MAG-PUFs: Authenticating IoT Devices via Electromagnetic Physical Unclonable Functions and Deep Learning

: The challenge of authenticating Internet of Things (IoT) devices, particularly in low-cost deployments with constrained nodes that struggle with dynamic re-keying solutions, renders these devices susceptible to various attacks. This paper introduces a robust alternative mitigation strategy based on Physical-Layer Authentication (PLA), which leverages the intrinsic physical layer characteristics of IoT devices. These unique imperfections, stemming from the manufacturing process of IoT electronic integrated circuits (ICs), are difficult to replicate or falsify and vary with each function executed by the IoT device. We propose a novel lightweight authentication scheme, MAG-PUFs, that uses the unintentional Electromagnetic (EM) emissions from IoT devices as Physical Unclonable Functions (PUFs). MAG-PUFs operate by collecting these unintentional EM emissions during the execution of pre-defined reference functions by the IoT devices. The authentication is achieved by matching these emissions with profiles recorded at the time of enrollment, using state-of-the-art Deep Learning (DL) approaches such as Neural Networks (NN) and Autoencoders. Notably, MAG-PUFs offer compelling advantages: (i) it preserves privacy, as it does not require direct access to the IoT devices; and, (ii) it provides unique flexibility, permitting the selection of numerous and varied reference functions. We rigorously evaluated MAG-PUFs using 25 Arduino devices and a diverse set of 325 reference function classes. Employing a DL framework, we achieved a minimum authentication F1-Score of 0.99. Furthermore, the scheme’s efficacy in

Dear Editor, Please find enclosed the revised paper entitled: "MAG-PUFs: Authenticating IoT Devices via Electromagnetic Physical Unclonable Functions and Deep Learning", submitted for possible publication to the prestigious Computers & Security.This paper is a thorough extension of our previous contribution "MAG-PUF: Magnetic Physical Unclonable Functions for Device Authentication in the IoT", presented at the EAI 18th International Conference on Security and Privacy in Communication Systems (SecureComm 2022), held from October 17-19, 2022.Compared to the above manuscript, the following novel contributions are provided in this paper: • Results using additional reference functions.In the conference paper, we tested MAG-PUFs using a limited set of 4 reference functions run on 25 Arduino devices.In this extended version, we tested MAG-PUFs on an extended set of 13 reference functions run on 25 Arduino devices.These additional reference functions resulted in a new set of 25 • 9 = 225 configurations, aiming to show the flexibility and extensibility of our solution.
• Minimization of setup cost and fingerprinting bandwidth.In the conference paper, we collected the EM emissions using a dedicated expensive spectrum analyzer.In this extended version of the paper, we managed to reduce the cost of the experimental setup while keeping performance outstanding.To this aim, in place of the spectrum analyzer, we use the Commercial off-the-shelf (COTS) device RTL-SDR, obtaining very similar performance results.We also reduced the acquisition bandwidth from 20 MHz to 2 MHz, further reducing the computational requirements and cost of our solution.
• Study of the effect of the equipment location on the accuracy of MAG-PUFs.In this extended version of our manuscript, we run thorough experiments aiming to investigate the impact of the distance between the Electromagnetic (EM) antenna and the IoT board on the accuracy of our solution.
• Study of the impact of the RF interference on the EM emissions.We systematically analyze the effect of increasing levels of RF interference on the profile of the collected EM emissions, quantifying their effect on the accuracy of our solution.
• Impostor device detection.In this extended version of our work, we provide additional experiments aimed at enabling the detection of impostor IoT devices using autoencoders, so as to allow MAG-PUFs to respond adequately to new unseen EM emissions.We show that autoencoders can discriminate impostor IoT devices with an accuracy always exceeding 99%.
• Discussion of methods for Code obfuscation and countermeasures for adversary RF interference.In this extended version of the manuscript, we discuss some techniques that can be used by system administrators to obfuscate and hide the nature of the specific reference function running on the prover IoT device from any EM eavesdropping adversary.In addition, we provide some countermeasures that the system administrator can use to thwa-rt an adversary that aims to disrupt the authentication process by emitting a strong RF interference targeting the operating frequency bandwidth of MAG-PUFs.
• Background on EM fingerprinting and discussion of MAG-PUFs use cases.In this extended version of the manuscript, we provide a more comprehensive backgrou-nd on the EM fingerprinting technique and provide some examples of possible use cases motivating the deployment of MAG-PUFs.
• Comparison to existing PUFs.In this expanded version, we compare our solution to existing PUFs both qualitatively and quantitatively, showing its remarkable performances and advantages at the expense of the deployment of a few dedicated components.
We want to highlight that the paper published in the proceedings of the EAI 18th International Conference on Security and Privacy in Communication Systems (SecureComm 2022) had 20 pages in the LNCS template, while this present contribution accounts for 21 double-column pages in the Elsevier format template.
In this revised version of the paper, all reviewers' comments have been addressed.Please find the detailed answers to the comments of the reviewers in the Response Letter document provided along with the main submission file.Finally, we have improved not only the quality of our work but also expanded the contents, including new equations, tables, and images, improving the discussion of several sections, and presenting new contents-resulting in additional 3 double-column pages compared to the original submission.
We believe that the relevance of the subject, the breakthrough novelty introduced by our approach, and its potential impact on the security research community, as well as the rigorous theoretical treatment accompanied by an extensive experimental campaign that does support the theoretical findings, make this paper an ideal contribution to the Computers & Security community.
Thank you in advance for the valuable efforts in handling our submission.
Looking forward to hearing from you, Best regards, Omar Adel Ibrahim Savio Sciancalepore Roberto Di Pietro • Finally, as suggested by the reviewers, we improved the organization of the manuscript.
Also, we carefully reviewed and proof-checked the editorial styling, abbreviations, and grammar of our paper, removing typos, grammatical mistakes, missing punctuation, and ill-formed sentences included in the previous version of the manuscript.
By addressing the above-introduced points, we have improved the quality of our work and expanded the provided content.In particular, we improved the discussion of several sections and presented new material, providing three (3) more new pages (16.7% more content).
Please, find below the detailed answers to each of the reviewers' requests.
Best Regards, Omar Adel Ibrahim Savio Sciancalepore Roberto Di Pietro Generally speaking, PUFs are security primitives that exploit the intrinsic complexity and randomness of physical systems.They are used not only for secure key generation but also for authentication purposes.Error correction schemes are usually considered together with Physically Unclonable Functions (PUFs) for the design of reliable physical-layer key generation schemes.However, in our case, the intended purpose of the PUF in MAG-PUFs is not key generation, but the unique identification and authentication of the device, where perfect reproducibility is not required.In such cases, the PUF can tolerate some level of inconsistency in its responses, without this uncertainty affecting its primary function, as small variations in the PUF response do not significantly impact its ability to identify or authenticate a device.By eliminating the need for an error correction scheme, the PUF design becomes simpler and more cost-effective.Note that our design choice not to use error correction aligns with other solutions in the literature using other PUFs for authentication, such as the contributions by the authors in [1], [2], and [3].Also, we note that error correction mechanisms, especially for generating cryptographic keys, require additional hardware or software resources.Key generation PUFs are more sensitive to environmental and operational variations like temperature changes, aging, or power supply noise, requiring error correction to maintain key consistency.As shown through the performance evaluation in Sec. 5 of the paper, such resources are unnecessary for device identification and authentication tasks carried out by MAG-PUFs.

Action 1.1:
We included the above considerations in Sec.6 of the revised version of the manuscript.

Comment 1.2:
When detecting rogue devices, concentrating solely on three reference functions prevents us from assessing the overall success of the system.Hence, it needs to be tested on all 13 reference functions.

Response 1.2:
Following the Reviewer's suggestion, in the revised version of the manuscript, we included the results for the scenario of imposter (rogue) device detection for all 13 reference functions, as summarized in Figure 1.
Note that performances are remarkably independent of the considered reference function, contributing to highlighting the viability of our proposed solution.
A  We included the above considerations in Sec.5.4 of the revised version of the manuscript.

Comment 1.3:
In my view, it is clear from Table 4 that the overall expense of the system is still high.Additionally, it lacks compactness, necessitating an isolated area for all components.This is particularly important due to background noise being a significant issue.

Response 1.3:
We thank the Reviewer for this comment, which allowed us to clarify the meaning and scope of our analysis and contribution.
First, we would like to highlight that, to the best of our knowledge, this paper provides the first thorough study into the feasibility and limitations of carrying out device authentication via electromagnetic emissions radiated by IoT devices while executing reference functions.As such, our contribution offers a new perspective on this research area, providing evidence of its strengths and limitations.In this context, we agree with the Reviewer that there are also some limitations connected to the use of this technology for authentication, including the size of the equipment, the cost, and the possibly high background noise.However, in line with our research mission, our aim is to highlight the strengths and limitations of this technology so as to provide system administrators and operators with all the tools and information they need to make the best decision for their intended objectives.
Specifically, while the initial expense of setting up MAG-PUFs system might appear high, it is important to consider also the long-term benefits.MAG-PUFs offers unique advantages in security applications, such as resistance to cloning and physical tampering, which can often outweigh the initial setup costs.Additionally, as technology advances, MAG-PUFs is likely to become more compact, allowing for easier integration.
As for the issue of background noise, it is important to note that in our experimental setup, we use a near-field Electromagnetic (EM) probe.Being near-field, its primary function is to capture EM emissions mainly radiated within a close range of proximity.This characteristic significantly aids in minimizing noise originating from other environmental sources and enhancing the fidelity of the EM emissions measurements.Furthermore, to ensure an interference-free communication environment for our MAG-PUFs measurements, we select an unoccupied frequency bandwidth, e.g., 31-33 MHz.This is pivotal in avoiding any noise or interference from external sources, thereby facilitating a more controlled and reliable experimental environment.
Thus, while efforts can be made to minimize external noise through the use of a nearfield Electromagnetic (EM) probe and the careful selection of clear, unused frequencies, we acknowledge that completely eliminating background noise is often unfeasible, and a certain degree of noise tolerance is incorporated into the experimental design and mitigated through the use of a Deep Learning (DL)-based framework.
In summary, while the concerns about expense, compactness, and background noise are valid, they should be weighed against the long-term benefits, adaptability, and ongoing advancements in PUF technology.The unique security features provided by PUFs could often justify their use in many contexts where high security and reliability are paramount.However, it is up to the network administrator to evaluate the pros and cons of all available solutions and decide which one(s) best fits the organization's objectives.

Action 1.3:
We included the above considerations in Sec.6 of the revised version of the manuscript.

Comment 1.4:
Scaling up the CRPs is a crucial problem.The manuscript does not provide clarity on how to manage various reference functions that yield similar outcomes.Moreover, I have concerns about the lightweightness of the system.Particularly regarding these issues, the authors have to provide more details.

