Review of Physical Layer Security in Molecular Internet of Nano-Things

Molecular networking has been identified as a key enabling technology for Internet-of-Nano-Things (IoNT): microscopic devices that can monitor, process information, and take action in a wide range of medical applications. As the research matures into prototypes, the cybersecurity challenges of molecular networking are now being researched on at both the cryptographic and physical layer level. Due to the limited computation capabilities of IoNT devices, physical layer security (PLS) is of particular interest. As PLS leverages on channel physics and physical signal attributes, the fact that molecular signals differ significantly from radio frequency signals and propagation means new signal processing methods and hardware is needed. Here, we review new vectors of attack and new methods of PLS, focusing on 3 areas: (1) information theoretical secrecy bounds for molecular communications, (2) key-less steering and decentralized key-based PLS methods, and (3) new methods of achieving encoding and encryption through bio-molecular compounds. The review will also include prototype demonstrations from our own lab that will inform future research and related standardization efforts.


I. INTRODUCTION
O VER the past few decades, the sizes of electronic devices have shrunk by several orders of magnitude.One consequence of increasing miniaturization is that we can now carry, wear, and embed advanced machinery on or inside ourselves.The World Economic Forum identified nano-scale Internet-of-Things (IoT) as a top 10 emerging technology and efforts to standardize the communication network technology have been underway since 2015 under IEEE P1906.1 [1].
Current IoT systems are silicon-based hardware that process mainly electrical and electromagnetic signals -the basis for storage, communication, and computing.The scalability (cost, energy, size) of current silicon-based IoT devices does not meet all of our emerging and future demand.For example, embedded in-vivo IoT systems for healthcare often need to be bio-compatible and transmit signals in compact cellular environments.These so-called Internet of Nano-Things [2] have particularly unique signal processing and communication security challenges which we will explain later.At the basic level, the complex biological environment often weakens electromagnetic signals and puts strict restrictions on radiation.Furthermore, nanotechnology device dimensions shorten the wavelength to the THz regime and this puts further constraints on transmission range and efficient signal processing.
Hence, research has been motivated by molecular-based communications, which is prevalent in nature across multiple scales (e.g., from intra-cellular to inter-species level).For example, we already know that artificial DNA data systems promise to reduce encoding and storage costs by 100x for the same capacity and endurance performance [3].They also offer new secrecy, bio-compatibility, and resilient networking paradigms -as we will see throughout the rest of the review paper.Therefore, there is tremendous excitement to understand the signal processing of Internet-of-Nano-Things (IoNT) networking [2], [4], [5].
As previously mentioned, the application of IoNT in healthcare especially is far-reaching: the ability to monitor a variety of physical and biochemical states (i.e., wound recovery [6], chrono drug delivery [7], localization [8], and coordinated micro-surgery.There are a few competing technologies for nano-communication for IoNTs (e.g., THz, magnetic induction), but our primary focus in this review is molecular communications.Beyond healthcare, there are a variety of heavy industry and defence & security use cases [9] and molecular networking could be a new air interface for 6G Beyond [10].In recent years, up-scaled experimentation has provided some of the foundations for bridging theory and practice in molecular communications for IoNT (see review in [9]).

