Physical-Layer Counterattack Strategies for the Internet of Bio-Nano Things with Molecular Communication

Molecular communication (MC) is an emerging new communication paradigm where information is conveyed by chemical signals. It has been recognized as one of the most promising physical layer techniques for the future Internet of Bio-Nano Things (IoBNT), which enables revolutionary applications beyond our imagination. Compared with conventional communication systems, MC typically demands a higher security level as the IoBNT is deeply associated with the biochemical process. Against this background, this article first discusses the security and privacy issues of IoBNT with MC. Then, the physical-layer countermeasures against the threat are presented from an interdisciplinary perspective concerning data science, signal processing techniques, and the biochemical properties of MC. Correspondingly, both the keyless and key-based schemes are conceived and revisited. Finally, some open research issues and future research directions for secrecy enhancement in IoBNT with MC are put forward.


I. INTRODUCTION
The past decades have witnessed great achievements in the Internet of Things (IoT).Despite being deployed on the general scale, the IoT is envisioned to be used in the microscale scenario when specific applications are required.Thanks to the advancement of nanotechnology, the concept of the Internet of NanoThings (IoNT) is conceived, where nanoscale devices can be connected intelligently.Despite having the potential for revolutionary applications, e.g., nano-scale healthcare systems and targeted drug delivery, the artificial nature of IoNT may bring a latent threat to the health system.Against this background, the Internet of Bio-Nano Things (IoBNT) is further presented as an updated version of the IoNT [1], where the synthetic biology domains are further taken into account, getting rid of the side effect of the IoNT.While 5G lacks the capability to support the IoBNT, 6G is envisioned to tackle this issue by forming heterogeneous networks, which include the nano-/micro-scale network with nano-devices [2].Inspired by nature, molecular communication (MC), which uses the characteristics of molecules for information exchange, has been recognized as one of the most prominent schemes for IoBNT due to its bio-compatibility, energy efficiency, and prevalence in nature [1].
Compared with the conventional network, the applications in MC networks, such as IoBNT, are usually associated with human health.Thus, a higher security level is required than conventional networks as the loophole can cause catastrophic consequences.To the best of our knowledge, the concept of nano-scale communication security was first proposed in [3], which suggests that traditional cryptography may not be feasible due to the lack of computing power and resource.When MC is deployed in IoBNT, the novel biochemical cryptography that exploits the biological and chemical features is required to improve the system's security in terms of key management, access control, authentication, etc.Following this work, the security and privacy of MC are discussed via a layered perspective (from the physical layer to the application layer) [4].In addition to the biochemical cryptography [3], other bioinspired network approaches based on artificial immune systems and swarm intelligence, are regarded as viable solutions to safeguard the nano-/micro-scale MC networks.Moreover, latent bio-terrorism against future healthcare applications (e.g., localization and search of the diseased cells) based on IoBNT with MC was introduced in [5].Specifically, the blackhole attack distracts the legitimate nodes from reaching their target by emitting chemo-attractants, while the chemo-repellents are used in another attack mechanism, called sentry attack.Concerning the properties of the IoBNT with MC, the authors designed lightweight methods for both attacks.
Over the years, the research of MC mainly focuses on information transmission efficiency, while its security is seldom studied.Motivated by the pioneering works [3]- [5] with regard to the MC security, the existing techniques dissatisfy the trust, secrecy, and privacy demanded by the prospective applications involved with IoBNT.Therefore, it is essential to revisit the achievements, and more importantly, explore novel solutions for the security enhancement of the IoBNT and other MC networks, which is the main contribution of this article.In the rest of this article, we first present the security requirement of the multi-scale MC networks, where the microscale scenario is emphasized.Then, we introduce physical layer security (PLS) with both key-based and keyless schemes to safeguard the MC networks.Finally, some open issues regarding the security of the MC networks are discussed, and a conclusion is drawn.

II. SECURITY CHALLENGES IN MOLECULAR
COMMUNICATION NETWORKS MC encodes its message according to the characteristics of the information molecule, such as concentration level, emission time/space, and molecular type.It has multi-scale deployments, ranging from the micro-scale scenario (e.g., cell signaling, cooperative targeted drug delivery within the IoBNT) to the macro-scale scenarios (e.g., deep ocean longdistance localization, covert messaging for the wave-denied environments).Despite having versatile applications, it faces security challenges like other communication paradigms.