Response 1.4:
Taking into account the suggestions of the Reviewer, in the revised version of the manuscript, we acknowledge that scalability in CRP pairs generation for MAG-PUFs can be an issue, and we discuss how to mitigate the impact of such factor in the deployment of our solution.
When utilizing the MAG-PUFs framework, several strategies can be employed to enhance the scalability of CRP pairs to accommodate an extensive array of IoT devices.One prominent method involves the utilization of diverse reference functions.As illustrated in Figures 2 and 3, each reference function is characterized by a distinctive profile of unintentional Electromagnetic (EM) emissions that are mainly related to the way the microcontroller's resources are employed.By leveraging different reference functions for distinct sets of IoT devices, it is possible to significantly expand the pool of CRP pairs.
Additionally, the use of a combination of various reference functions (e.g., A10 reference function in Table 1) can further scale the CRP pairs.Furthermore, the adoption of different acquisition frequency bandwidths presents a viable option for scaling up the number of available CRP pairs.Specifically, in our implementation, we used only a 2 MHZ acquisition frequency bandwidth of 31-33 MHz.However, as shown in Figure 3, the electromagnetic emissions of different reference functions show differences on the whole 50 MHz bandwidth, which opens the door to the usage of different frequency bandwidths to generate more unique CRPs.Furthermore, consider that MAG-PUFs involves initially acquiring a spectrum of 2 MHz with 16,000 Fast Fourier Transform (FFT) points.From this extensive dataset, MAG-PUFs leverages only the top 100 relevant features for fingerprinting purposes.These 100 features constitute merely 0.625% of the total recorded spectrum of 16,000 features.This gives MAG-PUFs the ability to use other sets of 100 features to generate more CRPs to significantly increase the number of unique CRPs, enhancing the scalability and security of the system.In summary, the scalability and efficacy of MAG-PUFs in generating a substantial number of Challenge-Response Pairs (CRPs) are significantly enhanced through a strategic combination of methodologies.This includes the utilization of diverse reference functions, the integration of varied combinations of these reference functions, the selection of different frequency bandwidths, and the careful choice of distinct sets of features.Each of these elements contributes uniquely to the system's ability to produce a large and diverse set of CRPs, thereby ensuring robustness and adaptability in secure communication applications.
Regarding the management of various reference functions that yield similar outcomes, we first highlight that the DL model in MAG-PUFs possesses a remarkable ability to differentiate between outputs that may superficially appear similar, thus providing a feature that directly addresses the raised concerns.In this context, through our results, we prove that MAG-PUFs can efficiently capitalize on the minute physical variations present in even identical electronic devices.When applied to a set of 25 identical Arduino devices, MAG-PUFs successfully distinguishes each device's response, even when running the same reference function.This outcome highlights the high sensitivity and resolution of the MAG-PUFs DL model in detecting unique EM emission characteristics inherent to each device.We acknowledge that, in principle, an adversary could use a reference function very similar to the correct one (i.e., characterized by a very similar profile of EM emissions) and pass authentication through MAG-PUFs using another reference function.However, such an attack would not have any purpose for an adversary, as it would still use the same (authorized) device.To be successful, an adversary has to find a reference function such that, when executed on its imposter device, it generates a profile of EM identical to the one obtained as a result of the execution of the legitimate reference function on the legitimate device.In our paper, we replicated this attack as much as possible using the same (legitimate) reference function executed on an imposter device, and our results show that this attack is always unsuccessful (Figures 9 and 10 in the revised paper).In particular, the core strength of our solution lies in its sophisticated pattern recognition capabilities.Through comprehensive training, the model learns to identify subtle differences in the EM emissions profiles of each device.This allows for precise differentiation between devices, even in cases where the reference functions are identical.Thus, we believe carrying out such attacks is unfeasible.Recall that the objective of MAG-PUFs is device authentication, not reference function verification.Thus, managing various reference functions that yield similar outcomes on the same device is out of scope-it does not affect device authentication.
Finally, regarding the lightweightness of MAG-PUFs, we discussed its compactness, cost and features in Response 1.3.
For concerns regarding the lightweightness of MAG-PUFs setup, including emissions collection equipment and DL processing, it is important to consider the following advantages of MAG-PUFs: • Adaptability to Resource-Constrained IoT Devices: The MAG-PUFs system is particularly suited for IoT environments where devices are resource-constrained in terms of memory, energy, and computing capacities.Given that Public Key Infrastructure (PKI) solutions are often infeasible in such settings due to their high computational demands, MAG-PUFs offers an efficient alternative that aligns with the limited capabilities of these devices.The proposed setup, involving minimal physical interaction with the device, is an asset in situations where IoT devices cannot afford the overhead of complex security protocols.
• External Equipment for EM Emission Collection: In MAG-PUFs implementation, IoT devices do not require internal modifications or advanced capabilities like Machine Learning functions or Software-defined radio abilities.Instead, the collection and processing of EM emissions are managed externally.This aspect of MAG-PUFs setup is crucial as it means that the specific measurement setup does not impose additional requirements on the IoT devices themselves.Such a configuration is particularly beneficial in a ubiquitous IoT ecosystem, where adding complex hardware or software capabilities to each device may be impractical.
• Tolerance for Additional Complexity in High-Security Contexts: In environments where security is a top priority, there is generally a higher tolerance for additional complexity if it results in significantly enhanced security measures.The implementation of MAG-PUFs framework, though it may add a layer of complexity, is a valuable investment in strengthening the security system.The unique and hard-to-replicate nature of the physical-layer characteristics used in MAG-PUFs makes it a strong tool for securing communications in IoT networks.

Action 1.4:
We included the above considerations in Sec.5.9 and Sec.6 of the revised version of the manuscript.

Comment 1.5:
Overall, the revised version of the manuscript does not contain an improvement at the expected rate.Important components, such as error correction, are missing.

Response 1.5:
To address the Reviewer's comment, in the revised manuscript, we highlighted further that this paper is a thorough extension of our previous contribution [4 Compared to the conference manuscript, the following novel contributions are provided in this paper: -Results using additional reference functions.In the conference paper, we tested MAG-PUFs using a limited set of 4 reference functions run on 25 Arduino devices.
In this extended version, we tested MAG-PUFs on an extended set of 13 reference functions run on 25 Arduino devices.These additional reference functions resulted in a new set of 25•9 = 225 configurations, aiming to show the flexibility and extensibility of our solution.
-Minimization of setup cost and fingerprinting bandwidth.In the conference paper, we collected the EM emissions using a dedicated expensive spectrum analyzer.
In this extended version of the paper, we managed to reduce the cost of the experimental setup while keeping performance outstanding.To this aim, in place of the spectrum analyzer, we use the Commercial off-the-shelf (COTS) device RTL-SDR, obtaining very similar performance results.We also reduced the acquisition bandwidth, from 20 MHz to 2 MHz, reducing the computational requirements and cost of our solution further.
-Study of the effect of the equipment location on the accuracy of MAG-PUFs.In this extended version of our manuscript, we run thorough experiments aiming to investigate the impact of the distance between the EM antenna and the IoT board on the accuracy of our solution.
-Study of the impact of the RF interference on the EM emissions.We systematically analyze the effect of increasing levels of RF interference on the profile of the collected EM emissions, quantifying their effect on the accuracy of our solution.
-Imposter devices detection.In this extended version of our work, we provide additional experiments aimed at enabling the detection of imposter IoT devices using autoencoders, so as to allow MAG-PUFs to respond adequately to new unseen EM emissions.We show that autoencoders can discriminate imposter IoT devices with an accuracy always exceeding 99%.
-Discussion of methods for Code obfuscation and countermeasures for adversary RF interference.In this extended version of the manuscript, we discuss some techniques that can be used by system administrators to obfuscate and hide the nature of the specific reference function running on the prover IoT device from any EM eavesdropping adversary.In addition, we provide some countermeasures that the system administrator can use to thwart an adversary that aims to disrupt the authentication process by emitting a strong RF interference targeting the operating frequency bandwidth of MAG-PUFs.
-Background on EM fingerprinting and discussion of MAG-PUFs use cases.
In this extended version of the manuscript, we provide a more comprehensive background on the EM fingerprinting technique and provide some examples of possible use cases motivating the deployment of MAG-PUFs.
• Comparison to existing PUFs.In this expanded version, we compare our solution to existing PUFs both qualitatively and quantitatively (see Sec. 7), showing its remarkable performances and advantages at the expense of the deployment of a few dedicated components.
As for error correction, as explained in Response 1.1, error correction is not strictly required when using PUFs for DL-based authentication purposes, as in MAG-PUFs.
Action 1.5: We included the above considerations in Sec. 1 of the revised version of the manuscript.

Response to Reviewer 2
We thank Reviewer 2 for the valuable comments on our manuscript and for the time she/he spent analyzing our work.Her/his valuable comments (addressed in the following) allowed us to improve the entire manuscript significantly.
Please find detailed answers to each of the reviewer's concerns below.
Comment 2.1: In Introduction, a claim is "Many existing PUF schemes focus on the unique properties of specific memory modules and low-layer circuits, which are difficult to generalize for use in low-cost, general-purpose IoT devices".That is not true since there are PUFs based on SRAMs included in commercial IoT devices.The claim should be rewritten to highlight other advantages of magnetic PUFs.

Response 2.1:
We thank the Reviewer for this comment.Following the Reviewer's suggestion, in the revised version of our manuscript, we replaced the mentioned paragraph with the following: This proposed implementation of MAG-PUFs is characterized by its non-intrusive nature.Specifically, this methodology does not necessitate any modifications to the software or hardware of the device under examination.Furthermore, it removes the need for access to the device's programmable radio-board.This approach is particularly relevant as it aligns with privacy-preserving principles, ensuring that the integrity and confidentiality of the device's operations are maintained.Additionally, MAG-PUFs design is fully compatible with existing processes and protocols, emphasizing its applicability and ease of integration into current authentication frameworks.

Action 2.1:
We replaced the paragraph in Sec. 1 of the revised version of the manuscript.

Comment 2.2:
The magnetic PUFs proposed require a specific measurement setup which is not convenient for all use cases.Section 3.1 should be extended to show how the setup will be employed in application scenarios and probe its viability.

Response 2.2:
Following the Reviewer's suggestion, in the revised version of the manuscript, we specifically discussed the mentioned issue.We also addressed this issue partially in Response 1.3.
When we consider the use case # 1, namely SCADA systems in critical infrastructure and industrial IoT deployments, MAG-PUFs mainly requires the magnetic antenna to be fixed in place with respect to the IoT device.The RTL-SDR and processing unit (e.g., laptop) can be placed relatively far, as cables can be extended to the magnetic antenna.Critical infrastructure and industrial IoT environments often consist of devices that are stationary and fixed in place.This aspect greatly facilitates the deployment of the MAG-PUFs setup, since the IoT devices in these settings do not require mobility, and the precise and consistent positioning necessary for capturing EM emissions becomes much more manageable.
The fixed nature of these devices allows for a one-time, straightforward setup of the measurement equipment, thereby reducing the complexity and logistical challenges associated with more mobile or dynamic environments.In addition, the use of external equipment for EM emissions capture means that the MAG-PUFs system can be adapted to different network layouts and security requirements.
As for use case #2, namely Internet of Medical Things (IoMT), we can envision the deployment of the system in a dedicated space in the medical facility.When a check is required, the devices can be placed on a dedicated bench where the emissions can be collected, guaranteeing reproducibility and control of the EM emissions.
While we acknowledge that MAG-PUFs system does necessitate a specific measurement setup, this requirement is not a significant obstacle in its practical application, especially with the advancements in technology and miniaturization that would further support MAG-PUFs easier integration.

Action 2.2:
We included the above considerations in Sec.6 of the revised version of the manuscript.

Comment 2.3:
Since the realization depend on external equipment for the collection and processing of EM emissions, the solution is vulnerable to side-channel attacks which can extract information.The solution should indicate how these attacks can be avoided.