A. Existing Cybersecurity Reviews
This review paper is focused on the unique signal processing techniques needed to ensure there are secure molecular communications (MC).It is envisaged that IoNT devices have low computation and energy, therefore they need to have a flat computing architecture and simple security architectures, which differentiates themselves from traditional electronic cybersecurity which is a multi-layered approach (e.g., separate modules and layers against spoofing, authentication, communication errors, and eavesdropping).As such, physical layer security (PLS) presents an ideal framework to leverage on the physical signal vectors to improve security.Our review primarily focuses on the PLS aspects of MC [11].We will see throughout the paper how different propagation physics (e.g., molecular diffusion-advection vs electromagnetic radiation) affect signal processing, cybersecurity risk profile, and mitigation design.
Existing reviews in MC generally do well in identifying the proprietary challenges faced by nano-machines in a contained biological environment.In one of the first MC cybersecurity reviews in 2012 [12], it was reviewed that disrupting the molecular propagation pathways is likely to be the most effective form of attack (e.g., saturating the chemical signaling channels with a biochemical agent or interfering with the biophysical propagation mechanisms such as blocking bio-membranes).Therefore for the attacker, without access to the bio-environment and its own set of capable nano-machines, the disclosure, deception, and usurpation risks are relatively small, whereas the disruption risks are relatively much larger.
Penetration attacks with the insertion of equivalent or superior IoNT devices create new attack vectors and relevant research.For example, one would be interested in the achievable information theoretic secrecy rate for a given distribution of unknown eavesdroppers [13], [14], how to detect information leakage and infer the location of eavesdroppers [15], and the potential for innovative biochemical cipher keys.These topics will be the focus of the review in this paper.On the one hand, we can borrow a great deal of knowledge from the decades in wireless security to provide a physical layer security (PLS) framework, which was discussed in the first review in this area [16], but we must also develop new techniques to encrypt molecular messages, which has not been researched sufficiently.
The aforementioned 2 attack areas of disruption and secrecy rate leakage raise new communication theory and signal processing research: • robust and efficient channel estimation signal processing to counter unexpected changes in channel physics.
Local biochemical and biophysical changes can lead to incorrect channel state information (CSI) estimation which can cause a wide range of issues from decoding errors to inconsolable PLS key generation.
• reduce information leakage rate to counter hidden eavesdroppers and improve the secure information capacity of the channel.Here, the completely different propagation physics of MC lends to new analysis and signal processing requirements compared to radio communications.

B. Gaps in Review Knowledge & Contributions
Current cybersecurity reviews in molecular communications are very few.We found only 2 dedicated reviews more than 8 years old [12], [16], and a recent general review on MC that touched on cybersecurity [17].New cybersecurity research is rapidly emerging, and a review of their progress and future research areas is needed.
Here, we take a information theory and communication signal processing led review of the cybersecurity research opportunities in molecular communications, primarily at the physical layer level.Our review is organised as follows (see Fig. 2), spanning different technology complexity and security capabilities: • Overview of threat regions and consequences for IoNT molecular communications (Section II) • Quantitative review and analysis of the informationtheoretic molecular secrecy and leakage rate, as well as mitigation strategies (Section III) • Review of molecular physical layer security techniques that exploit diffusion-advection propagation physics (Section IV) • Discuss and review future research in this area, such as DNA-based molecular encryption techniques (Section IV) Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.To highlight the novel differences between PLS in molecular communications compared to radio frequency (RF), we explain in Section II that the biophysics propagation is different and the signal feature space is also different.In RF, we leverage on the IQ diagram (e.g., phase, magnitude).Recent research in RF focus on developing transforms and neural networks that can cancel out channel variations to uniquely create robust authentication fingerprints or cipher keys.In molecular communications, we must identify new features and signal processing transforms that are robust to new channel variations (e.g., diffusion-advection currents).This requires both new signal processing and communication theory frameworks and hardware for achieving it.As a result, the achievable bounds in secrecy and key rate are different (see Section III-IV).In Section V, we further exploit biochemical aspects of molecular communications for security by examining features of protein or DNA molecules, and how a shared environmental condition between transmitter and receiver can act as a non-digital cipher key to encrypt data.A small lab demonstration is shown, which we believe is reasonably novel and we hope the editor and reviewers find this interesting as a motivation for further research.

