE-AS6462 guidelines were subsequently updated to the most recent AS-5553D revision in March 2022 [16]. The evolution to AS-5553D includes the recognition of expanded applicability to all organizations (beyond aerospace) that procure "parts and/or systems, subsystems, or assemblies, regardless of type, size, and product provided". AS-5553D aptly notes that mitigation of adverse counterfeit effects is "risk-based" and steps taken to mitigate these effects "will vary depending on the criticality of the application, desired performance and reliability of the equipment/hardware".

### *1.2. Technical Motivation*

Identifying counterfeit devices early in their lifecycle is crucial to ensuring that operational integrity and resiliency are maintained. Near-cradle counterfeit detection activity within the technical cradle-to-grave protection strategy [5] has been considered using

fundamentally different RF-based approaches for various electronic, electrical, and electromechanical devices. Representative active stimulation methods include:


The work in [8] was the first to consider the discrimination of four -Siemens AW210 [22] and four Pepperl + Fuchs Bullet [23] WirelessHART adapters using active DNA fingerprinting. These demonstrations were motivated by earlier passive DNA fingerprinting works in [5] that used the same adapters. Passive DNA fingerprints are generated from devices that are operably connected and perform their normal by-design communication function. Subsequent demonstrations in [9] used the same WirelessHART adapters with passive DNA fingerprinting processes from [5,7] and the active DNA fingerprinting process from [8].

The work in [9] provides the main motivation for demonstrations performed here with a goal of improving overall computational efficiency and enhancing the operational transition potential. Several options were considered in [9], including the application of conventional signal processing (down-conversion and filtering) and factor-of-5 decimation of the active DNA stimulated responses from [8]. This provided (1) an effective sample rate reduction from 1 Giga Samples per second (GSps) to 200 Mega Samples per second (MSps) and (2) a corresponding decrease in the number of pulse time domain samples (1,150,000 to 230,000) used for DNA fingerprint generation.

### *1.3. Relationship to Prior Research*

Numerous RF fingerprinting methods have been considered as a means to discriminate electrical, electronic, and electromechanical components, and to improve operational reliability and security. For brevity, a detailed summary of RF fingerprinting methods is not included in this paper and the reader is referred to [24]. The authors in [24] have done a commendable job of categorizing various RF fingerprinting methods that use physical layer features to discriminate transmission sources. While the overall end-to-end identification process for the various methods can vary considerably, the main task of signal collection and digitization is largely the same and aimed at capturing signals that contain "useful features" to enable reliable identification. What is not immediately evident in [24] and the various fingerprinting works noted therein, is the Nyquist sampling conditions and how satisfying them does or does not impact the ability to extract useful features. This is not saying that these prior works did not consider Nyquist conditions, but rather that details for this consideration are not explicitly detailed in the works.

A majority of the works in [24] are believed to be based on discriminating features extracted from Nyquist sampled signal responses. This is a consequence of the researchers (1) considering conventional digital signal processing techniques that include consideration for Nyquist sampling conditions, or (2) using collected signals and/or methods from related work(s) where Nyquist sampling criteria were maintained. Satisfying Nyquist criteria enables receiver systems to reliably reconstruct the transmitted signal of interest and perform their intended by-design function (communicate, navigate, track, etc.). Nyquist criteria include sampling the signal of interest at a rate equal to, or greater than, the maximum system operating frequency—as operating frequency increases so does the amount of sampled data and required computational resources. The desire to minimize the amount of sampled data has motivated extensive research over the past decade. These works demonstrate acceptable signal reconstruction using a reduced number of samples without satisfying Nyquist criteria [25–28]—these are but a few representative works from a search using sub-Nyquist, undersampling, and compressive sensing terms.

Given the lack of detailed discussion on Nyquist sampling conditions in the RF fingerprinting works noted in [24], the authors believe that the work presented here is perhaps the first to consider a direct comparison of fingerprint discrimination performance with (1) fingerprint features generated under both Nyquist and sub-Nyquist conditions, (2) using the same collected device responses, and (3) a given classifier architecture. While work remains to consider sub-Nyquist conditions for other signal types and fingerprinting methods, results here suggest that deviating from Nyquist sampling constraints is a viable option and fingerprinting can be performed without regard for preserving by-design signal information.

### *1.4. Paper Organization*

The remainder of this paper is organized as follows. The Demonstration Methodology is presented in Section 2 which provides selected details for relevant processes used to generate the demonstration results. This includes details for Experimental Collection and Post-Collection Processing in Section 2.1, Nyquist Decimation in Section 2.2, Sub-Nyquist Decimation in Section 2.3, Time Domain DNA Fingerprint Generation in Section 2.4, and Multiple Discriminant Analysis (MDA) in Section 2.5. Section 2.5 includes two sub-sections that provide details for Device Classification in Section 2.5.1 and Device ID Verification in Section 2.5.2. Details for Convolutional Neural Network (CNN) Discrimination is provided in Section 2.6. This includes implementation details for the one-dimensional CNN (1D-CNN) architecture in Section 2.6.1 and the two-dimensional CNN (2D-CNN) architecture in Section 2.6.2. Section 3 provides the Device Discrimination Results and includes MDA Classification Performance in Section 3.1 and CNN Classification Performance in Section 3.2. The final Counterfeit Discrimination Assessment results are presented in Section 3.3 and the paper concludes with the Summary and Conclusions presented in Section 4.

### **2. Demonstration Methodology**

This section summarizes the experimental demonstration steps used to generate the classification results presented in Section 3. These steps include:


### *2.1. Experimental Collection and Post-Collection Processing*

Stimulated WirelessHART response signals were originally collected and post-collection processed for demonstration activity in [8]. An overview of the collection setup is provided in Figure 1 and is based on integrated circuit anti-counterfeiting work in [18]. There are three main hardware components, including (1) a Keysight N5222B network analyzer [29] for generating the SFM input stimulus *s*IN(*t*), (2) a LeCroy WaveMaster 825Zi-A oscilloscope [30] for collecting the device under test output response *s*OUT(*t*), and (3) the WirelessHART device under test.

**Figure 1.** Active DNA fingerprinting setup used for collecting WirelessHART device responses. Post-collection processing applied prior to DNA fingerprinting.