Response 2.3:
We thank the Reviewer for this comment.Side-channel attacks refer to the usage of other sources of information than the main communication channel to acquire information about the protocol.In the context of our MAG-PUFs solution, the main channels include both the EM emission channel (which is, by definition, a side channel) and the traditional RF channel.Side-channels to MAG-PUFs include, e.g., power or temperature leakages from the device board, and all other sources of information other than RF and EM that can be used to extract information.
We acknowledge that adversaries able to place probes very close to the measurement setup can eavesdrop on the EM emissions.However, as the scope of the protocol is device authentication, the leakage of such emissions does not compromise the security of the protocol.
To mitigate other possible side-channel attacks, it is important to consider the traditional multiple layers of security and mitigation strategies inherent to the design of MAG-PUFs: • Proximity Requirement for Data Collection: The probes used by MAG-PUFs are designed to capture electromagnetic emissions very close to the source.For an attacker to eavesdrop on these emissions, they would need to be in very close physical proximity to the probe.This requirement makes it challenging for potential attackers, especially in secure or monitored environments, to gain such close access.
• Controlled Access to EM Emission Data: In the MAG-PUFs setup, access to the electromagnetic emissions data is strictly controlled.The equipment used for data collection is typically operated by trusted entities or within secure environments.This restricted access significantly reduces the risk of unauthorized interception of the emissions, thereby minimizing the potential for side-channel attacks.
• Secure Data Transmission and Storage: Transmission of the EM emissions from the collection point to the processing unit is carried over secure and encrypted channels.
In addition, the storage of the EM data is protected using cryptographic techniques to minimize the risk of data leakage or unauthorized access.
• Noise and Anonymization Techniques: Techniques such as the introduction of noise or anonymization of data can be employed to conceal the EM emissions, making it more challenging for an attacker to derive meaningful information from side-channel analysis.
In summary, while the concern regarding side-channel attacks in the context of external equipment for EM emission collection and processing is valid, the deployment of MAG-PUFs can be easily extended to incorporate a comprehensive set of security measures and mitigation strategies ad-hoc for such attacks.Together, these measures significantly reduce the vulnerability of the system to side-channel attacks, ensuring a robust and secure implementation.

Action 2.3:
We included the above considerations in Sec.6 of the revised version of the manuscript.

Comment 2.4:
More information of the neural network employed is required so that the implementation can be replicated.

Response 2.4:
We thank the Reviewer for the insightful suggestions.To address them, in the revised version of the manuscript, we included more details about the autoencoder and neural network architectures employed by MAG-PUFs as follows: For the autoencoder architecture used for detecting imposter devices, we report its details in Table 1.For the dense neural networks used for the classification of the 13 reference functions considered for MAG-PUFs performance evaluation, we include their details in Table 2.We consider two scenarios.First, we test the ability of MAG-PUFs to classify each reference function (code) alone, with 25 classes for each of the 13 reference functions (codes).After that, we test MAG-PUFs in distinguishing the whole collected dataset, consisting of 325 classes (25 Arduino * 13 codes = 325 classes).We included the details of the above considerations in Sec.5.4 and Sec.5.5 of the revised version of the manuscript.

Comment 2.5:
Non-authorized devices are considered as rogue devices.This denomination is not correct, since they should be the impostor devices (non-registered/authorized devices) in contrast to genuine devices (registered/authorized devices).Rogue devices should be attacker devices which try to employ EM emissions extracted from the setup by using side channel attacks.This is not correctly considered in Table 3.

Response 2.5:
Following the Reviewer's suggestion, in the revised version of the manuscript, we used the term impostor devices instead of rogue devices, and modified the paper and Table 5 accordingly.

Action 2.5:
We included the above details throughout all sections of the revised version of the manuscript.

Response 2.6:
Following the Reviewer's suggestion, in the revised version of our manuscript, we included Sec. 5.6: PUF Robustness Evaluation before Sec.5.7: Antenna Deployment Impact.

Action 2.6:
We modified the sections' order in the revised version of the manuscript.

Comment 2.7:
PUF Robustness Evaluation should be performed in terms of reliability and uniqueness to be compared with other proposals from literature.

Response 2.7:
To address the Reviewer's comment, in the revised manuscript, we compare MAG-PUFs with PUF approaches in the literature through a methodology inspired by the comparison approach proposed by the authors in [1].We compare the uniqueness and reliability of various PUFs by evaluating the Equal Error Rate (EER), i.e., the error rate of the specific solution where the False Acceptance Rate (FAR) equals the False Rejection Rate (FRR).
As for MAG-PUFs, we calculate FAR and FRR using 3, 000 test samples from each of the 13 reference functions considered in our investigation.We report in Table 3 the EER of MAG-PUFs and various PUFs approaches from [1] and [5].
Table 3: EER of MAG-PUFs and various solutions, as reported in [1] and [5].We notice that MAG-PUFs achieves very low EER, i.e., 0.0049, one order of magnitude lower than many other solutions in the literature.Some solutions, such as SRAM-PUF and Ring Oscillator PUFs, can achieve lower EER.However, they require additional components and conditions on the system, as discussed in Table 5, which are often not available in IoT systems.Whenever such considerations do not fit the system in use, using MAG-PUFs emerges as a valuable and effective option.

Action 2.7:
We included the details of the above considerations in Sec.5.6 of the revised version of the manuscript.

Comment 2.8:
Reliability and uniqueness metrics should be defined in a specific section before Section 5.4.1, as well as the evaluation metrics accuracy, AUC, precision, recall and F1-Score.His main research interests include AI driven cyber-security, security and privacy for distributed systems (e.g.DeFi, Blockchain technology, Cloud, IoT, OSNs), virtualization security, applied cryptography, intrusion detection, and data science.
In 2011-2012 he was awarded a Chair of Excellence from University Carlos III, Madrid.In 2020 he received the Jean-Claude Laprie Award for having significantly influenced the theory and practice of Dependable Computing.In 2022 he received the Individual Inventor Award from HBKU.He is consistently ranked among the 2% top world scientists (Stanford's list) since this ranking existed.His education accounts for: one MS in Computer Science and one MS in Informatics, both from the University of Pisa, Italy; a twoyears Post-MS Specialization Diploma in Operations Research and Strategic Decisions; and, a Ph.D. degree in Computer Science-these latter two both from the University of Rome "La Sapienza", Italy.

Introduction
Internet of Things (IoT) devices are nowadays ubiquitously deployed across various domains such as homes, offices, healthcare, smart grids, and transportation, with the installed base reaching billions and continuing to grow significantly [1].Despite this widespread adoption, cybersecurity remains a critical concern, as highlighted in several reports [2].This concern impedes the realization of the full potential of IoT.IoT devices are often deployed in inherently insecure environments, making them prime targets for various attacks.In addition, their limited processing, memory, and energy capacities often preclude the support of Public Key Infrastructure (PKI), and even the use of symmetric key cryptography can adversely affect their longevity and usability [3].Furthermore, when symmetric cryptography is employed, many devices use hard-coded cryptographic materials, which can be easily compromised by attackers due to the devices' simple designs and the unattended nature of many IoT deployments [4].
To address these challenges, Physical-Layer Authentication (PLA) has been increasingly recognized as an effective solution, addressing several limitations of traditional cryptographybased methods [5].PLA exploits the inherent physical characteristics of devices, offering both compatibility and security while maintaining simplicity, as it does not rely on confidential secrets or keys.
In this regard, Physical Unclonable Function (PUF) have emerged as a promising alternative for providing various security services [6].PUFs take advantage of the fact that, despite precise fabrication processes, unintentional variations at the sub-micrometer level in Integrated Circuit (IC) make each IC unique.PUF use these unique characteristics to generate lightweight, chip-dependent signatures that are nearly impossi- ble to replicate, either synthetically or with other devices [7].Applied effectively in the IoT context, PUF can eliminate the need for complex cryptography and hard-coded secrets, enabling low-cost device authentication [8].However, the application of PUF in the IoT realm encounters challenges.For example, approaches requiring dedicated components increase the cost of the devices significantly, while solutions based on RF emissions often do not scale well in large deployments and provide limited security guarantees (refer to Sec. 7 for more details).
Contribution.In this paper, we introduce MAG-PUFs, a novel and lightweight authentication scheme that utilizes the inherent randomness of unintentional Electromagnetic (EM) emissions from IoT devices.MAG-PUFs capitalizes on these emissions, which are generated when the IoT devices perform specific functions, to create Physical Unclonable Functions.A key aspect of deploying MAG-PUFs is its ability to allow the IoT system owner to select a theoretically unlimited number of reference functions for authentication.During the enrolment phase, the profile of unintentional EM emissions produced by the devices while executing these reference functions is recorded.This profile is then used to train Deep Learning (Deep Learning (DL))-based models, including autoencoders and Neural Network (NN) models.
The authentication process involves real-time consistency checks of the EM emissions.MAG-PUFs introduces an innovative component to the PUF domain by featuring DL-based classification tools.These tools are designed to analyze the EM emissions and verify whether a specific emission acquisition matches the expected profile.This approach enhances the authentication process, making MAG-PUFs a significant contribution to the field of IoT device security.
Specifically, the EM fingerprint is first assessed through the trained autoencoder to identify potential spoofing attacks.If it successfully passes this assessment and is recognized as an authorized sample, the fingerprint is further examined against the trained NN model.This later step determines the precise IoT device and the executed reference function (code).
We carried out an extensive experimental performance assessment, performed considering 25 Arduino IoT devices and a set of exemplary reference functions resulting in 325 distinct classes.We achieved a remarkable classification accuracy exceeding 99% as well as excellent PUF-related robustness metrics.This proposed implementation of MAG-PUFs is characterized by its non-intrusive nature.Specifically, this methodology does not necessitate any modifications to the software or hardware of the device under examination.Furthermore, it removes the need for access to the device's programmable radio-board.This approach is particularly relevant as it aligns with privacypreserving principles, ensuring that the integrity and confidentiality of the device's operations are maintained.Additionally, MAG-PUFs design is fully compatible with existing processes and protocols, emphasizing its applicability and ease of integration into current authentication frameworks.Note that this paper extends and completes our seminal contribution in [9] through the following novel contributions: • Results using additional reference functions.In the conference paper, we tested MAG-PUFs using a limited set of 4 reference functions run on 25 Arduino devices.In this extended version, we tested MAG-PUFs on an extended set of 13 reference functions run on 25 Arduino devices.These additional reference functions resulted in a new set of 25 • 9 = 225 configurations, aiming to show the flexibility and extensibility of our solution.
• Minimization of setup cost and fingerprinting bandwidth.In the conference paper, we collected the EM emissions using a dedicated expensive spectrum analyzer.
In this extended version of the paper, we managed to reduce the cost of the experimental setup while keeping performance outstanding.To this aim, in place of the spectrum analyzer, we use the Commercial off-the-shelf (COTS) device RTL-SDR, obtaining very similar performance results.We also reduced the acquisition bandwidth from 20 MHz to 2 MHz, further reducing the computational requirements and cost of our solution.
• Study of the effect of the equipment location on the accuracy of MAG-PUFs.In this extended version of our manuscript, we run thorough experiments aiming to investigate the impact of the distance between the EM antenna and the IoT board on the accuracy of our solution.
• Study of the impact of the RF interference on the EM emissions.We systematically analyze the effect of increasing levels of RF interference on the profile of the collected EM emissions, quantifying their effect on the accuracy of our solution.
• Impostor device detection.In this extended version of our work, we provide additional experiments aimed at enabling the detection of impostor IoT devices using autoencoders, so as to allow MAG-PUFs to respond adequately to new unseen EM emissions.We show that autoencoders can discriminate impostor IoT devices with an accuracy always exceeding 99%.
• Discussion of methods for Code obfuscation and countermeasures for adversary RF interference.In this extended version of the manuscript, we discuss some techniques that can be used by system administrators to obfuscate and hide the nature of the specific reference function running on the prover IoT device from any EM eavesdropping adversary.In addition, we provide some countermeasures that the system administrator can use to thwart an adversary that aims to disrupt the authentication process by emitting a strong RF interference targeting the operating frequency bandwidth of MAG-PUFs.Overall, due to the customized usage of near-field EM emissions and the integration of data mining tools, MAG-PUFs emerges as a novel, lightweight, and robust technique for authenticating constrained IoT devices, natively offering scalability and robustness for safety-critical IoT deployments.
Roadmap.This paper is organized as follows: Sec. 2 introduces a background on PUFs and EM emissions; Sec. 3 describes the scenario, MAG-PUFs Use-Cases and Requirements; Sec. 4 describes MAG-PUFs in details; Sec. 5 reports an extensive performance assessment campaign for MAG-PUFs; Sec.6 discusses different aspects and limitations of MAG-PUFs Sec.7 reviews related work and compares MAG-PUFs with such solutions; finally, Sec. 8 concludes the paper.