II. CYBERSECURITY OVERVIEW FOR MOLECULAR IONTS
A. Bio-Informatic Channels Transform Security Challenges PLS (in both radio-based and molecular-based communications) requires the derivation of security properties from the physical signal and channel.We review here the key differences between classical RF wireless channels and molecular signal channels, which are [25], [26]: 1) Externally Controlled Propagation: radio signal directionality in radio frequency is controlled by the transmitter (e.g., beam-steering, beam-forming), whereas molecular signal directionality is largely controlled by the channel dynamics (e.g., co-flow, vortices) because high frequency features that gives rise to molecular signal directionality rapidly lose momentum after emission via the diffusion and mixing process.As such, RF signal loses power according to distance ∝ d −α , α = 2 − 4, whereas molecular signal loses power according to ∝ exp(−d 2 )/d β , β = 0.5 − 1.5 [27].This means that whilst RF signal processing can rely on high frequency signal features, molecular signal processing cannot, and must rely on alternative features such as vorticity (see Section IV). 2) Reactive Interference: radio signal interference is determined by the co-frequency of the carrier band, whereas molecular signals are determined by the chemical compound and how it reacts with other compounds.Therefore, the surrounding environment in RF simply acts as passive reflection or absorbing surfaces -contributing to a multi-path and attenuation effect.On the other hand, a biological environment in molecular communications can entrap, delay, or even alter the signal through reactions and complex interactions.As such, whilst some of the basic threat vector notions of eavesdropping, spoofing, and jamming apply to molecular communications, these notions require careful thought and rework in the context of new channel models and signal modulation constellations.For example, diffusion-advection propagation means eavesdropping in the distance is far less likely, but interference from a wide range of reactive chemicals [28] and biological predation (e.g., bacteria eating RNA signals) means a transport host is often needed [29].It is in this light that we qualitatively review the current cybersecurity papers in the literature below, as well as identify new threat vectors and opportunities for wireless research.

B. Review of Threat Vectors and PLS
In current autonomous systems and IoT systems, jamming and spoofing account for over 75% of attack vectors and this is largely conducted on the wireless and guidance systems [30].However, the landscape for how attackers will disrupt nano-scale molecular IoNT remains unknown.We broadly review molecular IoNT security within the STRIDE landscape first to get a broad understanding, before focusing on why PLS is important: 1) Information Disclosure: molecular propagation inside a body makes disclosure and leakage possible, but the survival of meaningful and complete molecular signals in the wild is challenging.Research in this space (Reviewed in Section III) focuses on quantifying the secrecy rate and leakage rate for a wide range of propagation channels and noise distributions, developing new molecular communication measures for secrecy rate loss, as well as developing signal processing mechanisms to mitigate information leakage.2) Spoofing or Repudiation: IoT devices are unlikely to carry sophisticated authentication and destination tags and will therefore be vulnerable to spoofing attacks that inject artificial signals to falsify information.Therefore, low-cost PLS that secures messages is critical.Research in this space (Reviewed in Section IV) focuses on developing robust signal feature extraction for low-complexity  [20].However, it is also a very invasive and potentially harmful attack method which we do not review in this paper.4) Tampering or Elevation of Privilege: is not likely given the embedded nature of IoNT devices and the relatively high technological requirement for their reconfiguration or tampering or elevation of privilege to control communications.This requires insertion, localization [31], evading anomaly detection [32], and tampering to be jointly successful.There are a myriad of detailed scenarios on how molecular-based IoNT systems can be attacked and we detail their corresponding recent research in Table I.We can see that when we divide them into whether they rely on internal IoNT help or not, and whether the IoNT is part of the adversarial threat or merely a target: we can see that most of the threat either involves internal IoNT friendly actors or large-scale external attacks.As such, our review targets the following novel research areas: (1) maximizing molecular secrecy rate between internal IoNT devices (Section III), (2) generating cipher keys through low-cost common channel features (Section IV), and (3) emerging future research in molecular level encoding (Section V).

III. KEY-LESS SECURITY
Key-less PLS exploits spatial-temporal knowledge of either the legitimate receiver and/or the eavesdroppers to prevent a number of attacks.In radio-based communication, knowing the eavesdropper(s)' locations (distributions) traditionally allows multi-antenna systems to perform beam-steering to reduce information leakage to Eve or angular momentum modulation to distort side-beam data leakage to Eve.However, in molecular communications, this can only be done when there is assistance from channel flow or at very close distances [33], or with specially generated vortex rings, which is uniquely propagates molecular signals over long distances and can be guided by infra-red beams [34].