A. Attacks in Molecular Communication
Figure 1 exemplifies the attack and eavesdropping cases in the natural multi-scale MC networks, where the blue circles represent the information molecules in each scenario.Like conventional communication systems, each layer in the MC system encounters its own attacks [4].As MC is still in its infancy, the research of the physical layer is at the top of the agenda, supporting the success of the higher layers.Attacks in the physical layer include hardware tampering, degradation of information molecules, jamming signals, etc.
Hardware tampering: It is one of the most fundamental attack mechanisms, in which the attackers break the communication devices physically.Here, a corresponding example in nature is the antigen-antibody interaction as Fig. 1(a) shows.To counteract such an attack, identification is the first step that determines the legitimacy of the nodes in the channel, which can be accomplished by the guard devices.Once the unexpected invaders are detected, they are destroyed by the guard devices.Owing to the biochemical nature of the microscale MC channel, a swarm of the nano-robots can serve as the guard devices by mimicking the functionality of the biological immune system, recognizing the malicious devices and destroying them.
Consequently, a higher security level can be guaranteed in this context, once the guard devices are self-evolving, behaving like an adaptive immune system.By incorporating data science (training and learning) and proper programming, they can tackle new challenges.
Degradation of information molecules: In MC, the messages are carried via the chemical features of the information molecules.Thus, their degradation deteriorates the quality of service in the MC networks.In this regard, the malicious devices may release the enzymes (e.g., lipase that catalyzes the hydrolysis of lipids), emit light (e.g., ultraviolet light that transforms the pro-vitamin D to pre-vitamin D), modify the local environment parameters (the high temperature that leads to the denaturation of the nucleic acids or protein), etc., to cause degradation or decomposition of the information molecules.As a result, the stability of information molecules is the top priority for the MC system design.
For instance, given the appropriate temperature, the ammonium ion (NH + 4 ) is stable in an acidic environment and can be used as the information molecule, while it is unstable in an alkaline environment.Furthermore, one may take advantage of the diversity provided by the ionic compound, which consists of positively and negatively charged ions, i.e., cations and anions, respectively.When sodium chloride (NaCl) is chosen as the information molecule dissolved in the aqueous channel (e.g., water), both the characteristics of sodium ion (Na + ) and chloride (Cl − ) can be used for information decoding.In this case, even if one type of the charged ions is removed from the channel, e.g., the malicious device releases silver ion (Ag + ) into the channel, synthesizing the silver chloride (AgCl) with low solubility, the other still exists, and the decoding process can be accomplished as well.However, the molecular diversity gain of the ionic compound is obtained at the expense of transceiver complexity.
Jamming signal: Malicious devices can severely affect the performance of MC by introducing jamming signals to disturb the reception of the legitimate receiver, causing error detection or false alarm events.As shown in Fig. 1(b), some spider species emit identical sex pheromones (jamming signal) of female moths, imitating their existence to attract the male moths and prey on them.Hence, novel signal processing techniques are required to counteract such attacks from the PLS perspective, which will be elaborated upon further in the next section.Moreover, Fig. 1(c) demonstrates a pest control strategy that uses the alarm pheromone of the aphid species, mimicking the alarm signal, to expel them and protect plants.