Background
PUFs convert an input challenge into an output response via a physical system in a way that is unique to the individual hardware instance and cannot be replicated [6].Although ICs are assembled in a precise fabrication process, some structural variations occur on a deep sub-micrometer level.Due to such variations, there are not two IC that are exactly identical.The electronic chips operate normally if such variations are within an acceptable threshold.When the current flows through such ICs, it produces an EM field that differs based on the function executed, and its unique unintentional emissions can be captured using a EM probe.The complex creation process of such emissions is described by Maxwell's equations [10].Due to the aforementioned inherent variations between ICs, even chips from the same make and model produce different unintentional EM emissions when executing the same activity [11].That unintentional EM emissions represent a side channel, that can be used to extract useful information about the embedded device and the specific operation it executes at a specific time instance.
When used in combination with a specific input, the properties mentioned above also allow for device authentication.The manufacturer supplies to the system one or more challenges at the time of manufacture, and stores locally the response to each of these challenges.At deployment time, when the user provides a given challenge to the target device (namely, the prover) at any point in time, the manufacturer can verify the device identity by comparing the response received at runtime with the one locally recorded.If they match, the device is authenticated.Otherwise, device authentication is rejected.
PUFs are primarily classified into strong and weak PUFs, according to the number of challenge-response pairs (CRPs) they can produce [6].Weak PUFs have low scaling and produce a relatively small number of CRPs.Once an attacker gains physical access to the device, they can reasonably reproduce in a short time each CRP, likely compromising the security of the PUF.Indeed, the knowledge of the PUFs CRPs allows the attacker to be able to respond adequately to any query from the verifier as if they own the device.Strong PUFs are highly scalable and can support a much larger set of CRPs, allowing for using each CRP for authentication only once.Due to the large number of available CRPs, it is infeasible for an attacker to record all the CRPs, even if they have access to the device.

Scenario, Adversary Model, and Use-Cases
In this section, we introduce our considered scenarios, assumptions, and use cases.

Scenario and Assumptions
In this paper, we focus on a generic IoT network, which is essentially a ubiquitous ecosystem where devices autonomously communicate and exchange information without human intervention [12].Within this context, we base our research on several realistic assumptions about the nature and capabilities of the IoT devices involved.
Firstly, we consider the resource constraints of these IoT devices, particularly their limited memory and energy capacities.Such limitations preclude the use of Public Key Infrastructure (PKI) due to its high computational demands.Additionally, we assume that these IoT devices lack specific advanced tools or capabilities, such as Machine Learning (ML)-based functions or Software-defined radio (SDR) abilities.Instead, these devices depend on external equipment for the collection and processing of their unintentional EM emissions, which can be handled either by a designated 'PUF Manager' or a 'verifier'.
Regarding the network configuration, the IoT devices may be interconnected or directly linked to a central network manager.The nature of these connections, whether wired or wireless, is determined by the specific deployment, setup, and security requirements of the network.
From a security perspective, our primary objective is to facilitate physical-layer authentication of IoT devices.Given the absence of PKI-based solutions in our setup, the IoT devices must authenticate their identity by leveraging unique features (such as inherent non-idealities) present at the physical layer.To achieve this, we propose establishing a PUF-based CRP database.This database, in the form of a trained DL model, uses random reference functions and their corresponding unintentional EM emissions as a means to authenticate the devices.

Adversary Model
We consider a powerful adversary, denoted as A, equipped with both passive and active capabilities.It is postulated that A possesses equipment significantly more advanced than that of the deployed IoT devices.Furthermore, A is not constrained by energy or processing limitations, which is a critical distinction from the resource-constrained IoT devices.
Additionally, A is assumed to have access to advanced wireless reception tools, such as directional antennas, enhancing its reception capabilities.The presence of A is considered to be omnipresent, existing in the field before, during, and after the deployment of the IoT devices.The overarching goal of A is to 3 To achieve this, A is assumed to be capable of mimicking the messages of other devices, initiating sessions, eavesdropping on packets, and replaying captured messages.Against this threat, the primary objective of our proposed solution MAG-PUFs is to counteract the efforts of such an adversary.MAG-PUFs aims to do this by ensuring the physical-layer authentication of the IoT devices within the network, thereby securing the network against the sophisticated capabilities of A.

Use Cases
In the following, we consider two reference use cases where our solution could be efficiently deployed.
Use Case #1: Supervisory Control and Data Acquisition (SCADA).Modern SCADA systems are IoT-based deployments in charge of monitoring the different components of a Critical Infrastructure (CI).They include power grids, oil and gas pipelines, traffic control systems for airports, water distribution systems, and irrigation networks, just to name a few.Due to their central role in society, protecting SCADA systems is critical, since they have a large impact on the sustainability of any given Society.
However, many of the existing SCADA systems include simple devices like Programmable Logic Controllers (PLCs), switches, and sensors, lacking efficient cyber-security measures [13].As a result, CIs are becoming increasingly susceptible to cyber attacks.For instance, attackers are exploiting legacy communication protocols used in SCADA deployments to install and operate impostor devices, and to inject data to disrupt the operations of the CI [14] [15].
Note that protecting IoT-based SCADA deployments is challenging from both the system and device perspective.Indeed, SCADA devices are usually very resource-constrained, hardly support cryptographic protocols, and they have very specific functions.Therefore, efficient and lightweight authentication mechanisms are required.
Use Case #2: Internet of Medical Things.The Internet of Medical Things (IoMT) paradigm includes Internet-connected medical devices and applications, realizing a network of connected medical field nodes [16].For medical staff and patients, the IoMT provides various innovative services, such as remote medical assistance, drug management, and transmission of medical data.
Security and privacy are two of the most prevalent issues towards deploying reliable IoMT solutions.Indeed, many of the devices employed in IoMT services are characterized by weak authentication protocols and outdated technologies.According to the authors in [17], a cyber attack on at least one of the IoMT devices has been experienced by 82% of healthcare providers who have adopted IoMT devices.
However, IoMT deployed devices usually have very limited available resources; for instance, they cannot support re-keying protocols based on PKI.As a result, they often rely on static hard-coded keys for authentication, that can be easily accessed by an attacker to fully compromise them.Thus, alternative but reliable solutions are needed.

Proposed Framework
In this section, we provide the details of MAG-PUFs, our solution to provide authentication of resource-constrained IoT devices via EM-based PUFs. Figure 1 provides an overview of MAG-PUFs.In general, MAG-PUFs allows a verifier (e.g., the local system administrator or another system/device on its behalf) to authenticate a prover (one of the IoT devices) via the analysis of the profile of the unintentional EM emissions generated by the prover during the execution of a specific reference function, i.e., a sequence of operations selected by the verifier.

MAG-PUFs in a nutshell
In brief, MAG-PUFs consists of two phases, i.e., the enrolment Phase and the Authentication Phase.The enrolment Phase is executed upon manufacture by: (i) providing several reference functions to the prover; (ii) extracting the corresponding unintentional EM emissions generated by the device; and, (iii) creating the corresponding reference models, using DL algorithms.At run-time, when the system administrator or any other entity (namely, the verifier) requires authentication of the IoT device(s), it randomly chooses one or more of the predefined reference functions, captures the corresponding unintentional EM emissions, and checks if the corresponding realtime profile of the unintentional EM emissions matches the one previously recorded for the prover, via DL-based classification tools.If a match exists, the prover IoT device is authenticated successfully; otherwise, authentication fails.

Actors
In our proposed system MAG-PUFs, three primary entities are defined, each playing a crucial role in the authentication process: • Prover.This entity is represented by an IoT device deployed in a specific scenario.The only assumption made for this device is its ability to communicate, enabling interaction with other systems like the PUF Manager or devices such as the verifier.This communication capability is essential for the device to participate in the authentication process.• PUF Manager.Operated by the system administrator, the PUF Manager is a local system with multiple responsibilities.Its roles include: (i) selecting a set of reference functions; (ii) executing these functions on the prover prior to deployment; (iii) capturing the unintentional EM emissions generated during this process; (iv) creating profiles of these emissions using DL tools; (v) storing these profiles on a dedicated storage server; and (vi) making these profiles accessible to the verifier.To fulfill these tasks, the PUF Manager is equipped with the necessary tools for acquiring EM emissions, such as EM antennas and signal analysis tools, including SDR.
• Verifier.This entity can be a remote system or device whose purpose is to authenticate the prover.For this purpose, the verifier engages in dual interactions: firstly, with the prover, to collect its real-time unintentional EM emissions; and secondly, with the PUF Manager, to download the prover's profile of unintended EM emissions as well as the specific reference function submitted to the prover.Similar to the PUF Manager, the verifier is also equipped with tools for acquiring EM emissions and conducting signal analysis.
Together, these entities form an integrated system designed to authenticate IoT devices through analyzing and comparing EM emissions, utilizing advanced signal processing and machine learning techniques.

Modules
MAG-PUFs relies on four modules, described below.
• Emissions Extraction Module.This module, installed on the PUF manager and the verifier, is responsible for recording the unintentional EM emissions generated from specific IoT devices when executing given reference functions.The collected raw data of EM emissions include: (i) timestamp, in msec; (ii) acquisition frequency, in Hz; and, (iii) value of the Received Signal Strength (RSS), in dBm.The collected data are provided as input to the Features Extraction Module.
• Features Extraction Module.Installed on the PUF Manager and on the verifier, this module is responsible for extracting the relevant features from the raw data collected by the Emissions Extraction Module.It invloves two stages, i.e., Data Normalization, and Features Computation.
-Data Normalization.We first normalize the EM emissions power spectral density readings recorded in dBm to the range [0 . . .1].Specifically, assuming that x i is a sample of the readings, and X MIN and X MAX are the minimum and the maximum value of the readings, the normalized sample xi is calculated as per Eq. 1. xi This step is important to allow for cross-comparison between different recordings by eliminating small differences in the measured power levels that could happen due to minor misalignment of the measurement setup.
-Features Computation.In this step, we perform feature reduction and select only the top relevant 10 or 100 features out of the 16000 FFT points recorded.
The output of this phase is a matrix of features that is passed either to the Training Module (PUF Manager) or the Classification Module (verifier).
• Training Module.Installed on the PUF Manager, this module is responsible for utilizing the features matrix generated by the Features Extraction Module to train the autoencoder and NN models.The trained model aims to uniquely distinguish the devices and the responses of the devices to different reference functions.The trained model is made available online to be used by the verifier to authenticate different devices in the authentication stage.
• Verification Module.This module is based on an autoencoder, and it is responsible for the initial test of the collected EM emissions sample under test to determine if it belongs to the set of legitimate IoT devices and reference function (codes) or not.Then, it proceeds to determine the specific class of the IoT device and run reference function (code) via the Classification Module.
• Classification Module.This module, installed on the verifier, is responsible for testing the profile of recorded unintentional EM emissions from the IoT device against the trained model generated by the PUF Manager.For each test sample, the NN provides an evaluation score, indicating the likelihood that the specific sample belongs to a specific class in the trained model.