A. Secrecy Rate Bounds
Unlike RF communications, molecular eavesdropper localization is uniquely possible in molecular communications because the number of molecules a receiver has to absorb usually [15], [22] (e.g., even passive optical receivers can still trap molecules).Furthermore, if the channel state information (CSI) is known (e.g., molecular channel co-flow properties), one can maximize the secrecy rate via the following secrecy capacity analysis, which we review below.
Secrecy rate analysis is particularly relevant when a malicious insider IoNT is used to eavesdrop on other legitimate IoNT data (see Table I) [35], collect channel state information (CSI) [36], as well as hardware information (e.g., fingerprint device transmitter characteristics [37]).The achievable secrecy rate (secrecy capacity or secrecy loss [21]) of molecular IoNT devices depends highly on the transmitted molecular signal volume, the location (or location distribution) of the eavesdroppers, and how absorbing its receiver is relative to those of Alice and Bob.This analysis has been recently performed for a variety of secrecy loss metrics [21] and for different bio-inspired channel geometries [18].
Combining the information-theoretic security with the specific molecular channel models, the secrecy capacity predominately scales as follows [13], [14]: where d l and d e are the communication distance between the legitimate receiver and Eve receiver.In Eq. ( 1), the expression of the secrecy capacity C S is different in concentration and timing MC channels, whereby the former uses the number of molecules to convey information bits, whereas the latter modulates the information bits via the release time of the molecule.
The work is recently extended to general Gaussian distribution of eavesdropper locations (e.g., unknown but large no. of IoNT devices follow some distribution) [19] and also a prediction algorithm for the hidden location of Eve given it is absorbing [15].This enables the potential of then localizing the eavesdropper(s) and either pacifying it or allowing beamforming to reduce information leakage.As a proof-of-concept simulated demo, we designed a mobile IoNT scenario where Bob and Eve continuously move (Bob randomly in a Gaussian-distributed fashion, and Eve rotates around Bob).In Fig. 3 we show the molecular IoNT secrecy capacity [14] variation with total channel capacity and eavesdropper detection chance [15], [38].This is different from radio communications because passive Eve detection is possible due to the absorbing (chemical reaction) nature of molecular communications.We used the results in [14] to demonstrate a bifurcation in the secrecy capacity and eavesdropper performance with 3 zones of interest: (1) when Eve is very close to Alice and the A-B secrecy capacity and capacity are both close to 0, e.g., then the ability for Bob to detect Eve is minimal due to high noise to signal ratio estimation issues, (2) when Alice is close to Bob and we can achieve both high secrecy capacity and total capacity, and (3) when Alice to Bob distance is high and whilst some reasonable total capacity can be achieved, it is sensitive to Eve and the secrecy capacity is low.What remains to be done is a more representative analysis of the secure information capacity of complex fluid dynamic channels representative of obstacle-rich in-vivo environments (e.g., the conditional mutual information of Reynolds Averaged Navier-Stokes dynamics).

B. Maximizing the Secrecy Rate
To maximize the secrecy rate in MCs, current researches depend on whether the instantaneous CSIs of legitimate and malicious users are known.
1) Known Molecular When such CSIs are known, [14] provides a secure distance d E , by identifying the number of transmitted particles, Q, so that any Eve that is d E far from legitimate Tx cannot measure the number of particles that is more than the detection threshold γ , i.e., 2) Unknown Molecular CSI: In the absence of the instantaneous CSIs of legitimate and malicious receivers, directly maximizing the secret rate is of great difficulty.Instead, suboptimal metrics are designed by [13] and [39], which are reviewed in the following.
(i) Maximum achievable fractional equivocation (MAFE) is generally used to characterize the decoding error probability of Eve, and is defined as: where R S is the actual secrecy rate.By taking Eq. ( 1) into Eq.( 3), MAFE for MCs is obtained, which links Eve's error with parameters like R S , d l , and R B (the transmitting rate).
(ii) Generalized Secrecy Outage Probability (GSOP) is defined as the probability that the MAFE is less than a small threshold, i.e., P( < ¯ ).This indicates the probability of Eve's small decoding errors is limited by ¯ .Then, optimal parameters of legitimate nodes can be derived by: min Here, C B is the channel capacity of the legitimate channel, and R S • P(R B ≤ C B ) represents the throughput that has to be greater than a required threshold .
(iii) Average Fractional Equivocation (AFE) represents Eve's overall decoding error probability, which is expressed as E( ).AFE provides another security metric, which gives legitimate parameters by maximizing its value but with required legitimate throughput, i.e., max (iv) Average Information Leakage Rate (AILR) gives an expression of I (X ; Z ) via the definition of MAFE, i.e., I (X ; Z ) = E((1 − ) • R S ), which represents the amount of information that is leaked to Eve at rate R S .Leveraging AILR, the optimal configuration of legitimate parameters should minimize the information leakage but hold the required legitimate throughput, i.e., min