Table 1 shows details for the four Siemens [22] and four Pepperl + Fuchs [23] WirelessHART adapters considered. The NDev = 8 adapters are identified as the D1, D2, ... , and D8 devices for demonstration. Although the device labeling of Siemens AW210 and Pepperl + Fuchs Bullet devices makes it appear that they are from two different manufacturers, it was previously determined in [5] that these devices are actually from the same manufacturer. The devices were distributed under two different labels with dissimilar serial number sequencing (a result of company ownership transition). Thus, the device discrimination being considered is the most challenging, that is the like-model and intra-manufacturer case using identical hardware devices that vary only by serial number.


**Table 1.** Selected details for NDev = 8 WirelessHART adapters used for demonstration.

The N5222B source parameters were set to produce the SFM stimulus signal *s*SFM(*t*) that was input as *<sup>s</sup>*IN(*t*) to 1-of-5 available adapter wires that are denoted as <sup>W</sup>*<sup>j</sup>* IN for *j* ∈ {1, 2, ... , 5}. The SFM parameters were empirically set to maximize the source and device under test electromagnetic interaction with a goal of increasing discriminable information. The post-collected SFM response characteristics from [8] included (1) a total of *N*SFM = 9 sub-pulses, (2) sub-pulse duration of *T*<sup>Δ</sup> = 0.125 ms for a total SFM pulse duration of *T*SFM = 1.125 ms, and (3) sub-pulse spectral spacing of *f* <sup>Δ</sup> = 5 MHz yielding an SFM pulse bandwidth of WSFM ≈ 50 MHz that approximately spans 400 MHz < *f* < 450 MHz. Each *s*OUT(*t*) response received by the 825Zi-A oscilloscope was digitized, stored, and its corresponding output sample sequence {*s*OUT(*t*)} used for fingerprint generation.

As indicated in Figure 1, the SFM stimulus is applied to a given W*<sup>j</sup>* IN wire (*j* ∈ {1, 2, ... , 5}) and the output response *s*OUT(*t*) is collected from 1 of 4 remaining wires. The output collection wire is denoted as W*<sup>k</sup>* OUT for *k* ∈ {1, 2, ... , 5}, *k* = *j*. Thus, there are a total of 20 order-matters W*<sup>j</sup>* IN : <sup>W</sup>*<sup>k</sup>* OUT permutations available for active DNA fingerprinting. The collections from [8] were used here for demonstration and included W*<sup>j</sup>* IN being the device input power wire and W*<sup>k</sup>* OUT being the HART communication signaling wire.

### *2.2. Nyquist Decimation*

Initial computational complexity reduction activity using the post-collected pulses from [8] was performed as part of work detailed in [9]. However, details of the theorybased Nyquist decimation process were omitted from [9] due to page constraints. Selected details are now included here to highlight differences between Nyquist decimated and the sub-Nyquist decimated processing detailed in Section 2.3. Processing of post-collected *s*PC(t) pulses with Nyquist decimation is shown in Figure 2. The processing includes conventional signal processing of down-conversion (D/C), near-baseband BandPass (BP) filtering, decimation, and estimation of various powers and SNRs included.

**Figure 2.** Overall down-conversion, filtering, Nyquist decimation, and SNR scaling processes used to generate the desired analysis *s*A(t) for DNA fingerprinting.

The so-called "proper" decimation that is used here is consistent with Matlab's downsample function and includes every NDecFac sample being retained and all others discarded. The desired effects of this decimation include (1) an effective sample rate reduction

by a factor of 1/NDecFac (computational complexity reduction), and (2) retention of ascollected sample values and inherent source-to-device electromagnetic interaction effects (discriminable fingerprint information retention).

Figure 2 shows how the post-collected device response *s*PC(t) is (1) Down-Converted (D/C) to near-baseband using a local oscillator frequency of fLO = 375 MHz, (2) BandPass (BP) filtered at the D/C center frequency of *f* D/C = 425 − 375 = 50 MHz using a 16th-order Butterworth filter having a passband of WBP = 50 MHz, and (3) decimated by NDecFac = 5 to produce the decimated *s*D(t)—this decimation factor choice was based on being the highest decimation factor that can be used while ensuring that Nyquist criteria is maintained. Thus, each of the WirelessHART *s*PC(t) responses at a sample rate of *f* <sup>S</sup> = 1 GSps (NPC = 1,150,000 post-collected time domain samples per pulse) are converted to have an *f* <sup>S</sup> = 200 MSps rate (NDec = 230,000 decimated time domain samples per pulse) prior to fingerprint generation. This processing was performed for all of the NPls = 1132 pulses that were collected and post-collection processed for each of the NDev = 8 WirelessHART adapters (D1, D2, ... , D8) listed in Table 1.

The time domain effects of Figure 2 Nyquist decimation processing is illustrated for a representative WirelessHART *s*PC(t) signal is in Figure 3. These plots are for the case where there is no like-filtered AWGN SNR scaling (SNRA = SNRPC). The Region of Interest (ROI) samples for DNA fingerprint generation are highlighted in Figure 3 as well. Apart from ROI sample index number changes required to ensure the pulse ROI duration remains unchanged following decimation, the time domain amplitude effects of sample decimation are minimally discernable.

**Figure 3.** Time domain amplitude responses for (**a**) a representative post-collection processed pulse at *f* <sup>S</sup> = 1 GSps and (**b**) the corresponding NDecFac = 5 Nyquist decimated pulse at *f* <sup>S</sup> = 200 MSps showing the DNA fingerprinting ROI sample range.

The impact of Figure 2 Nyquist decimation processing is most evident in the frequency domain power spectral densities shown in Figure 4. This figure shows power spectral density (PSD) overlays for the (1) input *s*PC(t) response (far right red), (2) down-converted *s*D/C(t) response (far left green plus middle blue), and (3) final down-converted, bandpass filtered, and decimated *s*D(t) response (far left green) used for the analysis *s*A(t) generation. The impulse response (green dashed line) of the post-D/C bandpass filter WBP is shown for reference. As desired for Figure 2 processing, the spectral content of *s*D(t) is displaced but structurally unchanged from the input *s*PC(t).

**Figure 4.** Overlay of Post-Collected (PC) input, Down-Converted (D/C) Image, D/C Filtered, and BandPass filtered (WBP) impulse response (dashed line).