Phases of MAG-PUFs
MAG-PUFs includes two main phases, namely, the Enrolment Phase and the Authentication Phase, detailed below.
Enrolment phase.Figure 2 shows the sequence diagram of the Enrolment Phase.Prior to deployment, the PUF Manager plays a pivotal role in the initial setup of the authentication process.The first step involves the random selection of several reference functions by the PUF Manager, which are then delivered to the prover with a request for their execution.It's important to note that a reference function may constitute a single specific operation or a combination of multiple operations.Furthermore, given the specific application requirements, system administrators have the discretion to choose the reference functions that are most suitable for MAG-PUFs.For instance, they may select primitives or their combinations that yield the most distinctive profile of unintentional EM emissions for the IoT device.Concurrently, the PUF Manager employs an Emissions Extraction Module to capture the unintentional EM emissions generated by the prover during the execution of the specified reference function(s).For each reference function tested, the PUF Manager utilizes th Features Extraction Module to extract certain characteristics of the recorded signal.Subsequently, the corresponding autoencoder and NN models are constructed using a Training Module.Finally, these models are uploaded to an online database, completing the setup phase and preparing the system for the authentication process.
Authentication phase.The Authentication phase steps are detailed in Figure 3. Upon any authentication exchange, the verifier extracts at random one (or more) of the reference functions whose profiles are available from the PUF Manager and instructs the prover to execute such function(s).At execution time, the verifier records the unintentional EM emissions emitted from the prover using the Emission Extraction Module and analyzes them, utilizing the Features Extraction Module, to extract the relevant features.After that, using the Verification Module, the verifier checks first if the profile of the features just computed belongs to a legitimate IoT device in the trained autoencoder model.If it is recognized as a legitimate device, then, using the Classification Module, the verifier checks if the profile of the features just extracted matches the trained NN model.If the profile acquired at run-time matches the one downloaded from the PUF Manager, the prover is authenticated.Otherwise, authentication fails.

Experimental Performance Assessment
In this section, we provide the results of our experimental assessment, carried out to evaluate the performance of MAG-PUFs.Specifically, Sec.5.1 introduces the experimental testbed, in Sec.5.2 we report some requirements and performance metrics for the robustness of the PUF, in Sec.5.3 We show the spectral power density of reference functions in Sec.5.4 We introduce the impostor devices detection framework, in Sec.5.5 we report the classification results of MAG-PUFs, in Sec.5.7 we discuss the antenna deployment effect on the performance of MAG-PUFs, and finally, in Sec.5.8 we evaluate the effect of RF interference on the performance of MAG-PUFs.

Experimental Setup
In our experimental campaign, we used the following equipment.
• Arduino Uno Boards.We tested the performance of MAG-PUFs with a set of 25 identical Arduino UNO IoT boards [18].Each board has an 8-bit microcontroller AT-mega328P, featuring a 16 MHz ceramic resonator, 2 KB of internal SRAM, and 32KB of Flash memory.
• Aaronia PBS2 EMC Probe set.To collect the unintentional EM emissions response when running different reference functions, we used the Aaronia PBS2 EMC Probe Kit [19].This equipment enables simple measurements in the frequency range from DC (1Hz) to 9GHz, as well 6 as the monitoring of EM emissions.We used the PBS-H3 25mm EM (H3) field antenna as a probe.The antenna is covered with an insulating layer that provides a safe measurement environment for the Arduino's oscillators and mains lines.The UBBV2 40dB EMC RF pre-amplifier is connected to the probe, clearly distinguishing between the relevant signal and the background noise.The probe is connected via a low-impedance cable to a DSP (in our case, it is an SDR), used to collect and store the EM emissions.
• RTL-SDR.As a low-cost and portable alternative to the spectrum analyzer used in [9], we used the RTL-SDR.We connect the RTL-SDR to the EM probe and collect the EM emissions along a frequency span of 2 MHz.The RTL-SDR collects raw I-Q samples and then converts them to spectral power density values, reported in dBm.Specifically, it performs Fast Fourier Transform (FFT) on the collected data, using steps of 125 Hz step in the range [31 -33] MHz, resulting in 16, 000 frequency points.For each of such points, we store the corresponding power level (in dBm).
• Matlab R2022b.Matlab R2022b was used to extract features from the collected EM emissions data of different reference functions run by the Arduino IoT devices.Matlab was also used to train and test the model for the classifications of samples, using the NN model as the classification algorithm.
• TensorFlow.We use TensorFlow in Python to build the autoencoder architecture used in the initial Verification step of MAG-PUFs to detect the impostor EM emissions samples.We provide as an output the EM emissions sample to the classification stage.
All the experiments described below have been conducted in regular laboratory conditions, without any effort to reduce the environmental noise.We placed the Arduino board on a Bench Vise, to hold it in a fixed position and allow for uniform recording conditions.We also placed the EM antenna directly above the IoT boards, to clearly capture the EM emission from the micro-controller and surrounding chips.The position of the EM antenna can be precisely controlled by a mechanical arm to ensure consistent positioning on the Arduino device in each sample collection.Alternatively, a special opening in the cover case of the Arduino device can be made to exactly fit the EM antenna, ensuring precise placement with every measurement.
In our initial contribution [9], we use the expensive Rohde & Schwarz FSW8 Spectrum Analyzer to record the EM emissions from the IoT devices.In this paper, we reduce the cost and the form factor of the experimental setup for MAG-PUFsusing an additional deployment, including cheap COTS RTL-SDR.The RTL-SDR is used to collect the EM emissions captured by the EM probe, as shown in Figure 4. We select the center frequency of 32 MHz, and an acquisition bandwidth of 2 MHz, i.e., from 31 to 33 MHz.Note that, for scenarios requiring smaller setup, the laptop can be replaced with tiny computer units (e.g., a Raspberry Pi or another Arduino, programmed with a suitable firmware), making the overall setup extremely portable.In the following, we provide several experimental results.

Requirements and Performance Metrics
PUF-based solutions designed to provide authentication of IoT devices have to fulfill several requirements, summarized in the following [20].
• Constructibility: A PUF class P is said to be constructible if it is feasible to produce a random puf instance by invoking a specific Create function: puf ← P.Create.
• Evaluability: A PUF class P is said to be evaluable if it is constructible and it is feasible to evaluate a response y for any random PUF instance puf ∈ P and any random challenge x ∈ X: y ← pu f (x).Eval.
• Reliability: A PUF class P is said to be reliable and reproducible if it is evaluable, and the probability of the Intra-PUF distance being small is high.The Intra-PUF distance is defined as the difference between two separate evaluations (responses) of the same challenge produced by the same device, preferably averaging values close to 0. In general, a reduced Intra-PUF distance indicates a more resilient PUF, implying fewer distinctions among identical samples from the same device.
• Uniqueness: A PUF class P is said to exhibit uniqueness if it is evaluable and the probability of the Inter-PUF distance being large is high.The Inter-PUF distance is defined as the difference between two separate evaluations (responses) of the same challenge produced by different devices, ideally averaging values close to 0.5 (For the bit comparison differences).Generally, The greater the 7 Inter-PUF distance (ranging from 0 to 1), the superior the PUF, signifying increased distinctions among various devices.
• Identifiability: A PUF class P is said to be identifiable if it is reproducible and unique, and the probability of Inter-PUF distance being greater than the Intra-PUF distance is high.
In the following sections, we will prove the conformity of MAG-PUFs with all the cited requirements.In addition, we use the following performance evaluation metrics to evaluate the performance of MAG-PUFs: • Accuracy (ACC): Accuracy (ACC) measures the overall correctness of a classifier's predictions, representing the ratio of correctly classified instances to the total instances.
• Area Under the Curve (AUC): The Area Under the Curve (AUC) represents the area under the Receiver Operating Characteristic (ROC) curve, which quantifies a classifier's ability to distinguish classes.
• Precision (Pr): Precision (Pr) measures the accuracy of positive predictions, indicating the ratio of true positives (TP) to all predicted positives (TP + FP).
• Recall (Re): Recall (Re) measures the ability of a classifier to identify all positive instances correctly, indicating the ratio of true positives (TP) to all actual positives (TP + FN).
• F1-Score: The F1-Score is the harmonic mean of precision (Pr) and recall (Re).

Spectral Power Density of Reference Functions
We first evaluate the profile of unintended EM emissions generated by an Arduino IoT device when running different reference functions.
Table 1 provides a list of the reference functions (codes) used to evaluate the performance of MAG-PUFs.
Figure 5 shows the spectral power density of the unintentional EM emissions of the full 2 MHz bandwidth acquired by the RTL-SDR, with reference to the functions defined above, separated by black lines.Each function lasts for around 1 s.First, we can notice the clear colour differences in the spectral power density between (A1) and (A5) compared to the other reference functions (codes).Indeed, (A2) and (A4) are computationally intensive operations, which require more processing power than (A1) and (A5) are more lightweight compared to most of the other reference functions such as (A2) or (A7) that are computationally intensive operations, which require more processing power.Furthermore, we can also see the similarity between the unintentional EM emissions of (A1) and (A5).Indeed, the LED blinking operation (A5) is lightweight, it does not involve any complex mathematical operations, and it does not consume much more processing power than (A1), leading to similar spectral power profiles.We recall that the system administrator can select the best reference functions for its objective, i.e., the ones with distinct unintentional EM emissions, excluding others achieving worst performances in the field, so as to guarantee reliable IoT device authentication.Overall, the results above demonstrate the fulfilment of the Constructibility requirement introduced in Sec.5.2, as the PUF can be constructed by invoking the specific function, as well as the PUF 8  Evaluability, being x the function run by the prover and y the unique profile of the emissions generated for each PUF.

Impostor Device Detection
In this section, we assess the capability of MAG-PUFs to identify unauthorized devices based on their unique electromagnetic emissions patterns.The primary objective of this process is to ascertain whether the electromagnetic signature of the device under examination matches the set of approved electromagnetic fingerprints obtained from authorized IoT devices.We achieve such an objective through the utilization of an autoencoder, prior to the classification phase.
Autoencoders are a special type of neural network, designed for unsupervised learning.They excel at encoding and efficiently compressing data, subsequently reconstructing it to closely resemble the original input.Autoencoders can be trained using a dataset containing the regular behavior of authorized devices.Then, they can be employed to detect any behavior that deviates from the trained model.This objective is achieved by encoding the profiles of the new behavior tested at runtime and comparing them with the encoded representations of authorized behaviors.If the encoded representation of the new device differs, it can be identified as an unauthorized behavior or an impostor device.This impostor input detection step also allows MAG-PUFs to reject new unseen EM emissions samples when the adversary presents input from unknown reference functions, independently from running them on an authorized Arduino or an impostor one.The autoencoder architecture used for detecting imposter devices is summarized in Table 2.
In our experiments, we test the ability of MAG-PUFs to distinguish different reference functions when running on different and identical IoT instances.First, we focus our analysis on    tion of imposter device detection for all the 13 reference functions is summarized in Figure 9.Note that performances are remarkably independent of the considered reference function, contributing to highlighting the viability of our proposed solution.
Reference Function We did not test the autoencoder ability in distinguishing different reference functions, as the task would be trivial and much easier than distinguishing the same reference function run on identical devices.Nevertheless, we explore this scenario of distinguishing different functions run on the same device or different devices in the classification phase.