IV. KEY-BASED SECURITY: EXPLOITING COMMON PHYSICS
Developing physical layer wireless key-based security is particularly relevant when there are external channel attacks or eavesdroppers (Table I), and more bio-inspired robust methods to secure the molecular messages at the channel level are required (see Section IV).
Key-based security uses mutual channel properties between IoNT nodes to create distributed cipher keys without public key cryptography requirements [19].At an authentication level, unique channels can be used to accept or reject IoNT  devices as a way to fingerprint their location dependent channel [43], however this can prove unreliable in real dynamic channel environments where the channel changes or the location varies.For key-based PLS in traditional wireless systems, we have reciprocal channels and use features such as modulation patterns [44].
In molecular IoNTs, we are expected to use molecular signals in realistic non-isotropic fluid dynamic channels, which are non-reciprocal and can be subjected to dynamic advection forces that reduce the communication coherence time.This on the surface rules out physical layer secret key generation which typically relies on reciprocal channels.However, the non-reciprocal channel between Alice and Bob still shares properties that are dynamic, common, and unique, which can be teased out.
We give a comparison of radio and molecular PLS key differences in Table II and showcase some example feature (bottom) molecular PLS uses features extracted from PIV traces and velocity/vorticity contours [42].In molecular communications, the common features can be the ambient co-flow velocity and vorticity field, unique to each spatial channel.That is to say, X-to-Eve would yield different co-flow fields to Alice-to-Bob.Exploiting this, one can design the PLS cipher key generation process in 3 stages (see Fig. 4 for real laboratory demonstration of molecular PLS): 1) Alice and Bob try to converge on a common estimation of the ambient co-flow velocity and vorticity field between them.High-dimensional metric combining techniques can be used to enrich the features [45] 2) Remove estimation noise and create feature embeddings to generate a key.3) Generate on a common cipher key based on their correlated but imperfect channel estimates by employing Slepian-Wolf source coding for example.Then add an information reconciliation stage to reach an agreement (e.g.secure sketch technique) and privacy amplification with AES implementation [24].
Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.

A. Low-Complexity High-Dimensional Molecular Signal Feature Extraction
As the realistic molecular communication channel is often unknown, existing coherent schemes (e.g., the state-of-the-art maximum a posteriori, MAP) have to pursue complex channel estimation and ISI mitigation techniques, which will result in either high computational complexity, or poor estimation accuracy that will hinder the detection performance.For the secret key generation in the physical layer, existing common feature extraction can be categorized into two families.
1) Data Driven CSI Estimation: The first family relies purely on the legitimate CSI or channel-related parameters measured by two legitimate nodes.This includes the feature constructed directly by estimated CSI [46], [47], or the mathematical combinations of the received signals to further depress the noise or inter-symbol interference (ISI) effects [45], [48].Specially, the work in high-dimensional feature extraction designs in [45] provides a high-dimensional feature extraction, which is able to resist noise and ISI, and further contains most of the channel randomness by its high-dimensional structure.Many unique features of the transient effects of molecular signal propagation are different from radio signals, such as (see Figure6) [45]: (1) the local rising edge metric when a molecular pulse first arrives at the receiver, and (b) the successive properties that contain the inflexion metric and the energy-difference.The realization of this high-dimensional non-coherent scheme is to use a Parzen window technique-based probabilistic neural network (Parzen-PNN).Parzen-PNN has the ability to approximate the multivariate posterior densities by taking the previous detection results into a channel-independent Gaussian Parzen window, thereby avoiding the complex channel estimations.The complexity of the posterior computation is shared by the parallel implementation of the Parzen-PNN.By deducing the theoretical bit error rate (BER) for any constructed highdimensional non-coherent metric, the authors in [45] proved that higher dimensionality always achieves a lower BER in the same sample space, at the expense of higher complexity on computing the multivariate posterior densities.Leveraging these methods, common features of two legitimate nodes can be obtained for physical layer secret key generation.
2) Randomness Injection Methods: The second family exploits not only the channel randomness but also induces extra entropy from the signal space.From the theoretical point of view, this includes one-way and two-way randomness injections.The one-way randomness injection refers to one legitimate node (Alice) transmitting a random signal and the other one (Bob) transmitting a public pilot sequence.Then, the common feature is Bob's received signals, which can also be constructed by Alice via the combination of the transmitted random signal and the estimated legitimate CSI.In comparison with the pure CSI-based feature, such a one-way randomness feature contains more entropy from not only the channel randomness but the random signal space induced from one legitimate node, therefore capable of providing a higher secret key rate (SKR) to secure the communication channel.
Then, to further speed up the SKR, two-way randomness injection is proposed and has been widely used in radio-based wireless communications.In the two-way method, two legitimate nodes send random signals to each other and use their sent and received signals to construct the common feature.In this view, the entropy of the common feature involves the channel randomness and the two-way randomness of the transmitted signal space, which thereby is able to increase the SKR as opposed to one-way and pure CSI feature-based secret keys.In the context of molecular communications, the work in [19] firstly designed a two-way based secret key generation for concentration channel, whereby Alice and Bob send binary randomness and construct the key via the sent and detected bits.However, (i) the scheme does not fully exploit the randomness of the signal space (i.e., only binary space is used), and (ii) they throw away the channel randomness by their usages of signal detection.As such, the SKR is far from reaching its limit, and can be still improved by more sophisticated signal space and feature extraction designs.