### *2.3. Sub-Nyquist Decimation*

The main computational complexity reduction activity using post-collected WirelessHART pulses is referred to herein as sub-Nyquist decimation. Relative to the Nyquist decimation detailed in Section 2.2, the goal involves further reduction in the number of time domain samples in *s*PC(t) used for classifier training and testing. The overall processing for sub-Nyquist decimation is illustrated in Figure 5. The indicated NDecFac = 205 decimation factor was empirically chosen and implemented through "proper" decimation. The choice of NDecFac = 205 was motivated by community feedback relative to the presentation made in support of [20]. This feedback included suggestions that "a minimum sample rate reduction of 200" should be considered to make the DNA fingerprinting method more attractive for adoption and operational implementation. The final choice of NDecFac = 205 was based on observing the decimated spectral responses and ensuring that both the number of SFM tones and the order of the tones were maintained. The process included "proper" decimation of *s*PC(t) signals from [8] such that every 205th sample in the collections were retained and all others are discarded.

**Figure 5.** Overall sub-Nyquist decimation, estimation, filtering, and SNR scaling processes used to generate the desired analysis *s*A(t) that is input to the DNA fingerprinting process.

Nyquist sampling conditions of *f* <sup>S</sup> = 1 GSps > 2 × fMax = 2 × 425 MHz = 950 MHz were satisfied for the original post-collected *s*PC(t) signals in [8]. Thus, application of the empirically chosen NDecFac = 205 proper decimation factor effectively yields sub-Nyquist sampled signals for DNA fingerprinting. As illustrated throughout the remainder of this subsection using the same representative SFM response pulse used for Section 2.2, the NDecFac = 205 sub-Nyquist decimation of *s*PC(t) results in (1) the desired reduction in the number of samples used for fingerprint generation and classification, (2) an effective sample rate reduction by a factor of 1/NDecFac, and (3) inherent down-conversion, bandwidth compression, and increased background noise power in the spectral domain.


The sub-Nyquist decimation of SFM response signals was performed using an empirically chosen NDecFac = 205 decimation factor. The post-collection processing in [8] resulted in NPC = 1,150,000 samples per SFM pulse at a sample frequency of *f* <sup>S</sup> = 1 GSps. Thus, for the empirically chosen NDecFac = 205 factor, the sub-Nyquist decimated SFM pulses used here included a total of NDec = 1,150,000/205 = 5610 samples at a decimated sample rate of *f* SDec = 1GSps/205 ≈ 4.88 MSps. The overall sub-Nyquist decimation process in Figure 5 was applied to a total of NPls = 1132 pulses that were collected and post-collection processed for each of the NDev = 8 WirelessHART devices being considered.

The effect of sub-Nyquist time domain sample decimation is illustrated in the amplitude responses shown in Figure 6. The ROI samples used for DNA fingerprint generation are highlighted as well. As implemented in [8], the post-collected SFM pulses are comprised of *N*SFM = 9 sub-pulses, with (1) the duration of each sub-pulse being *T*<sup>Δ</sup> = 0.125 ms and contributing to an overall SFM pulse duration of *T*SFM = 9 × 0.125 ms ≈ 1.125 ms, and (2) the sub-pulses sequentially occurring at a uniform frequency spacing of *f* <sup>Δ</sup> ≈ 5 MHz and contributing to an overall SFM pulse bandwidth of WSFM ≈ 50 MHz. The *T*SFM ≈ 1.125 ms pulse duration includes to a total of NSPC = (1.125 ms × 1 GSps) ≈ 1,125,000 time domain samples in the post-collected pulse responses (Figure 6a) and NSDec = (1.125 ms × 4.88 MSps) ≈ 5490 time domain samples in the decimated responses (Figure 6b) used for DNA fingerprinting.

**Figure 6.** Time domain amplitude responses for (**a**) a representative post-collection processed pulse at *f* <sup>S</sup> = 1 GSps and (**b**) the corresponding NDecFac = 205 sub-Nyquist decimated pulse response *f* SDec = 1/205 GSps showing the DNA fingerprinting ROI sample range.

The corresponding power spectral density (PSD) responses for sub-pulses contained in Figure 6 pulses are shown overlaid in Figure 7. The non-decimated SFM pulse bandwidth indicated in Figure 7a (dashed lines) is WPC ≈ 50.0 MHz and spans a frequency range of 400 < *f* < 450 MHz. For the post-collected *f* Max = 450 MHz and *f* SPC = 1 GSps, the Nyquist criteria of *f* SPC = 1 GSps ≥ 2 × 450 MSps = 900 MHz is satisfied for post-collection processed SFM pulses from [8]. The corresponding NDecFact = 205 decimated SFM pulse bandwidth in Figure 7b (dashed lines) is WDec ≈ 1.0 MHz and spans a frequency range of approximately 87 < *f* < 1150 KHz. For the decimated *f* Max = 1150 KHz and the decimated *f* SDec ≈ 4.88 MSps, the Nyquist criteria of *f* SDec ≈ 4.88 MSps ≥ 2 × 1150 KHz ≈ 2.3 MHz is not satisfied for decimated SFM pulses and sub-Nyquist DNA fingerprinting is performed. Comparison of Figure 7a,b highlights the earlier noted down-conversion and bandwidth compression of *s*PC(t) resulting from sub-Nyquist NDecFac = 205 decimation.

(**b**)

**Figure 7.** Overlay of individual SFM sub-pulse (SP) power spectral density (PSD) responses for pulses in Figure 6 with approximate SFM bandwidths bounded by the vertical dashed lines. (**a**) Post-collected SFM sub-pulse (SP) responses spanning WSFM ≈ 50 MHz. (**b**) Corresponding NDecFac = 205 sub-pulse (SP) responses spanning WDec ≈ 1 MHz.

The power spectral densities for the composite SFM pulses are provided in Figure 8. Of note in comparing the non-decimated post-collected (PC) and decimated (Dec) responses in this figure are the average estimated background noise powers (NPC and NDec) shown in the captions. The NPC <sup>≈</sup> 5.54 <sup>×</sup> <sup>10</sup>−<sup>5</sup> (W/MHz) background noise power for Figure 8a was calculated as the average of seven noise powers estimated in seven adjacent ideal WPC = 50.0 MHz filters (red dashed line regions) spanning 0 < *f* < 350 MHz. The decimated NDec ≈ 3.56 (W/MHz) background noise power for Figure 8b was calculated as the average noise power in a single ideal WDec ≈ 1.0 MHz filter (red dashed line region) spanning 13.5 < *f* < 23.5 MHz. Considering the ratio of ND/NPC noise powers, the difference in post-collected and sub-Nyquist decimated background noise powers (NBΔ) is given by NB<sup>Δ</sup> <sup>≈</sup> <sup>10</sup> <sup>×</sup> log10[3.56/(5.54 <sup>×</sup> <sup>10</sup>−5)] <sup>≈</sup> 48.1 dB. This is the previously noted increased background noise power level resulting from sub-Nyquist decimation.