Classification Results
In the following, we report the classification results of the 13 reference functions run on the 25 Arduino devices.

Considering each reference function (code) alone, 25
classes for each of the 13 reference functions (codes) If the EM emissions sample passes the autoencoder and impostor devices detection test, it moves to the classification phase to detect which reference function and the exact device it belongs to.We first consider classifying each single reference function run on the 25 Arduino devices (25 classes).We utilize the RTL-SDR to gather electromagnetic emissions from the Arduino devices, with each acquisition lasting for 60 ms and containing 16, 000 FFT points and the corresponding RSS values.These values cover a frequency range of 2 MHz with increments of 125 Hz.Our process involves condensing the features by selecting the most pertinent 10 features out of the recorded 16, 000 features.The number of utilized features can be adjusted based on the number of IoT devices considered, as we will discuss in the scalability consideration section later on.We divided the recorded 600 samples into 80% (480 samples) for the training of the NN model, and the remaining 20% (120 samples) for testing the trained model.We use a simple NN architecture summarized in Table 3.We report the average Area Under the Curve (AUC) for each reference function (code) in Figure 10 along with the other performance metrics.

Considering the entire 325 classes
In this section, we test the ability of MAG-PUFs to distinguish and classify the entire collected dataset, consisting of 325 classes (25 Arduino * 13 codes = 325 classes).This is done to confirm that there exist differences in the generated EM emissions of different reference functions when run on the same identical IoT devices.However, in actual MAG-PUFs deployment, the verifier asks the prover to execute a specific code, so once the EM sample passes the autoencoder test, the verifier can classify the EM sample using the model trained for this specific code, not against the whole dataset.Considering the reference functions described above, we run each of them separately inside a For loop on each of the 25 IoT boards.We collected the related EM emanations for approx.600 acquisitions, each lasting for 60 ms and providing 16, 000 FFT points and related RSS values, spanning 2 MHz frequency bandwidth from 31 to 33 MHz with 125 Hz step.We divided those 600 acquisitions into 80% (480 samples) for training, and the remaining 20% for testing the trained model.To remove the redundant features, we perform features ranking and select only the top 100 FFT points as features that best describe each of the 13 reference functions under test.We increase the number of features from 10 to 100, and select a NN architecture with more dense fully connected layers as summarized in Table 3 instead of the simple NN used in the previous section, as it is more capable of handling the more complex task at hand (we consider 25 classes in the previous section, while we consider 325 classes in this section).We report 0.9999 accuracy, 0.9989 AUC, 0.9978 precision, 0.9979 recall, and 0.9978 F1-Score for classifying the whole dataset of 325 classes.Only 4 classes out of the 325 classes produced an F1-Score less than 0.95.

PUF Robustness Evaluation
In this section, we discuss the feasibility of using EM emissions as PUFs, through the Intra-PUF Distance (as a measure for the PUF Reliability) and Inter-PUF Distance (as a measure of the PUF Uniqueness).We recall from Sec. 5 [21] for the digital output PUFs.However, generally, the higher the Inter-PUF Distance (in the range of 0-1), the better the PUF, as it means more differences existing between different devices, and the smaller the Intra-PUF Distance, the more robust the PUF is as it means less differences between identical samples taken from the same device and reference function (code).
In our case, the mean of the normalized average variance of the 10 features used in MAG-PUFs, reported in Figure 12, is approximately 0.8728, 0.8627, 0.8967 for the Inter-PUF Distance and 0.0045, 0.0032, 0.0042 for the Intra-PUF Distance for the three reference functions (codes) (A1), (A3), (A13), respectively.For the top 100 features, reported in Figure 13, is approximately 0.9233, 0.9072, 0.9230 for the Inter-PUF Distance and 0.0018, 0.0028, 0.0017 for the Intra-PUF Distance for the three reference functions (codes) (A2), (A6), (A12), respectively.Such results prove the reliability and uniqueness of MAG-PUFs, and the suitability of the usage of EM emissions as PUFs.

Antenna Deployment Impact
Due to the nature of the physical phenomenon, the EM emissions recorded on the receiver have different profiles according to the distance from the emitting device.Indeed, the farther the recording antenna, the lower the contribution of the electronic chip under test to the recorded profile, and the higher the unpredictability due to external factors.Figure 14 shows the spectral power density of the unintentional EM emissions emitted for 2s by a reference IoT board during the execution of the function (A2), collected first when the antenna is placed 2, 5, 10, 20, 50 cm above the IoT board, respectively.We can see that the magnitude of the emissions is higher when the antenna is placed 2cm above the IoT board, compared to when the antenna is farther from the board.Thus, each specific setup produces a different fingerprint and has an effect on the accuracy and overall quality of the fingerprint.The classification accuracy decreases gradually with increasing the EM antenna distance from the IoT board, until it becomes barely recognizable at a distance of 20cm.
To further test the impact of the antenna placement on the effectiveness of MAG-PUFs, we consider the EM data collected when the EM antenna is placed 2cm above the IoT boards as our ground-truth data, while we use for testing the EM data collected when the EM antenna is placed 5, 10, 20, 50cm above the IoT board.Specifically, we train our autoencoder on the mentioned training data and test them on the mentioned tested data, to investigate to what extent the EM traces collected at 12   We can see that the EM traces collected by placing the antenna at a distance of 2cm from the target device are different from the ones collected at 5, 10, 20, and 50cm, respectively, with accuracy values all exceeding 99%.Such results apply for both computationallyintensive and computationally-lightweight reference functions, indicating that correct antenna placement is key for the successful deployment and operation of MAG-PUFs.

Effect of RF Interference
In this section, we investigate what happens to the EM emissions spectrum when an RF source is emitting a strong signal on the same collection frequency.To this aim, we place another SDR, namely the HackRF [22], at a distance of 8 meters from a target Arduino device, and we let the HackRF emit Additive White Gaussian Noise (AWGN) with 20 dB gain on the same acquisition bandwidth used by MAG-PUFs, i.e. [31][32][33] MHz.At the same time, we collect the EM emissions for all the 13 reference functions.
If we compare Figure 5 with Figure 17, we can see the difference between the EM emissions of the 13 reference functions when collected without/with interference present, respectively.Basically, the distinguishing features of the EM emissions are flattened by the RF interference, and the classifier is reduced to random guesses.This is why using a random choice of frequency bandwidth from predefined fingerprinted bandwidths (31-33, 40-42, 10-12 MHz ...etc) would thwart such interference, provided that it is probablistically difficult for an interference to be present at all bandwidths always and simultaneously.

MAG-PUFs Scalability
When utilizing the MAG-PUFs framework, several strategies can be employed to enhance the scalability of CRP pairs to accommodate an extensive array of IoT devices.One prominent method involves the utilization of diverse reference functions.As illustrated in Figures 5 and 18, each reference function is characterized by a distinctive profile of unintentional Electromagnetic (EM) emissions that are mainly related to the way the microcontroller's resources are employed.By leveraging different reference functions for distinct sets of IoT devices, it is possible to significantly expand the pool of CRP pairs.Additionally, the use of a combination of various reference functions (e.g., A10 reference function in Table 1) can further scale the CRP pairs.Furthermore, the adoption of different acquisition frequency bandwidths presents a viable option for scaling up the number of available CRP pairs.Specifically, in our implementation, we used only a 2 MHZ acquisition frequency bandwidth of 31-33 MHz.However, as shown in Figure 18, the electromagnetic emissions of different reference functions show differences on the whole 50 MHz bandwidth, which opens the door to the usage of different frequency bandwidths to generate more unique CRPs.
Furthermore, consider that MAG-PUFs involves initially acquiring a spectrum of 2 MHz with 16,000 Fast Fourier Transform (FFT) points.From this extensive dataset, MAG-PUFs leverages only the top 100 relevant features for fingerprinting purposes.These 100 features constitute merely 0.625% of the total recorded spectrum of 16,000 features.This gives MAG-PUFs the ability to use other sets of 100 features to generate more CRPs to significantly increase the number of unique CRPs, enhancing the scalability and security of the system.In summary, the scalability and efficacy of MAG-PUFs in generating a substantial number of Challenge-Response Pairs (CRPs) are significantly enhanced through a strategic combination of methodologies.This includes the utilization of diverse reference functions, the integration of varied combinations of these reference functions, the selection of different frequency bandwidths, and the careful choice of distinct sets of features.Each of these elements contributes uniquely to the system's ability to produce a large and diverse set of CRPs, thereby ensuring robustness and adaptability in secure communication applications.Regarding the management of various reference functions that yield similar outcomes, we first highlight that the DL model in MAG-PUFs possesses a remarkable ability to differentiate between outputs that may superficially appear similar, thus providing a feature that directly addresses the raised concerns.In  this context, through our results, we prove that MAG-PUFs can efficiently capitalize on the minute physical variations present in even identical electronic devices.When applied to a set of 25 identical Arduino devices, MAG-PUFs successfully distinguishes each device's response, even when running the same reference function.This outcome highlights the high sensitivity and resolution of the MAG-PUFs DL model in detecting unique EM emission characteristics inherent to each device.We acknowledge that, in principle, an adversary could use a reference function very similar to the correct one (i.e., characterized by a very similar profile of EM emissions) and pass authentication through MAG-PUFs using another reference function.However, such an attack would not have any purpose for an adversary, as it would still use the same (authorized) device.To be successful, an adversary has to find a reference function such that, when executed on its imposter device, it generates a profile of EM identical to the one obtained as a result of the execution of the legitimate reference function on the legitimate device.In our paper, we replicated this attack as much as possible using the same (legitimate) reference function executed on an imposter device, and our results show that this attack is always unsuccessful (Figures 10 and 9).In particular, the core strength of our solution lies in its sophisticated pattern recognition capabilities.Through comprehensive training, the model learns to identify subtle differences in the EM emissions profiles of each device.This allows for precise differentiation between devices, even in cases where the reference functions are identical.Thus, we believe carrying out such attacks is unfeasible.Recall that the objective of MAG-PUFs is device authentication, not reference function verification.Thus, managing various reference functions that yield similar outcomes on the same device is out of scope-it does not affect device authentication.