B. Wiretap Channel
Quorum sensing (QS) is the extracellular signaling among bacteria that coordinates gene expressions (e.g., virulence, biofilm formation, antibiotics resistance) via specific QS molecules.As Fig. 1(d) shows, the mast cells are found to use receptors, namely, Mrgprb2 and MRGPRX2, eavesdropping on the QS mechanism.Once the QS molecules are detected, mast cells are activated to secrete tumor necrosis factor, reactive oxygen species, and prostaglandin D 2 to fight against bacteria for sake of the host benefit [6].In light of this, malicious devices, on the other hand, may act as unintended receivers, obtaining vital information, and posing the threat to MC networks' security and privacy in addition to the aforementioned attacks.Compared with the macro-scale networks, the microscale networks bears increased privacy as the eavesdropper has to infiltrate in vivo.On the contrary, this indicates that higher security and privacy levels are required as the information being exchanged may contain health conditions or therapeutic plans, whose leakage may lead to a devastating impact.The countermeasures against wiretapping in MC networks include but are not limited to, secure channel establishment, localization of the eavesdropper, and secret transmission strategy.
Secure channel establishment: The random movement of the small particles in the fluid channel is known as the diffusion mechanism, which is prevalent in nature.It is also widely adopted in the MC networks as no external infrastructure or energy is needed during the propagation process of the information molecules.When no boundaries and external factors such as flow and reaction are involved, the spreading of a large amount of the information molecules follows an isotropic manner provided that the channel has a constant diffusion coefficient in all dimensions.Against this background, the free diffusion-based MC channels suffer from the same risk as a conventional wireless channel due to the broadcast nature.
To overcome this problem, one may establish a secure channel by changing the chemical pattern or building a new structure between the legitimate transceivers.For the former case, the legitimate transceiver can achieve the high directivity gain and low leakage of MC by the reflection of the transmitter and prior position alignment [7].This process is analogous to the beamforming technique of conventional wireless communication systems, and concerning the physics in the MC channel, the assistance of the flow can further enhance the secrecy performance.For the latter case, specific structures (e.g., axon) that convert the isotropic diffusion to the anisotropic diffusion can be deployed in the channel, creating a secure channel/zone for information transmission.

Isotropic diffusion Anisotropic diffusion
Figure 2 shows the corresponding diffusion pattern and the tensor image.Intuitively, information disclosure is avoided as the eavesdropper hardly captures the information molecules.Nevertheless, the success of both countermeasures is based on the premise that the position of the eavesdropper (its localization methods are discussed in the next subsection) is not close to the line of sight path between the transceiver or the orientation of the new structure.
Localization of the eavesdropper: Localization not only enables applications like targeted drug delivery, target search and rescue in MC networks, but also reveals the location of the eavesdropper to enhance the secrecy performance.The detection of a silent eavesdropper, which only listens in the channel without information transmission, is an arduous process.In conventional EM-based wiretap channels, the legitimate nodes detect the silent eavesdropper in light of its unintentionally leaked local oscillator power.However, this method may not be available in the MC networks when the biochemical property dominates in the physical layer.Alternatively, silent eavesdroppers in the MC channel may exhibit the absorbing phenomenon during the interception process.Thus, except for the detection of silent entities in MC, its localization can be further realized.So far, MC researchers have proposed the localization schemes of the silent eavesdropper from onedimensional (1-D) to three-dimensional (3-D) channels.
The authors in [8] first considered this issue based on a simple end-to-end system model with a point transmitter and two perfectly absorbing receivers.Note that the 1-D channel model applies to scenarios where the length dimension dominates, while the height and width dimensions are negligible, such as blood vessels, pipes, and tubes.In particular, detection and localization of the silent eavesdropper are conducted by the transmitter only as information transmission in the MC system is typically unidirectional, and feedback from the receiver may not be possible.Thereafter, the transmitter is further equipped with optical detectors, acting as a passive receiver to count the information molecules released by itself.With prior knowledge of the legitimate transceiver distance, the eavesdropper's location can be easily estimated via the reduction of the information molecules.
The issue above can be extended to the two-dimensional (2-D) MC scenarios, where the flat petri dish is one of the examples of the bounded channel.An unbounded 2-D channel with a point transmitter and two circular receivers that are perfectly absorbing is considered in [9].The legitimate receiver, instead of the transmitter, is used to detect and localize the eavesdropper.Since the channel modeling of multiple absorbing MC receivers is still under exploration, no analytical arrival distribution at the receivers is available.Motivated by the data-driven approach, a deep neural network is trained via the data generated from the particle-based simulator.It then employs the received signal vector, achieving error-free detection and a relatively high localization performance when the eavesdropper is in the vicinity of the legitimate transceiver pair.Inspired by data science, similar problems in other complicated channels can be solved as well provided that the training data is available and accurate [10].
Recently, the extension to the 3-D scenario is studied in [11], and the three-node MC network is considered as its 1-D and 2-D counterparts.Besides, the silent target (e.g., eavesdropper) remains an absorbing receiver, while the legitimate receiver is passive.The existence of the silent absorbing target affects the reception of the legitimate receiver, which can be reflected by the analytical channel impulse response (CIR).Based on the received signal vector, the transmitter-target and target-receiver distances can be obtained via the maximum likelihood estimation, realizing a relative localization of the silent target, whose performance can be further enhanced with extra receivers.Note that the distance between the legitimate transceiver pair is perfectly known in the schemes above, which can be achieved via the synchronization or channel estimation process.Despite being beneficial to the strategy of secure channel establishment, precise elimination of the eavesdropper can be achieved via the guard devices after the localization step.
Secret transmission strategy: Traditionally, encryption is deemed as one of the most secure methods paved for various communication systems.It relies on the secret keys governed by a reliable key management infrastructure and is typically applied in the upper-layer protocol.Thus, classical encryption may not be suitable for the MC network, where the research of the physical layer is still in progress, let alone the upper layers.Alternatively, variation of the physical channel enables the key-based encryption methods in the physical layer, which is detailed in the next section.