**Figure 8.** Composite SFM power spectral density responses showing spectral regions used to estimate average background noise powers. (**a**) Post-collected (PC) composite SFM pulse power spectral density with WPC ≈ 50 MHz. Estimates made within WPC include SPC + NPC ≈ 78.74, NPC <sup>≈</sup> 5.54 <sup>×</sup> <sup>10</sup>−<sup>5</sup> and SNRPC <sup>≈</sup> 61.53 dB. (**b**) Corresponding NDecFac = 205 decimated pulse power spectral density with WSFM ≈ 1 MHz. Estimates made within WSFM include SDec + NDec ≈ 69.92.74, NDec ≈ 3.56 and SNRDec ≈ 12.71 dB.

The overall pre-fingerprint generation processing with decimation, filtering, Signal-to-Noise Ratio (SNR) estimation and analysis SNR (SNRA) scaling is illustrated in Figure 5. Using the post-collected SFM signal *s*PC(t) and desired analysis SNRA as inputs, the steps for generating analysis signal *s*A(t) at the desired SNRA include:


The time and frequency domain effects of Figure 5 processing are shown in Figures 9 and 10 for a NDecFac = 205 decimated *s*D(t) SFM pulse at SNRDec ≈ 12.71 dB and a desired like-filtered power-scaled analysis *s*A(t) at SNRA = 0 dB. These plots were generated for the decimated *s*D(t) of the representative SFM pulse used for Figure 8 responses. The estimated SNRA ≈ 0 dB shown in Figures 9 and 10 captions was estimated using the WDec ≈ 1.0 MHz decimation filter bandwidth. The final ROI samples used for time domain DNA fingerprint generation are highlighted in the bottom plot of Figure 9.

**Figure 9.** Time domain effects of Figure 5 processing showing (**Top**) an input NDecFact = 205 decimated signal *s*D(t) at SNRDec ≈ 12.71 dB and (**Bottom**) corresponding output analysis *s*A(t) signal at SNRA ≈ 0 dB. Non-normalized plots are provided with the same vertical amplitude scale to highlight the effects of SNR degradation due to adding like-filtered AWGN.

**Frequency (KHz)**

**Figure 10.** Frequency domain effects of Figure 5 processing showing normalized power spectral density (PSD) for (**Top**) input NDecFact = 205 decimated signal *s*D(t) at SNRDec ≈ 12.71 dB and (**Bottom**) corresponding bandpass filtered analysis signal *s*A(t) at SNRA ≈ 0 dB. Normalized plots are provided with the same vertical scale to highlight the effects of within band SNR degradation.

### *2.4. Time Domain DNA Fingerprint Generation*

The time domain DNA generation process used here is a variant of previous passive [5,10,31,32] and more recent active [8,9] DNA-based fingerprinting works. Active DNA fingerprinting in [8,9] emerged from the earlier passive DNA fingerprinting methods [5,10,31,32] that steadily evolved within the wireless communications arena. Selected elements of time domain fingerprint generation are extracted from [9] and summarized here. The reader is referred to [9] and the other noted works for additional details.

The time domain region of interest samples from the analysis signals (those highlighted in Figure 9 and carried forward into Figure 11) are used to calculate statistical DNA features. For a real-valued sample sequence {sFP(*n*)} the statistical DNA features are calculated for instantaneous (1) *amplitude* response samples given by MFP(*n*) = |sFP(*n*)|; (2) *phase* response samples given by ΘFP(*n*) = tan−1[HRe(*n*)/ HIm(*n*)] where HRe(*n*) and HIm(*n*) are real and imaginary components of the Hilbert Transform denoted by Hilbert[sFP(*n*)]; and (3) *frequency* response samples given by ΦFP(*n*) = gradient[ΘFP(*n*)].

**Figure 11.** Time domain magnitude response for Figure 9 pulse showing the selected ROI (samples between the red dashed lines) and division into *N*Srgn = 18 subregions (samples between adjacent red dotted lines) used for generating statistical time domain DNA fingerprint features.

Statistical DNA features are calculated using the *N*Resp = 3 instantaneous response sequences of {MFP(*n*)}, {ΘFP(*n*)}, and {ΦFP(*n*)} and *N*Srgn contiguous subregions of {sFP(*n*)} that span the selected ROI. This is illustrated in Figure 11 which shows the {M(*n*)} magnitude responses for the representative pulse in Figure 9. Considering the calculation of *N*Stat = 3 three statistical features of variance, skewness, and kurtosis [33] using samples within each of the *N*Srgn = 18 subregions, and across the entire ROI as well, the time domain DNA fingerprints included a total of *N*TD = (*N*Srgn + 1) × *N*Resp × *N*Stat = (19 + 1) × 3 × 3 = 171 features.

### *2.5. Multiple Discriminant Analysis (MDA) Discrimination*

The MDA-based discrimination methodology used here was adopted from prior related work in [5,8,9]. These works exploited DNA features for device discrimination using the same NDev = 8 WirelessHART adapters listed in Table 1 and used here. While providing a motivational basis for active DNA fingerprinting demonstration here, care is taken in making direct comparison of results in [5,8,9] with results provided here—this is reiterated with greater detail in Section 3 results. Regardless, the MDA processing here is fundamentally the same and summary details are presented for completeness. The reader is referred to [5] for additional details and a more complete development of MDA-based device classification.

MDA-based classification (discrimination) assessments were performed using a trained (**W**, μ**F**, σ**F**, μ*n*, **Σ***n*) MDA model—bold variables are used here and henceforth throughout the paper to denote non-scalar vector or matrix quantities. The model components include (1) the MDA projection matrix **W** (dimension NFeat × (NCls − 1)), (2) the input fingerprint mean normalization factor μ**<sup>F</sup>** (dimension 1 × NFeat), (3) the input fingerprint standard deviation normalization factor σ**<sup>F</sup>** (dimension 1 × NFeat), (4) the projected training class means μ*<sup>n</sup>* (dimension 1 × (NCLS − 1)), and (5) the projected training class covariance Σ*<sup>n</sup>* (dimension (NCls − 1) × (NCls − 1)).

The classification process includes taking an unknown device fingerprint **F**Unk (dimension 1 × NFeat) and projecting it with **p**Unk = ( (**F**Unk − μ**F**) . σ−<sup>1</sup> **F** ) **W** into the MDA decision space [5]. The resultant **p**Unk (dimension 1 × NDev − 1) is used with a given measure of similarity and a given test statistic (ZUnk) generated. The resultant ZUnk is used

for making device classification decisions using threshold comparison. This represents an estimate indicating which 1 of NCls modeled devices the unknown **F**Unk most closely represents. The ZUnk test statistics used here were generated from probability-based Multi-Variate Normal (MVN) measures of similarity given their demonstrated superiority for device fingerprint discrimination [5,9].