Discussion and Limitations
MAG-PUFs Deployment.When we consider the use case # 1, namely SCADA systems in critical infrastructure and industrial IoT deployments, MAG-PUFs mainly requires the magnetic antenna to be fixed in place with respect to the IoT device.The RTL-SDR and processing unit (e.g., laptop) can be placed relatively far, as cables can be extended to the magnetic antenna.Critical infrastructure and industrial IoT environments often consist of devices that are stationary and fixed in place.This aspect greatly facilitates the deployment of the MAG-PUFs setup, since the IoT devices in these settings do not require mobility, and the precise and consistent positioning necessary for capturing EM emissions becomes much more manageable.The fixed nature of these devices allows for a one-time, straightforward setup of the measurement equipment, thereby reducing the complexity and logistical challenges associated with more mobile or dynamic environments.In addition, the use of external equipment for EM emissions capture means that the MAG-PUFs system can be adapted to different network layouts and security requirements.As for use case #2, namely IoMT, we can envision the deployment of the system in a dedicated space in the medical facility.When a check is required, the devices can be placed on a dedicated bench where the emissions can be collected, guaranteeing reproducibility and control of the EM emissions.While we acknowledge that MAG-PUFs system does necessitate a specific measurement setup, this requirement is not a significant obstacle in its practical application, especially with the advancements in technology and miniaturization that would further support MAG-PUFs easier integration.Expense, Compactness and lightweightness.while the initial expense of setting up MAG-PUFs system might appear high, it is important to consider also the long-term benefits.MAG- PUFs offers unique advantages in security applications, such as resistance to cloning and physical tampering, which can often outweigh the initial setup costs.Additionally, as technology advances, MAG-PUFs is likely to become more compact, allowing for easier integration.For concerns regarding the lightweightness of MAG-PUFs setup, including emissions collection equipment and DL processing, it is important to consider the following advantages of MAG-PUFs: • Adaptability to Resource-Constrained IoT Devices: The MAG-PUFs system is particularly suited for IoT environments where devices are resource-constrained in terms of memory, energy, and computing capacities.Given that Public Key Infrastructure (PKI) solutions are often infeasible in such settings due to their high computational demands, MAG-PUFs offers an efficient alternative that aligns with the limited capabilities of these devices.The proposed setup, involving minimal physical interaction with the device, is an asset in situations where IoT devices cannot afford the overhead of complex security protocols.
• External Equipment for EM Emission Collection: In MAG-PUFs implementation, IoT devices do not require internal modifications or advanced capabilities like Machine Learning functions or Software-defined radio abilities.Instead, the collection and processing of EM emissions are managed externally.This aspect of MAG-PUFs setup is crucial as it means that the specific measurement setup does not impose additional requirements on the IoT devices themselves.Such a configuration is particularly beneficial in a ubiquitous IoT ecosystem, where adding complex hardware or software capabilities to each device may be impractical.
• Tolerance for Additional Complexity in High-Security Contexts: In environments where security is a top priority, there is generally a higher tolerance for additional complexity if it results in significantly enhanced security measures.The implementation of MAG-PUFs framework, though it may add a layer of complexity, is a valuable investment in strengthening the security system.The unique and hard-to-replicate nature of the physical-layer characteristics used in MAG-PUFs makes it a strong tool for securing communications in IoT networks.
Background noise.for the issue of background noise, it is important to note that in our experimental setup, we use a near-field Electromagnetic (EM) probe.Being near-field, its primary function is to capture EM emissions mainly radiated within a close range of proximity.This characteristic significantly aids in minimizing noise originating from other environmental sources and enhancing the fidelity of the EM emissions measurements.Furthermore, to ensure an interferencefree communication environment for our MAG-PUFs measurements, we select an unoccupied frequency bandwidth, e.g., 31-33 MHz.This is pivotal in avoiding any noise or interference from external sources, thereby facilitating a more controlled and reliable experimental environment.Overall, while efforts can be made to minimize external noise through the use of a near-field Electromagnetic (EM) probe and the careful selection of clear, unused frequencies, we acknowledge that completely eliminating background noise is often unfeasible, and a certain degree of noise tolerance is incorporated into the experimental design and mitigated through the use of a DL-based framework.
Error Correction Schemes.Generally speaking, PUFs are security primitives that exploit the intrinsic complexity and randomness of physical systems.They are used not only for secure key generation but also for authentication purposes.Error correction schemes are usually considered together with Physically Unclonable Functions (PUFs) for the design of reliable physical-layer key generation schemes.However, in our case, the intended purpose of the PUF in MAG-PUFs is not key generation, but the unique identification and authentication of the device, where perfect reproducibility is not required.In such cases, the PUF can tolerate some level of inconsistency in its responses, without this uncertainty affecting its primary function, as small variations in the PUF response do not significantly impact its ability to identify or authenticate a device.By eliminating the need for an error correction scheme, the PUF design becomes simpler and more cost-effective.Note that our choice not to use error correction aligns with other solutions in the literature using other PUFs for authentication, such as the contributions by the authors in [23], [24], and [25].Also, we note that error correction mechanisms, especially for generating cryptographic keys, require additional hardware or software resources.Key generation PUFs are more sensitive to environmental and operational variations like temperature changes, aging, or power supply noise, requiring error correction to maintain key consistency.As shown through the performance evaluation in Sec. 5 of the paper, such resources are unnecessary for device identification and authentication tasks carried out by MAG-PUFs.
Side-channel attacks.Side-channel attacks refer to the usage of other sources of information than the main communication channel to acquire information about the protocol.In the context of our MAG-PUFs solution, the main channels include both the EM emission channel (which is, by definition, a side channel) and the traditional RF channel.Side-channels to MAG-PUFs include, e.g., power or temperature leakages from the device board, and all other sources of information other than RF and EM that can be used to extract information.We acknowledge that adversaries able to place probes very close to the measurement setup can eavesdrop on the EM emissions.However, as the scope of the protocol is device authentication, the leakage of such emissions does not compromise the security of the protocol.To mitigate other possible side-channel attacks, it is important to consider the traditional multiple layers of security and mitigation strategies inherent to the design of MAG-PUFs: netic emissions very close to the source.For an attacker to eavesdrop on these emissions, they would need to be in very close physical proximity to the probe.This requirement makes it challenging for potential attackers, especially in secure or monitored environments, to gain such close access.
• Controlled Access to EM Emission Data: In the MAG-PUFs setup, access to the electromagnetic emissions data is strictly controlled.The equipment used for data collection is typically operated by trusted entities or within secure environments.This restricted access significantly reduces the risk of unauthorized interception of the emissions, thereby minimizing the potential for side-channel attacks.
• Secure Data Transmission and Storage: Transmission of the EM emissions from the collection point to the processing unit is carried over secure and encrypted channels.In addition, the storage of the EM data is protected using cryptographic techniques to minimize the risk of data leakage or unauthorized access.
• Noise and Anonymization Techniques: Techniques such as the introduction of noise or anonymization of data can be employed to conceal the EM emissions, making it more challenging for an attacker to derive meaningful information from side-channel analysis.
In summary, while the concern regarding side-channel attacks in the context of external equipment for EM emission collection and processing is valid, the deployment of MAG-PUFs can be easily extended to incorporate a comprehensive set of security measures and mitigation strategies ad-hoc for such attacks.Together, these measures significantly reduce the vulnerability of the system to side-channel attacks, ensuring a robust and secure implementation.
Code obfuscation.The system administrator can conceal the code run on a specific Arduino from the adversary by running another code (preferably with stronger EM emissions) in parallel on another thread: for example, an Arduino whose function is to measure the temperature from the surroundings, can periodically run an AES encryption code in parallel, so if the adversary somehow acquires the EM emissions (by physically recording it from the device or intercepting a message containing the emissions, ...etc), she can not infer exactly which code is running on this Arduino (also assuming that she got an Arduino for herself, ran all possible codes and recorded the EM emissions, then try to compare the eavesdropped EM emissions against all possible codes, as the same code run on identical Arduinos would have very similar EM emissions profile).Another method to conceal the reference function running on an IoT is to emit a strong RF interference on the same frequency that the MAG-PUFs is recording at, as it would also be received by the EM antenna and probably mask the EM emissions of the code running on the Arduino, as our experiments prove in Sec.5.8.Those two previous methods can be used in times when the verifier is not requiring recording EM emission for authentication: either run another code in parallel to the original one or emit an RF signal (using any SDR) on the same frequency to disrupt the emissions for the adversary.However, we assume that we implement a strong PUF where each reference function is used only once, so the adversary would not benefit from acquiring the EM emissions profile of any reference function.
Adversary RF Interference.The verifier can employ some kind of frequency hopping when fingerprinting the codes in the enrollment phase, in order to not always use the same frequency band which makes it easier for the adversary to disrupt.In addition, the system administrator can make the fingerprinting stronger and adversarial-resistant by acquiring a large spectrum and running the fingerprinting process only on a sub-part of it.There are two ways to apply such a technique: first, the one we are using, which is acquiring a spectrum of 2 MHz with 16000 FFT points, and then run the fingerprinting on only the top 100 relevant features, which constitutes only 0.625% of the total spectrum recorded of 16, 000 features.Note that the system administrator can use a different set of 100 features and train another model to distinguish the same CRP pairs.The second technique is for the verifier to record a spectrum of 10 MHz (for example), and then run the fingerprinting on a sub-portion of 2 MHz (this 2 MHz is then also reduced to 100 features, which is only 0.625% of the total recorded spectrum).Such details do not need to be known even to the prover but would thwart (probabilistically) the chances of disruption by an adversary, provided that such adversary cannot inject a signal covering the whole recorded spectrum.
Robustness to PUF Modeling Attacks.MAG-PUFs can also be the target of PUF modelling attacks, aiming at modeling the EM emission responses to reference functions through repeated eavesdropping of the exchanged authentication CRPs and following analysis via ML or DL approaches.
Recall that MAG-PUFs uses two channels: the RF channel used by the verifier to send the challenge (reference function) to the prover, and the EM channel used for acquiring the EM emissions.Thus, to be successful, the attacker should be able to eavesdrop on both channels.While this may be easy for the RF channel, eavesdropping on the EM channel is much more complicated.Unlike traditional PUFs, as discussed and demonstrated via experimental results in Section 5.7, the EM emissions collected via MAG-PUFs are significantly affected by the EM antenna deployment position and its distance from the prover device.Thus, eavesdropping on EM emissions from another location than the one used by the verifier would lead to the generation of a model different than the correct one, leading to a failure of the attack (evidence of such discrepancy can be found in the experimental results in Sec.5.7).Overall, since the EM antenna used in MAG-PUFs is near-field, to be successful the adversary has to know the exact deployment position and distance employed by MAG-PUFs and get with her own EM antenna in the right position.We believe this is possible only by compromising a legitimate verifier, which might be hard in many real-world operational conditions.