B. Real-World Demonstration of Key-Based Molecular PLS
We show a demonstration of a simpler version of the molecular PLS scheme for isotropic channels where the distance estimation is used as a way to generate cipher keys -this was recently published in [24].As shown in Table II, instead of a spectrum analyser for RF signal features, we show how to use Particle Image Velocimetry (PIV) to capture essential physics-based signal features (e.g., fluid dynamic properties) that are common between Alice and Bob.A key area of research that has not been done will be key convergence rate using a variety of co-flow channel estimation methods such as sequential Bayesian detection with random finite sets (RFS) or exploiting recent advances in deep learning to classify the common ambient vector field.
In summary, PLS in molecular communications is different compared to RF, because the biophysics propagation is different and the signal feature space is also different.In RF, we leverage on the IQ diagram (e.g., phase and magnitude) and also often using high frequency signal features.In molecular communications, we must identify new features and signal processing transforms that are robust to new channel variations (e.g., diffusion-advection currents), and because diffusion erodes high frequency signal features, we must rely on other features such as vorticity.Furthermore, the surrounding environment in RF simply acts as passive reflection or absorbing surfaces -contributing to a multi-path and attenuation effect.On the other hand, a biological environment in molecular communications can entrap, delay, or even alter the signal through reactions and complex interactions.Even the hardware requirements for doing this are significantly different (PIV for molecular tracing and analysis instead of spectrum analyser).As such, molecular communications PLS requires both new signal processing, communication theory frameworks and new hardware.

V. PHYSICAL ASSET SECURITY: MOLECULAR ENCRYPTION
Molecular communication leverages on diverse biochemical compounds.Some have properties which can be modulated by external forces such as temperature.To further demonstrate real lab based biochemical PLS that is unique to molecular communications, we show how security can be achieved by exploiting temperature-modulated features of protein molecules.