III. SAFEGUARDING MOLECULAR COMMUNICATION NETWORKS VIA PLS
PLS is an effective strategy for security enhancement that leverages the inherent features of the physical-layer communication channel from an information-theoretic perspective.It is not a competitor but acts as a complement to the conventional As a result, the classical encryption in conventional communication systems cannot be easily shifted to the MC system due to the lack of upper-layer protocols.The sufficiency of the physical layer research in MC, such as channel modeling, information theory, modulation, and signal processing, laid the foundation for PLS in MC networks, which is envisioned as a promising method for secrecy and privacy enhancement [2].Moreover, the study of the physical-layer model facilitates the high-layer realization, such as the BioBlock, which is the blockchain mechanism for the secrecy improvement in IoBNT [12].Despite having fruitful achievements in conventional communication systems, the PLS approaches in MC should comply with its system uniqueness.Compared with the computationally efficient devices in the conventional communication system, those in MC are usually energy-limited, especially for the micro-scale scenario.Additionally, biochemical property in MC leads to new challenges for secure signal processing techniques.Meanwhile, it brings opportunities as new features in the channel can be exploited for key generation.Two categories of PLS for MC, with or without key generation, are introduced as follows.

A. Keyless Security Strategy
Unlike the classical encryption schemes, keys are dispensable in certain PLS techniques, known as the keyless secure strategy.Sophisticated signal processing techniques, such as artificial noise, beamforming, and diversity, can be developed to ensure the secrecy of the MC networks.In the Alice-Bob-Eve model, Alice is the legitimate transmitter, whose intended target is the legitimate receiver Bob, while Eve is the eavesdropper that intercepts the information from Alice to Bob.The secrecy performance is quantified via information leakage, i.e., the difference of the mutual information between the Alice-Bob and Alice-Eve links.The upper bound of the information leakage is called secrecy capacity realized by a specific distribution of the input symbols, namely, capacity-achieving distribution.The secrecy performance of the diffusion-based MC system with concentration shift keying (CSK) is analyzed from an information-theoretical point of view, providing two paramount secrecy metrics, i.e., secrecy capacity and secure distance [13].However, only the estimation of lower bound secrecy capacity is derived as both links attain their channel capacity.The secrecy capacity highly depends on the system parameters such as the average signal energy, diffusion coefficient, and reception duration.Moreover, the distance between the transmitter and the eavesdropper is also an important aspect of secrecy performance.For both amplitude and energy detection schemes, secure distance is proposed as a secret metric, over which the eavesdropper is incapable of signal recovery.
Despite the case with CSK, the results of the secure metrics vary with the modulation type (e.g., pulse position, space, type) and reception mechanism (e.g., passive, partially absorbing, perfectly absorbing).For ease of understanding, Figure 3 depicts the modulation types and the corresponding CIRs with different reception mechanisms.Novel signal processing techniques and the biochemical channel properties can further assist the secrecy enhancement in the MC system.The molecular beamforming that avoids information disclosure can be realized via the flow generated in the channel.Besides, new dimensions of diversity, such as the aforementioned molecular diversity of ionic compounds, can be exploited.Note that the feasibility of these methods can be validated by the derived secrecy metrics.