Related Work and Comparison
MAG-PUFs is a novel PUF authentication method employing unintentional EM emissions generated by IoT devices while executing specific reference functions.The initial concept is discussed in [42].This method aligns with the principles of both EM-based code fingerprinting and PUF techniques.
EM-based Code Fingerprinting.The use of EM emissions in code fingerprinting serves various purposes.Sehatbakhsh et al. [43] highlighted an EM physical side-channel vulnerability in computer power management units, which could be exploited to extract sensitive information.In a similar vein, Sangodoyin et al. [44] utilized EM signals from IoT devices to infer program activities for information extraction.Sehatbakhsh et al. [45] introduced EMMA, an attestation method based on EM emanations, although it was not used for authentication.The IDEA framework, as presented in [46][47], exploits EM emanations to detect anomalies in embedded devices and Cyber-Physical Systems (CPS).Several studies, including [48], [49], [50], [51], and [52] have also contributed to EMbased detection of malware and deviations in program execution.Ibrahim et al. [53] employed EM emissions for fingerprinting USB flash drives, focusing on the boot process rather than real-time authentication.Furthermore, [54] explored using of EM emissions for authenticating wireless receivers and transmitters.These works collectively validate the viability of using EM emanations for function-specific device fingerprinting, yet not previously for real-time authentication.
Physical Unclonable Functions.Since their inception in [55], various forms of PUFs have been developed.Delay-based PUFs, such as those used in [28], [29], and [56], utilize delays in the Integrated Circuits (ICs) of devices for authentication and secret key generation.Radio-frequency (RF)-based PUFs, as demonstrated in [27], [23], and [26], exploit non-idealities in transmitted RF signals for authentication, identifying wireless transmitters and distinguishing IC frequency response peaks.
Table 4 summarizes the PUF contributions above discussed, along relevant features.
MAG-PUFs is a novel authentication framework that distinguishes itself through several key features that enhance its effectiveness and applicability in various scenarios.A primary characteristic of MAG-PUFs is its independence from specific hardware, allowing for broader applicability across different IoT devices.This flexibility is crucial in diverse IoT environments where hardware configurations can vary significantly.
Another significant aspect of MAG-PUFs is its reliance on EM emanations, predominantly captured from the near-field of the prover.This requirement for proximity inherently limits the potential attack surface, as it requires the attacker to be in close vicinity to the device.This contrasts with RF-based PUFs, where emissions can be intercepted from longer distances, which broadens the scope of possible attack scenarios.
MAG-PUFs also functions as a Strong PUF, capable of generating a vast array of challenge-response pairs.This capability is particularly advantageous in environments requiring highsecurity measures.Notably, MAG-PUFs does not necessitate the inclusion of an RF interface within the device, a requirement often seen in RF PUFs.This independence from RF interfaces further expands MAG-PUFs applicability to a wider range of IoT devices, including those without inherent RF communication capabilities.
The foundation of MAG-PUFs is built on Commercial Off-The-Shelf (COTS) setup, enhancing its practicality and ease of implementation.MAG-PUFs also can effectively detect the presence of impostor devices and unauthorized EM emissions, and thereby bolstering the security of the IoT network.
Furthermore, MAG-PUFs is designed to utilize an unlimited number of reference functions, offering greater flexibility compared to RF-PUFs, which primarily rely on wireless messages 19 and often utilize similar digital data streams.This capability to employ various reference functions allows for more dynamic and secure authentication processes, making MAG-PUFs a versatile and robust solution for IoT device authentication.
In addition, we also compare MAG-PUFs with PUF approaches in the literature through a methodology inspired by the comparison approach proposed by the authors in [23].We compare the performance of various PUFs by evaluating the Equal Error Rate (EER), i.e., the error rate of the specific solution where the False Acceptance Rate (FAR) equals the False Rejection Rate (FRR).As for MAG-PUFs, we calculate FAR and FRR using 3, 000 test samples from each of the 13 reference functions considered in our investigation.We report in Table 5 the EER of MAG-PUFs and various PUFs approaches from [23] and [20].We notice that MAG-PUFs achieves very low EER, Table 5: EER of MAG-PUFs and various solutions, as reported in [23] and [20].i.e., 0.0049, one order of magnitude lower than many other solutions in the literature.Some solutions, such as SRAM-PUF and Ring Oscillator PUFs, can achieve lower EER.However, they require additional components and conditions on the system, as discussed in Table 4. Whenever such considerations do not fit the system in use, using MAG-PUFs emerges as a valuable option.Finally, we provide a quantitative comparison of the approach in this paper to the solution in [9] in Table 6.From the table, it is evident that our solution presented in this paper can provide the same accuracy, but using much fewer computational requirements in terms of time and frequency span required for analysis, and also by significantly reducing the equipment cost.

Conclusions
In this paper, we introduce MAG-PUFs, a novel and lightweight physical-layer authentication solution tailored for re-source constrained IoT devices.MAG-PUFs operates by authenticating IoT devices through the unique characteristics of the unintentional EM emissions they radiate while executing specific functions.MAG-PUFs is empirically validated through an extensive experimental campaign.For this purpose, we utilized 25 Arduino IoT boards and a range of exemplary reference functions, collectively producing 325 unique classes.For detection and authentication, MAG-PUFs employs an autoencoder to identify and reject unauthorized IoT EM emissions samples.Additionally, a neural network (NN) model is utilized to categorize the EM emissions responses from various IoT devices and reference functions.The results of our experiments demonstrate a remarkable capability in detecting impostor devices and classifying EM emissions with a minimum of 0.99 F1-Score and excellent robustness metrics.MAG-PUFs is characterized by its high flexibility, robustness, and minimal overhead, making it particularly suited for environments where IoT devices cannot support complex cryptographic operations.
In summary, MAG-PUFs stands out as a highly effective solution for authenticating constrained IoT devices, particularly in scenarios where traditional cryptographic approaches are either impractical or need to be bolstered to ensure enhanced security.

Declaration of interests
☒ The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
☐ The authors declare the following financial interests/personal relationships which may be considered as potential competing interests:

Figure 1 :
Figure 1: Performance of Autoencoder detection of the imposter devices for the 13 reference functions run on the 25 Arduino devices, with each function considered separately.

Figure 2 :
Figure 2: Unintentional EM emissions recorded for around 4 s of each of the 13 reference functions, using an RTL-SDR configured with 2 MHz bandwidth, separated by black lines.

Figure 3 :
Figure 3: Unintentional EM emissions recorded for around 1 s of each of the 13 reference functions with 50 MHz bandwidth, separated by black lines.

Response 2. 8 :
Authors Bios and PhotosTitle: MAG-PUFs: Authenticating IoT Devices via Electromagnetic Physical Unclonable Functions and Deep Learning Authors: Omar Adel Ibrahim, RC3 Center, CEMSE Division, King Abdullah University of Science and Technology (KAUST), Thuwal, Saudi Arabia.omar.badreldin@kaust.edu.saSavio Sciancalepore, Eindhoven University of Technology, Eindhoven, Netherlands.s.sciancalepore@tue.nlRoberto Di Pietro, RC3 Center, CEMSE Division, King Abdullah University of Science and Technology (KAUST), Thuwal, Saudi Arabia.roberto.dipietro@kaust.edu.saOmar Adel Ibrahim Omar Ibrahim is currently a Postdoctoral Fellow at King Abdullah University of Science and Technology (KAUST), Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division, and affiliated with the Resilient Computing and Cybersecurity Center (RC3), Thuwal, Saudi Arabia.He received his Bachelor's degree in computer engineering from Qatar University in 2017, Master's degree in Cybersecurity in 2019 and the Ph.D. in computer science and engineering in 2023 from Hamad Bin Khalifa University (HBKU) in Qatar.His main research interests cover security and privacy issues in Cyber-Physical Systems (CPS), wireless networks, Internet of Things (IoT), and drones, in addition to Electromagnetic (EM) side channels and Machine Learning (ML) applications in the Cybersecurity field.Savio Sciancalepore Savio Sciancalepore is currently Assistant Professor at the Eindhoven University of Technology (TU/e), Eindhoven, Netherlands.He received his master degree in Telecommunications Engineering in 2013 and the PhD in 2017 in Electric and Information Engineering, both from the Politecnico di Bari, Italy.He received the prestigious award from the ERCIM Security, Trust, and Management (STM) Working Group for the best Ph.D. Thesis in Information and Network Security in 2018.From 2017 to 2020, he was a Post Doc researcher at HBKU-CSE-ICT, Doha, Qatar.He also serves as Academic Editor for various journals (Springer IJIS, Frontiers in Computer Science, Hindawi SCN).His major research interests cover cybersecurity and privacy issues in mobile, wireless, and Internet of Things (IoT) networks.Photo by Angeline Swinkels.Roberto Di Pietro, IEEE Fellow, ACM Distinguished Scientist, and Member of the Academia Europaea, is Full Professor in Computer Science at King Abdullah University of Science and Technology (KAUST), Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division, and affiliated with the Resilient Computing and Cybersecurity Center (RC3).He has been working in the security field for 25+ years, leading both technology-oriented and research-focused teams in the private sector (NOKIA Bell Labs), government (MoD), academia (HBKU, UniPD, UniRomaTre), and international organizations (United Nations HQ, EUROJUST, IAEA, and WIPO), other than being actively involved in strategic consultancy, start-up, and board activities.

Figure 2 :
Figure 2: Sequence diagram of the Enrolment phase of MAG-PUFs.

Figure 3 :
Figure 3: Sequence diagram of the different steps of the Authentication phase of MAG-PUFs.
Because of the normalization phase executed during the Features Extraction module, all the RSS of samples of unintentional EM emissions recorded in dBm are normalized to a value between 0 and 1.Specifically, the blue colour corresponds to values in the range [0 − 0.25[, the cyan colour maps values in the range [0.25 − 0.5[, the yellow colour indicates values in the range [0.5 − 0.75[, while the red colour is related to values in the range [0.75 − 1].

Figure 5 :
Figure 5: Unintentional EM emissions recorded for around 4 s of each of the 13 reference functions, using an RTL-SDR configured with 2 MHz bandwidth, separated by black lines.

Figure 6 :Figure 7 :
Figure 6: Reconstruction error of the autoencoder in MAG-PUFs for authorized EM emissions.

Figure 8 :
Figure 8: Reconstruction loss of the autoencoder in MAG-PUFs for authorized and impostor EM emissions, with a separating threshold.

Figure 9 :
Figure 9: Performance of Autoencoder detection of the imposter devices for the 13 reference functions run on the 25 Arduino devices, with each function considered separately.

Figure 10 :
Figure 10: Performance of the 13 reference functions on a given Arduino device, considering samples acquired through the RTL-SDR.

Figure 11 :
Figure 11: Receiver Operating Characteristic Curve (ROC) for the classification of the whole dataset of 325 classes using NN modelTable 3: Neural Networks Parameters Parameter Code (25 Classes) All Codes (325 Classes) Layers 1 Activation None None First layer size 10 50 Optimizer Adam Epochs 50 Standardize Data True

Figure 12 :Figure 13 :
Figure 12: Average variance of the most prominent 10 features of different reference functions (codes) extracted at 2 MHz bandwidth from each IoT board.

Figure 14 :
Figure 14: Unintentional EM emissions radiated from an Arduino IoT board during reference function (A2), when the antenna is placed above the board by 2, 5, 10, 20, and 50cm, respectively, separated by a black line.

Figure 15 :
Figure 15: Reconstruction loss for authorized and impostor EM emissions, with a separating threshold.

Figure 16 :
Figure 16: Reconstruction loss for authorized and impostor EM emissions, with a separating threshold.

Figure 17 :
Figure 17: Unintentional EM emissions recorded when an RF interference is present, for around 4 s of each of the 13 reference functions, using 2 MHz bandwidth, separated by black lines.

Figure 18 :
Figure 18: Unintentional EM emissions recorded for around 1 s of each of the 13 reference functions with 50 MHz bandwidth, separated by black lines.

Table 2 :
Neural Networks Parameters Comparison to existing PUFs.In this expanded version, we compare our solution to existing PUFs both qualitatively and quantitatively (see Sec. 7), showing its remarkable performances and advantages at the expense of the deployment of a few dedicated components.
• Background on EM fingerprinting and discussion of MAG-PUFs use cases.In this extended version of the manuscript, we provide a more comprehensive background on the EM fingerprinting technique and provide some examples of possible use cases motivating the deployment of MAG-PUFs.
authenticate itself as a legitimate node within the IoT network, effectively impersonating a target IoT device. illegitimately

Table 1 :
List of reference functions (codes) used in MAG-PUFs experiments.

•
Proximity Requirement for Data Collection: The probes used by MAG-PUFs are designed to capture electromag-

Table 4 :
Qualitative comparison of MAG-PUFs against competing solutions.
Click here to access/download LaTeX Source Files MAG-PUFs_Latex.zip