A. DNA-Based Information With Environment-Based
Public Key DNA communication is one example of structural-based molecular communication, whereby the information is modulated by the structure of molecules, other than the concentration or timing.
Encoding and modulating information on DNA strands is an emerging fundamentally new alternative to electronic and magnetic systems with orders of magnitude advantages in: durability, reliability, and high-volume data density [3], [49].Current practices of modulating information onto DNA strands include bar-coding [50].One can modulate and encode information on the DNA nano-structure at the transmitter by inserting highly conductive gold particles for 1 and leaving blanks for 0. At the receiver side, a nanopore 1 is used which consists of a pipette that draws in the DNA strand and reads its nano-structure for information.This uses a patch-clamp data acquisition technique, which includes noise cancellation signal processing and a signal feature detection algorithm (e.g., pCLAMP).The process faces challenges in attaching gold particles consistently (chemical reaction) and an optimization problem exists in the trade-off between long DNA strands (high bit/symbol) and structural shape for reliable decoding (long strands will curl making reading difficult).
Current state-of-the-art strategies rely on the encoding and decoding of long single strands in a laboratory setting, where DNA strands can be arbitrarily long.To exist in a real practical environment, DNA needs to survive inside a living host (e.g.bacteria).In such a case the long strand must be fragmented in order to fit inside bacteria without disrupting the 1 Nanopore is a micro-fluidic sensor that can convert certain molecular structure readings into digital signal for analysis.It is marketed and most commonly used for DNA analysis, but other molecules can also be used.
host's functionalities.Fragmentation and re-assemble of DNA strands in the correct order opens it up for security attacks, e.g., an attacker can lure the bacteria to make the information received by legitimate receptors incomplete, and even more decode the information via its lured DNA fragments, which, however, is an area of research not currently investigated.Whilst the legitimate nodes can apply basic error correction coding ideas to deal with the incomplete fragment issue, these have a finite error detection and correction capacity and a high DNA overhead.Here, our recent research has investigated how to achieve: • short strand DNA information bearers • implement a common key pool, where environmental parameters that influence the molecular structure is the cipher key -see Fig. 7.In temperature-encrypted complementary short DNA complementary strands (e.g., 1 encryption DNA strand, 1 informationbearing strand), every temperature-encrypted strand will be designed so as to have different lengths and therefore hybridize in a specific location with the information-bearing strand at a specific temperature.Here is the step-by-step process: 1) The system will be optimized so that the modulated information of the information-bearing strand is read at a specific temperature (known by the decoder).The temperature variation can act as a cipher key in a common pool known to only legitimate nodes 2) After the modulated information strand is read (at the right temperature), the strand will be passed on to a high-temperature stage (above the melting temperature of the complementary strands) before reaching a sequencer where the information bearing single strand will be read.Our system will therefore enable us to read the information stored on the DNA and assign it a unique ID.This approach is critical when trying to piece together information from various sources, but it can also be useful for additional security encoding such as considering the temperature as a layer of security to avoid eavesdropping in communication channels.The system can be optimized so that the temperature cipher code is known through the standard steps of key consolidation and secrecy maximization between transmitter and receiver.

B. Proof-of-Concept Demonstration of Micro-Fluidic Protein Signal
There are a number of ways to encode molecular information in bio-molecular compounds beyond DNA/RNA strands, such as using carbohydrates and gas compounds [23].In our novel work shown in Fig. 8a, we have demonstrated some of the possibilities using a biosensor to detect encoded Bovine Serum Albumin (BSA) protein molecules by means of a nanopore.We hypothesize that the temperature and other environmental conditions will affect both the modulated and detected signal and therefore act as a common key.
The proof-of-concept setup in Fig. 8a consists of a fabricated glass micro-fluidic channel with a reservoir, pump, electrolyte carriers, and nanopore sensing.The receiver is a Digi-data 1550B digitizer with MultiClamp 700B amplifier with pClamp detection software to record the acquired BSA Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.protein signal.In principle, nanopore works based on simple resistive pulses, and the molecules can be detected by the exclusion of ions when they go through a nanoscale channel.From the shape of an individual protein detection event, information about the physical and chemical properties of the protein molecule can be inferred (e.g., in Fig. 8b temperature at transmitter acts as an encoding cipher), which correlates with the initial environmental conditions at the transmitter, and hence provide a form of environment-based security.Our initial laboratory results pave the way for future work on encoding and decoding DNA molecules.

VI. CONCLUSION & FUTURE WORK
Here, in this novel review, we showed that new vectors of attack and new methods to achieve molecular information security are emerging.This review examined recent work spanning the secrecy information rate of molecular channels, using environmental conditions as cipher keys, to how to encode data using unique sparse signal patterns.Much more work is needed in this space, not only because of its cross-disciplinary nature, but also because building the first experiments in IoNT security takes time and significant funding.The maturity of this work is currently at Technology Readiness Level (TRL) 2-4, and we have shown 2 of our novel proof-of-concept demonstrations by our lab [9].We have also reviewed the work by others around the world [3], [23] in this paper.In almost all our work, there is a direct experimental platform or a connection to one.The work leverages more established synthetic biology and cybersecurity research to bring about innovation for molecular IoNT.
Future work directions are exciting and require combined efforts from information theory, network science, cybersecurity, and bio-engineering research to build real IoNT systems that tackle 3 main research areas: (1) better analysis of the secure information capacity of complex fluid dynamic channels representative of in-vivo environments (e.g., conditional mutual information of Reynolds Averaged Navier-Stokes dynamics), (2) embed security-by-design in the molecular properties to achieve biochemical information security, and (3) create robust ad-hoc molecular IoNT network protocols that are lightweight.I believe these contribute towards emerging standards such as P1906 and future 6G wireless systems [9], [51].