B. Key-based Security Strategy
The rationale of key generation in the physical layer is kindled by the ideology of secret keys in the classical symmetric encryption method and the physical channel characteristics.The randomness in conventional wireless communication channels allows legitimate users to generate secret keys and exchange it without leaking to the eavesdropper.Thus, the key-based PLS only requires the channel characteristics of the legitimate link.It is a lightweight technique compared with its keyless counterparts, in which the channel state information of the eavesdropper is generally needed.Furthermore, MC is inherently abundant with randomness due to Brownian motion, time-varying biological environment, etc.As a result, the keybased PLS is more attractive for MC networks.
Tentative exploration of the molecular cipher key was first proposed in diffusion-based MC without resorting to the key management infrastructure [14].Three fundamental properties, i.e., temporal variance, channel reciprocity, and spatial decorrelation are satisfied in this case.The mobility of the devices is one of the main factors that causes channel variation.In the macro-scale MC networks, the devices are mobile when attached to the external moving infrastructure.In the microscale MC networks, the motion of the nano-scale devices can be either random (e.g., Brownian motion) or actuated by motors [15].As a result, the distance of the legitimate link is selected for key generation, whereas Alice and Bob mutually estimate the distance between them, while Eve cannot obtain the key based on its observations.Note that the fast timevarying channel mimics the one-time pad for secret keys, which is hard to be cracked by Eve.Besides, the diffusionbased MC system possesses channel reciprocity, and spatial de-correlation can be provided when Eve is incapable of following Bob.After randomness extraction, the quantization process maps analog measurements (e.g., distance) to binary bits based on the pre-defined thresholds and the quantization levels.The noisy observations in MC and the limitation of the nano-/micro-scale devices tend to secret key mismatch, degrading decryption performance in the legitimate link.To solve this problem, information reconciliation is the next stage that implements lightweight protocols or error-correcting codes for secret key correction, reducing the key disagreement rate, but some information may be leaked to Eve.By using the extractor or hashing functions, the privacy amplification stage allows Alice and Bob to distill the secret key, while Eve obtains a negligible amount of the information.As information reconciliation and privacy amplification appear together, a low-complexity joint design suitable for the MC system is necessary.The feasibility of the key-based PLS for MC is reinforced by the observations from a macro-scale prototype, which can be scaled down to the micro-scale scenario [14].Figure 4 illustrates the PLS with key generation for the MC network, where the blue circles are the information molecules over the MC wiretap channel.

IV. OPEN CHALLENGES AND FUTURE DIRECTIONS
There are still some open challenges for the security of the IoBNT with MC.Meanwhile, this section discusses some future research directions as well.
Complex channel characteristics: The IoBNT channel undergoes stochastic nature as a variety of mechanisms are involved, such as diffusion, background flow, and biochemical reaction.As a result, inter-symbol interference (ISI) and noise with signal-dependent variance are introduced to the IoBNT channel.The channel is highly complex whose model is hard to characterize and differs in both time and space dimensions.Against this background, it is hard to obtain the analytical solution of the secrecy capacity-achieving distribution that jointly considers both channel links.Motivated by the datadriven methods, machine learning techniques can be used to solve this problem provided with sufficient data [9].Moreover, the channel reciprocity may not hold in some channels when the CIR or received signal strength is used as the random source for key generation.To be specific, as shown in Fig. 5, the noisy CIRs of the legitimate transceivers are approximately the same in the free diffusion channel (without flow), while they are asymmetric in the advection-diffusion channel due to the influence of flow.In this case, the channel parameters that are equivalent for both legitimate transmitter and receiver should be employed, e.g., distance.
Novel signal processing techniques: Unlike conventional communication systems, signals in MC have the constraint of being non-negative and real due to the discrete nature of the molecular particles.Besides, molecular signals are influenced by ISI and non-stationary noise.In this case, conven-tional secure techniques, including artificial noise generation, beamforming, etc., cannot be implemented for MC networks.The signal processing techniques in optical communication systems are mature due to their long history compared to those in MC, and they can be inspiring since both photonic and molecular signals share similar properties with respect to signal constraint and noise characteristics [10].As MC bears the biochemical properties, the underlying cell signaling may provide novel signal processing methods against attacks and wiretapping, where interdisciplinary efforts are required to reach this goal.
V. CONCLUSIONS

Fig. 1 .
Fig. 1.Natural attack and eavesdropping examples with the MC mechanism.