### 2.5.1. Device Classification

Device classification decision results are summarized in a confusion matrix format [34], such as shown in Table 2, for a representative NCls = 8 model. This matrix shows MDA classifier testing using NTst = 2830 unknown testing fingerprints per class. Average crossclass percent correct classification (%C) is calculated as the sum of diagonal elements divided by the total number of estimates in the matrix (NTot = NTst × NCls). The bold diagonal entries in Table 2 yield an overall %C = [21,184/(2830 × 8)] × 100 ≈ 93.6 ± 0.3%. This calculation includes a ±CI95% = ±0.3% factor representing the 95% Confidence Interval (CI95%) calculated per [35]. The individual per-class testing is like-wise calculated on a row-by-row basis and ranges from a low of %CCls = (2459/2830) × 100 ≈ 86.9% (Class 2 and Class 5) to a high of %CCls = (2822/2830) × 100 ≈ 99.7% (Class 3).



Results in Table 2 show that a majority of the classification error (bold red entries) is attributable to mutual confusion between (1) Class 2 and Class 5, (2) Class 6 and Class 7, and (3) Class 1 and Class 8. The individual per class testing is like-wise calculated on a row-by-row basis and ranges from a low of %CCls = (2459/2830) × 100 ≈ 86.9% (Class 2 and Class 5) to a high of %CCls = (2822/2830) × 100 ≈ 99.7% (Class 3).

### 2.5.2. Device ID Verification

As detailed in [5], device ID verification is performed using the trained MDA model (**W**Best, μ**F**, σ**F**, μ*k*, **Σ***k*) with (1) testing fingerprints from an "unknown" device (denoted as D*<sup>j</sup>* for *j* = 1, 2, ... , NDev) and (2) a claimed ID associated with one of the authorized model devices (denoted as D*<sup>k</sup>* for *k* = 1, 2, ... , NDev and *j* = *k*). For the D*j*:D*<sup>k</sup>* ID verification assessment, a given measure of similarity (*Zk*) is generated for each unknown fingerprint, compared with the established training threshold (*Tk*) for device D*k*, and a binary accept (e.g., *Zk* ≥ *Tk*) or reject (e.g., *Zk* < *Tk*) decision made. Assuming the unknown device D*<sup>k</sup>* is counterfeit, the desired outcome is a reject decision. The resultant Counterfeit Detection Rate percentage (%CDR) can be simply estimated as the total number of reject decisions divided by the total number of testing fingerprints considered. The reader is referred to [5] for a more formal development of the ID verification process.

The counterfeit detection potential for a given classifier can be estimated using confusion matrix results, such as that provided in Table 3. The classification results in Table 3 are taken from Table 2 confusion matrix and divided into four sub-matrices (quadrants) that effectively reflect performance for an NCls = 2 classifier. The quadrants are segregated by the dashed lines to highlight elements used for calculating %CDR and the alternate Counterfeit Precision Rate percentage (%CPR) and Counterfeit Recall Rate percentage (%CRR) metrics that are introduced later. The two classes correspond to Class 1 being all Table 1 Siemens devices (D1, D2, D3, and D4) and Class 2 being all Table 1 Pepperl + Fuch devices

(D5, D6, D7, and D8). The mechanics for assessing counterfeit detection potential from a classification confusion matrix are demonstrated with the Siemens devices designated as authentic and the Pepperl + Fuch devices designated as counterfeits.

**Table 3.** Division of Table 2 classification confusion matrix into NCls = 2 sub-matrices to highlight elements used for estimating counterfeit detection metrics.


The classification results in Table 3 are consistent with the four Pepperl + Fuch devices being previously screened and declared as counterfeit devices. The counterfeit detection rate is estimated using diagonal elements in lower right hand quadrant of Table 3 and is given by %CDR = [(2459 + 2612 + 2662 + 2727)/(4 × 2830)] × 100 ≈ 92.40%. This exceeds the arbitrary performance benchmark of %CDR ≥ 90%. Calculation of this generally less rigorous %CDR metric is consistent with previous DNA works [5,31,32] and motivated by the desire to bolster cross-discipline understanding and appreciation for the work.

It has been suggested that a more rigorous counterfeit detection assessment can be made using hypothesis testing [5,34]. The test here involves counterfeit hypothesis testing with an unknown device (authentic or counterfeit) presenting an identity for a given counterfeit device. In this case, the hypothesis testing outcomes include: (1) a true positive (TP), the unknown counterfeit device is correctly declared counterfeit; (2) a false positive (FP) error, the unknown authentic device is errantly declared counterfeit; and (3) a false negative (FN) error, the unknown counterfeit device is errantly declared authentic. The resultant TP, FP, and FN outcomes are estimated from confusion matrix entries and used to calculate the alternate %CPR and %CRR metrics using [5,34],

$$\% \text{CPR} = \left(\frac{\text{TP}}{\text{TP} + \text{FP}}\right) \times 100 \,\text{\AA} \tag{1}$$

$$\% \text{CRR} = \left(\frac{\text{TP}}{\text{TP} + \text{FN}}\right) \times 100. \tag{2}$$

For the Table 3 confusion matrix, the hypothesis testing outcomes required for calculating the %CPR and %CRP metrics include TP = 2459 + 2612 + 2662 + 2727 = 10,460 (sum of diagonal elements in the lower right hand quadrant), FP = 546 (sum of all elements in the upper right hand quadrant), and FN = 517 (sum all elements in the lower left hand quadrant). These values are input to Equations (1) and (2) to yield the alternate %CPR ≈ 95.04% and %CRP ≈ 95.29% metrics to characterize counterfeit detectability.

### *2.6. Convolutional Neural Network (CNN) Discrimination*

Convolution Neural Network (CNN) processing is used to improve detection, identification, tracking, and classification in numerous application spaces. This is most evident when considering the plethora of more recent 2021–2022 research that has been conducted. These works include image processing centric CNN investigations supporting spatial terrain [36–38], smart grid [39], transfer learning [40], encoding/decoding [41], automatic modulation detection [42], and various electronic/electrical/electromechanical applications [7,43,44]. While [38] is not presented as a survey type paper, it does provide a noteworthy survey and summary with a relatively concise perspective on CNN processing.