CONFLICTS OF INTEREST
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Fig. 1 .
Fig. 1.Molecular communications can connect different Internet-of-Nano-Things (IoNT) to create a chrono-synchronized health monitoring and drug delivery ecosystem.Security risks presented by new molecular information physical channel is a new research frontier.

Fig. 2 .
Fig. 2. Review paper focuses on molecular communication security, ranging from keyless and key-based physical layer security (PLS) to Public Key Cryptography (PKC) using Molecular Compounds.These incur different laboratory costs in equipment and security capabilities.

Fig. 3 .
Fig. 3. Molecular IoNT secrecy capacity variation with channel capacity and eavesdropper detection chance.Randomness is generated via the mobility of nodes and diffusion-advection channels.

Fig. 4 .
Fig. 4. Our Proof-of-Concept: (top) PIV captures the molecular signatures (middle) feature extraction using high-dimensional embedding to create rich signatures, and (bottom) key consolidation between legitimate users Alice and Bob [24].

Fig.
Fig. Example of feature maps that are used in PLS.(top) radio PLS uses features extracted from IQ constellation map or the DCTF [40] to produce a feature set.(bottom) molecular PLS uses features extracted from PIV traces and velocity/vorticity contours [42].

Fig. 6 .
Fig.6.Illustration of sub-metrics that contribute to a high-dimensional feature.(a) gives the local rising edge metric, whilst (b) shows the successive properties that contain the inflexion metric and the energy difference.

Fig. 7 .
Fig. 7. Environment induced complementary DNA strands for molecular information transfer and storage in Internet-of-Nano-Things (IoNT).

Fig. 8 .
Fig. 8.Our novel Proof-of-Concept: internal micro-fluidic channel on chip is used to transfer temperature encoded protein molecules to a nano-pore analyser.The digital signal processing units are there to convert nanopore molecular communication signals into digital signals so we can verify the findings.The subplots are: (a) micro-fluidic chip with (b) encrypted BSA protein molecule signal detection using nanopore sensing presents the potential of environment-based encoding.
CONTRIBUTIONS S.Q. and W.G. developed the idea of the paper.Z.W., Y.H. and W.G. reviewed and tested the key-less and key-based PLS for molecular communications.M.A. and J.C. did the simulation and hardware experiments of protein-based molecular encryption.B.L. and Y.H. provided guidance on different models (concentration and timing) of molecular communications.B.L. provided guidance on numerical optimizations.W.G. and B.L. provided guidance on the problem context and impact pathway.S.Q., Z.W. and W.G. wrote the paper.

TABLE I MOLECULAR
IONT THREAT VECTORS AND REFERENCES: INTERNAL/EXTERNAL ATTACKERS AND USING/TARGETING IONT NODES.A × SIGN INDICATES THERE IS NO SUITABLE SIGNAL PROCESSING RESEARCH IN THIS AREA, AND A ✓ SIGN INDICATES ACTIVE RESEARCH WITH A BRIEF DESCRIPTION AND CITATION -WHICH IS EXPLAINED IN MORE DETAIL IN SECTION II devices to aid robust channel estimation and cipher key generation.Emerging research (reviewed as future work in Section V) also focuses on molecular-level encoding to reduce the risk of spoofing.3) Jamming: jamming or interference of molecular signals with similar or reacting agents remains a highly likely form of attack through both the diet and the environment interaction with bodies

TABLE II PHYSICAL
LAYER SECURITY DIFFERENCES BETWEEN MOLECULAR AND RADIO IOT DEVICES