Details for the CNN architectures used here are consistent with the basic CNN working principles noted in [38]. In the context of DNA fingerprinting, these principles are generally consistent with other classification problems and include: (1) data acquisition; (2) data exploration; (3) data preparation, decimation, digital filtering, standardization/normalization, and data splitting for training, validation, and testing; (4) CNN model development through hyperparameter selection; (5) model compilation with selected parameters, optimizer type, loss function, and metrics selection; (6) model training, weight updating, and biasing to increase classification performance; and (7) model application using testing fingerprints to make classification %C estimates.

In addition to the active DNA response conditioning and sub-Nyquist decimation in Section 2.3, data standardization and data splitting (training, validation, testing) with labels was required for CNN classification. The standardization included mapping to a Gaussian distribution (zero mean and unit variance) through calculation of a standard **Z**-score (**Z**Std) given by

$$\mathbf{Z\_{Std}} = \frac{\mathbf{X} - \mu\_{\mathbf{X}}}{\sigma\_{\mathbf{X}}} \tag{3}$$

where **X** is the data vector to be scored, *μ***<sup>X</sup>** is the mean of **X**, *σ***<sup>X</sup>** is the standard deviation of **X** and **Z**Std is the normalized value of **X**. The **X** here includes sequence **X**: {*x*} (time domain or frequency domain elements) that requires normalization aid deep learning and enable faster convergence.

CNN development requires selection of key hyperparameters (tuning) that include the number of neurons, activation function, optimizer, learning rate, batch size, and number of epochs. The CNN architectures considered here differ from traditional machine learning implementations where feature extraction is performed by a human. For the CNN processing here, the CNN plays the primary role in feature extraction with a goal of maximizing classification performance during training. This process includes the use of backpropagation to adjust weights and biases [45]. The CNN input data sizes are adaptable and exhibit immunity to small transformations from input data [46]. The convolutional layer filters are randomly initialized and optimized during training to identify discrimination-rich features.

For all CNN results here, the input data samples correspond to NPls = 5660 independent preprocessed pulses per device. These were randomly divided into pools containing approximately 80% training (NTng = 4528), 10% validation (NVal = 566), and 10% testing (NTst = 566) samples. Each input pulse sample was assigned a unique label corresponding to one of NDev = 8 device IDs and contained NDec = 230,000 sub-Nyquist decimated time samples per Section 2.3. The training, validation, and testing pulse samples were used to characterize (1) 1-D CNN performance using time-domain-only and frequency-domainonly features, and (2) 2-D CNN performance using joint-time-frequency features.

All samples for the NDev = 8 devices are assigned labels such that each device number is represented in a string of eight digits. For example, device D1 is encoded as 10000000, device D2 is encoded as 01000000, device D3 is encoded as 00100000, and so on. This encoding enables the application of dense layer output processing within the CNN using softmax activation. Softmax activation converts a vector of numbers into a vector of probabilities, with the probability estimate being proportional to a relative scale of each value in the vector. In multiclass output classification problems, such as DNA fingerprinting, the last layer is usually the softmax layer. The softmax operation used here is given by [47]

$$\mathfrak{p}\_k = a(s(\mathfrak{x}))\_k = \frac{e^{s\_k(\mathfrak{x})}}{\sum\_{j=1}^{\mathrm{N}\_{\mathrm{Cl}s}} e^{s\_j(\mathfrak{x})}} \tag{4}$$

where NCLS is the number of classes, *s*(*x*) is a vector containing the scores of each class for instance *x*, and *α*(*s*(*x*))*<sup>k</sup>* is the estimated probability that instance *x* belongs to class *k*, given the scores for each class for that instance.

### 2.6.1. 1D-CNN Architecture

The 1D-CNN architecture used for device discrimination with sub-Nyquist signal responses is shown in Figure 12. The core CNN processing was implemented using four hidden layers, including three 1D-CNN layers (1DCNN) with Rectified Linear Unit (ReLu) activation and one pooling layer. The pooling layer finds the most significant abstract features (fingerprints) for the dense output layer for device classification. The 1DCNN layers are not fully connected and require fewer parameters when compared to fully connected layers. The non-fully connected 1DCNN convolutional layers in Figure 12 share weights among neurons whereas within the fully connected layer every output neuron is connected to every input neuron through a specific set of weights.

**Figure 12.** 1D-CNN architecture used for time-domain-only and frequency-domain-only WirlessHART device classification. The gray shaded box includes core hidden layer and input layer processing elements that are common with the 2D-CNN architecture in Figure 13.

Figure 12 shows the 1D-CNN architecture used for device classification using TDO and FDO responses of sub-Nyquist sampled signals. This architecture is based on the generic 1D-CNN architecture detailed in [48]. As shown, the architecture includes seven total layers with the four core CNN processing layers being hidden layers. The 5610 × 1 dimensional input data were processed in the second CNN Conv1D\_L2 layer (first convolutional layer) using NCfil = 16 filters with a kernel size of NKrn = 5 and output a 5606 × 16 feature map. The third CNN Conv1D\_L3 layer (second convolutional layer) utilized NCfil = 32 filters and NKrn = 3 and output a 5604 × 32 feature map. The fourth CNN Conv1D\_L4 layer (third and final convolutional layer) utilized NCfil = 64 filters and NKrn = 3 and a 5602 × 64 feature map. As indicated in Figure 12, all three Conv1D layers use a Rectified Linear Unit (ReLU) activation function.

**Figure 13.** 2D-CNN architecture used for Joint-Time-Frequency (JTF) domain WirelessHART device classification. The two Core CNN Processing blocks are independent and functionally equivalent to those shown in Figure 12.

The feature map output of the final hidden Conv1D\_L4 convolutional layer in Figure 12 is input to the fifth CNN Pooling\_L5 layer. This layer performs global average pooling to accentuate feature rich information used for subsequent device classification. The Pooling\_L5 layer output is input to a fully connected FC\_L6 layer where optimization is performed to enhance class scoring and classification accuracy in the final Output\_L7 layer. The Output\_L7 results are used to form the classification confusion matrix detailed in Section 2.5 and estimate the %C and %CDR percentages.

The algorithm pseudocode for implementing the 1D-CNN processing in Figure 12 is presented in Algorithm 1. As detailed in the code, CNN processing employs dropout and kernel regularization to address issues associated with overfitting and to accelerate data processing. As indicated in Line 1, the learning process was implemented with an NLrn = 0.001 learning rate, NEpc = 40 epochs, and a mini-batch size of NMB = 32.

**Algorithm 1.** Algorithm pseudocode for implementing 1D-CNN processing. 1: **CNN** (trainX, trainY, validationX, validationY, testX, testY, learningrate = 0.001, epoch = 40, batchsize = 32): 2: inputs = shape (datapoints, dimension = 1) 3: model ← Conv1D (filters = 16, kernels = 5, activation = ReLU) (input) 4: model ← Conv1D (filters = 32, kernels = 3, activation =ReLU) (model) 5: model ← Conv1D (filters = 64, kernels = 3, activation = ReLU) (model) 6: model ← GlobalAvergagePooling (model) 7: model ← Flatten() (model) 8: model ← Dropout(0.20) (model) 9: model ← Dense (neurons = 8, activation = softmax, kernel\_regularizer = regularizers.L1L2 (l1 = 1 <sup>×</sup> <sup>10</sup>−5, l2 = 1 <sup>×</sup> <sup>10</sup>−4) (model) 10: model.compile (loss = categorical\_crossentropy, optimizer = Adam, learningrate) 11: model. Fit (trainX, trainY, validationX, validationY, epoch, batchsize) 12: Accuracy = model.evaluate (testX, testY) 13: **return** Accuracy

### 2.6.2. 2D-CNN Architecture

Figure 13 shows the 2D-CNN architecture used for JTF-based classification. This architecture includes replication of the core 1D-CNN processing layers in Figure 12 with time domain and frequency domain data input separately. The time domain Pooling\_LTD 5 and frequency domain Pooling\_LFD <sup>5</sup> layer outputs are independently processed within the fully connected FC\_L11 and FC\_L12 layers, respectively. These fully connected layer outputs are merged within the Concatenate\_L13 layer before final Output\_L14 classification occurs. The impact of this 2D-CNN JTF processing on the final classification performance is determined by analyzing confusion matrix %C and %CDR percentage estimates.

### **3. Device Discrimination Results**

Classification performance of MDA models representing all NCls = 8 devices is first considered in Section 3.1. These results are provided to (1) highlight the effects of Nyquist decimation detailed in Section 2.2 and sub-Nyquist decimation detailed in Section 2.3, and (2) to establish a baseline for subsequent CNN performance results in Section 3.2 that highlight the benefits of CNN processing. As with prior related DNA-based discrimination works [5,7–9], classification performance analysis is focused on the %C vs. SNR region neighboring an arbitrary performance benchmark of %C = 90%. Section 3.1 MDA and Section 3.2 CNN classification confusion matrices are used with the ID verification process in Section 2.5.2 to generate the counterfeit detection assessment results in Section 3.3.

### *3.1. MDA Classification Performance*

MDA classification results are presented in Figure 14 for the NCLS = 8 class discrimination of the NDev = 8 WirelessHART adapters in Table 1. Results are presented using fingerprints for WirelessHART signals with no decimation (•), Nyquist decimate-by-5 decimation (•), and sub-Nyquist decimate-by-205 decimation (•). Note that the no decimation (•) results are visually obscured by the overlaid Nyquist decimation (•) results—based on CI95% confidence intervals the no decimation and Nyquist decimate-by-5 results are statistically equivalent for all SNR considered.

**Figure 14.** MDA classification using fingerprints for WirelessHART signals with no decimation (•), NDecFac = 5 Nyquist decimation (•) and NDecFac = 205 sub-Nyquist decimation (•). The sub-Nyquist SNR (SNRΔ) and %C (%CΔ) degradations are highlighted at the dotted line values.

By comparison with the statistically equivalent no decimation (•) and Nyquist decimateby-5 decimation (•) results, the sub-Nyquist decimate-by-205 decimation (•) results are considerably poorer. Considering the %C = 90 arbitrary benchmark region, poorer performance is reflected in degradation metrics that include (1) a decrease in %C (%CΔ) that is calculated as %C<sup>Δ</sup> ≡ %CDec − %CNonDec ≈ 63.2% − 98.4% ≈ −35.2% at SNR = −9 dB, and (2) an increase SNR (SNRΔ) calculated as SNR<sup>Δ</sup> = SNRDec − SNRNonDec ≈ −3.96 + 12.98 ≈

'

' 

+9.02 dB at %C = 90%. These degradations are highlighted in Figure 14 at the dotted line values.

'  '

### *3.2. CNN Classification Performance*

CNN classification results are presented in Figure 15 for the NDev = 8 WirelessHART adapters in Table 1. This figure shows classification performance of the 1D-CNN Time-Domain-Only (TDO), 1D-CNN Frequency-Domain-Only (FDO) and 2D-CNN Joint Time-Frequency (JTF) architectures overlaid on an expanded region of the MDA %C vs. SNR results in Figure 14. Considering the sub-Nyquist performance results in Figure 15, the 2D-CNN JTF ( ) architecture performance is best overall and includes:

• The %C = 90% benchmark being achieved for SNR ≥ −9 dB;


### **CNN vs. MDA Classifier Testing Performance**

**Figure 15.** MDA vs. CNN classification highlighting the benefits of CNN processing. The 2D-CNN JTF ( ) %CΔ and SNRΔ benefits are highlighted at the dotted line values and represent recovery of MDA classification degradation resulting from sub-Nyquist response decimation.

### *3.3. Counterfeit Discrimination Assessment*

The estimated %CDRs with ±CI95% intervals for Figure 14 MDA classification results are summarized in Table 4 for three selected SNR. These %CDRs were calculated using confusion matrices and the estimation process detailed Section 2.5.2. Comparing the No Decimation and Nyquist Decimated estimates in Table 4, there is (1) no statistical difference in %CDR for the SNR = −15 dB and SNR = −9 dB conditions, and (2) less than 1% difference in %CDR for Nyquist decimation at SNR = −3 dB conditions. As reflected in the %CDR<sup>Δ</sup> differences in Table 4, there is considerable sub-Nyquist decimation degradation.

The estimated %CDRs with ±CI95% intervals for Figure 15 CNN sub-Nyquist classification results are summarized in Table 5 for three selected SNR. These were calculated using classification confusion matrices for results in Figure 15 and the estimation process detailed in Section 2.5.2. Based on the ±CI95% intervals, CNN %CDR performance of (1) FDO is the poorest for all SNR, (2) TDO and JTF are statistically equivalent for SNR = −15 dB and SNR = −9 dB, and (3) JTF is marginally better than TDO by %CDR<sup>Δ</sup> ≈ 2% at SNR = −3 dB. In light of minimizing computational complexity, it could be argued that

the 1D-CNN TDO architecture may be preferred over the 2D-CNN JTF architecture for operational implementation if the %CDR<sup>Δ</sup> ≈ 2% performance trade-off is not tolerable.

**Table 4.** Estimated %CDRs with ±CI95% intervals for MDA classification results in Figure 14. The Nyquist decimated versus Sub-Nyquist decimated %CDRΔ differences are provided in the bottom row for comparison and highlight the degrading effects of sub-Nyquist decimation.


**Table 5.** Estimated %CDR with ±CI95% for Figure 15 CNN classification results. All results for sub-Nyquist decimation with MDA %CDRs taken from Table 4 and reintroduced for comparison.


The corresponding sub-Nyquist MDA results from Table 4 are also provided in Table 5 for comparison. As indicated, the CNN JTF classifier outperforms the MDA classifier by a considerable margin and achieves the arbitrary %CDR > 90% benchmark for all SNR ≥ −9 dB. The CNN JTF classifier improvement relative to MDA is reflected in the %CDR<sup>Δ</sup> = %CDRJTF − %CDRMDA percentages in the bottom row. Collectively considering %CDR<sup>Δ</sup> for the three represented SNR, the CNN JTF classifier provides an average improvement of %CDR<sup>Δ</sup> ≈ 29.9% in counterfeit detection performance relative to the MDA classifier, while achieving the %CDR > 90% benchmark for all SNR ≥ −9 dB.

The final counterfeit assessment results are presented in Table 6 to enable performance comparison between the generally less rigorous %CDR detection metric and the alternate more rigorous hypothesis testing %CPR precision and %CRR recall metrics calculated using Equations (1) and (2), respectively. These results show that the cross-SNR average CNN counterfeit detection, precision, and recall rates all exceed 90%.

**Table 6.** Comparison of estimated counterfeit detection (%CDR), precision (%CPR), and recall (%CRR) metrics for best-case Figure 15 results using the 2D-JTF CNN with sub-Nyquist features.


### **4. Summary and Conclusions**

This work was motivated by the need to achieve reliable detection of counterfeit electronic, electrical, and electromechanical devices being used in critical information and communications technology applications. The counterfeit mitigation goal is to ensure that operational integrity and resiliency objectives are maintained [1,2]. WirelessHART is among the key communications technologies requiring protection and the current motivation for protecting WirelessHART systems is generally unchanged from prior related work [5,7–10]. One could argue that the motivation today is even stronger than ever given the number of fielded WirelessHART devices is approaching tens of millions [11] and hundreds of thousands of WirelessHART devices enter the supply chain annually [12]. Counterfeit device detection is addressed with a goal of enhancing the operational transition potential of previously demonstrated active DNA fingerprinting methods [8,9]. The goal is addressed in light of increased computational efficiency (decreased computational complexity) and increased counterfeit detection rate objectives.

Computational efficiency can generally be improved by reducing the total number of processed signal samples. This reduction is easily accomplished through sample decimation which is generally applied with a goal of retaining information—this is generally assured when the Nyquist sampling constraint is enforced. Retaining signal information is not a DNA fingerprinting requirement and thus an aggressive NDec = 205 sample decimation was applied to the WirelessHART adapter responses from [8]—this pushed the spectral information content well-below the Nyquist constraint. This resulted in an effective sample rate reduction (1 GSps to 200 MSps) and the desired reduction in the total number of samples (1,150,000 to 230,000) being processed.

The sub-Nyquist decimate-by-205 sampled responses were used for DNA-based Multiple Discriminant Analysis (MDA) and Convolutional Neural Network (CNN) classification. Counterfeit device classification and detectability was performed using eight commercial WirelessHART communication adapters [7–9]. The MDA classifier performance provided a baseline for highlighting (1) the overall degrading effects of sub-Nyquist sampling, and (2) detectability improvements that are realized using the CNN classifier. Relative to using Nyquist-compliant DNA fingerprint features, MDA performance using DNA features from sub-Nyquist sampled WirelessHART responses included *decreases* of %C<sup>Δ</sup> ≈ 35.2% and %CDR<sup>Δ</sup> ≈ 36.9% in classification and counterfeit detection at SNR = −9 dB. Corresponding CNN classifier performance using the same sub-Nyquist sampled responses was considerably better with a majority of the MDA degradation being recovered. This included best case CNN performance with a 2D Joint Time-Frequency (JTF) CNN architecture providing increases of %C<sup>Δ</sup> ≈ 26.2% and %CDR<sup>Δ</sup> ≈ 29.2% at SNR = −9 dB. For the full range of −15 dB ≤ SNR ≤ −3 dB average CNN performance included %CDR<sup>Δ</sup> ≈ 29.9%, with corresponding detection, precision and recall rates all exceeding 90% for SNR ≥ −9 dB.

**Author Contributions:** Conceptualization, M.A.T. and C.M.R.; Data curation, M.A.T.; Formal analysis, J.D.L., M.A.T. and C.M.R.; Investigation, J.D.L.; Methodology, J.D.L., M.A.T. and C.M.R.; Project administration, M.A.T. and C.M.R.; Resources, M.A.T. and C.M.R.; Supervision, M.A.T.; Validation, J.D.L. and M.A.T.; Graphic Visualization, J.D.L. and M.A.T.; Writing—original draft, M.A.T.; Writing—review and editing, J.D.L., M.A.T. and C.M.R. All authors have read and agreed to the published version of the manuscript.

**Funding:** This research was funded in part by support funding received from the Spectrum Warfare Division, Sensors Directorate, U.S. Air Force Research Laboratory, Wright-Patterson AFB, Dayton OH, during U.S. Government Fiscal Years 2019–2022.

**Institutional Review Board Statement:** Not applicable.

**Informed Consent Statement:** Not applicable.

**Data Availability Statement:** The experimentally collected WirelessHART data used to obtain results were not approved for public release at the time of paper submission. Requests for release of these data to a third party should be directed to the corresponding author. Data distribution to a third party will be made on a request-by-request basis and are subject to public affairs approval.

**Acknowledgments:** The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the United States Air Force or the U.S. Government. This paper is approved for public release, Case Number 88ABW-2023-0065.

**Conflicts of Interest:** The authors declare no conflict of interest. The funders had no role in the design of the study; in the collection, analyses, or interpretation of data; in the writing of the manuscript, or in the decision to publish the results.

### **Abbreviations**

The following abbreviations are used throughout the manuscript:


### **References**


**Disclaimer/Publisher's Note:** The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.
