Deployment and Implementation Aspects of Radio Frequency Fingerprinting in Cybersecurity of Smart Grids

Abstract

Smart grids incorporate diverse power equipment used for energy optimization in intelligent cities. This equipment may use Internet of Things (IoT) devices and services in the future. To ensure stable operation of smart grids, cybersecurity of IoT is paramount. To this end, use of cryptographic security methods is prevalent in existing IoT. Non-cryptographic methods such as radio frequency fingerprinting (RFF) have been on the horizon for a few decades but are limited to academic research or military interest. RFF is a physical layer security feature that leverages hardware impairments in radios of IoT devices for classification and rogue device detection. The article discusses the potential of RFF in wireless communication of IoT devices to augment the cybersecurity of smart grids. The characteristics of a deep learning (DL)-aided RFF system are presented. Subsequently, a deployment framework of RFF for smart grids is presented with implementation and regulatory aspects. The article culminates with a discussion of existing challenges and potential research directions for maturation of RFF.

1. Introduction

Over the past few years, smart cities have experienced substantial growth and expanded their horizon considerably. Notably, recent breakthroughs in IoT have opened exciting avenues, serving as pivotal technological foundations for smart cities [1]. These advancements facilitate the creation and automation of cutting-edge services and sophisticated applications tailored to the diverse needs of urban communities, thus benefiting a wide range of city stakeholders. Figure 1 illustrates key components of a modern smart city.

Complementary to these advancements, smart grids are transformative for smart cities, optimizing energy usage in real time and pre-empting potential problems [2]. Smart grids are an essential national asset for any country, playing a crucial role in modernizing energy infrastructure. Traditional power grids comprise power generation, transformation, transmission, and distribution. Smart grids incorporate diverse power equipment and may incorporate IoT devices that sense humidity, temperature, immersion, vibration, current leakage, and record video data. Pointed IoT equipment may enable implementation of intelligent power systems [3,4,5]. These IoT devices establish wireless device-to-device (D2D) communication at the physical layer [6]. Each network has a gateway for data concentration which constitutes the network layer, and the control station serves the application layer of IoT in smart grids. While smart grids offer immense benefits to smart cities, they also present significant security challenges. A substantial review was conducted by Alsuwian et al. [7] concerning cybersecurity threats in IoT of smart grids. These networks in smart grids operate at the intersection of the physical layer, network layer, and application layer, making them susceptible to cyber threats at multiple levels. Therefore, their security at all levels is paramount. The interconnected nature of smart grids entails that vulnerability at one layer may cascade across the entire system, potentially leading to widespread disruptions.

Security requirements in a wireless network encompass several critical aspects to safeguard the integrity and privacy of data transmission [8]. Authenticity is paramount because unauthorized access is a major security concern, especially in life-critical IoT applications [9]. In existing IoT devices, coprocessors are employed for symmetric key-based encryption such as AES-128 and AES-256 [10]. However, maintenance of these keys is an administrative overhead and must be mitigated through the use of public/private key pairs [11]. Such pairs are mathematically correlated and allow for enhanced data security compared to symmetric cryptography. Nevertheless, generating mathematically complex key pairs using true random number generators is not a possibility on most low resource IoT devices for the time being. It is envisioned that IoT of the future may benefit from the massive potential of quantum cryptography in the post-quantum computing era. High-efficiency quantum digital signature (QDS) protocols are being developed using asymmetric quantum keys [12]. Another novel concept, Internet of Predictable Things (IoPT), could be employed in mitigation of cyberattacks using energy forecasting in smart grids with machine learning (ML) aids to detect anomalous data patterns [13]. These directions possess substance in the improvement of cybersecurity for future IoT.

The authentication challenge extends to confidentiality and integrity compelling drastic measures to limit access to sensitive data, allowing only intended users to view or modify it. Lastly, availability is mandatory for allowing authorized users to reliably access network resources whenever and wherever needed. Physical layer security measures such as the long-range frequency hopping spread spectrum (LR-FHSS) [14] are gaining popularity due to integration in contemporary long-range (LoRa)-based IoT devices. In the event of jamming or interference, frequency hopping at multiple channels can ensure better link availability. These security requirements collectively form the foundation of a robust and reliable wireless network. Wired networks rely on physical cables for node connections, while wireless networks are more vulnerable due to their broadcast nature making them susceptible to eavesdropping, denial-of-service (DoS), spoofing, man-in-the-middle (MITM) attacks, and message falsification. Cryptographic techniques are commonly used to prevent eavesdropping, ensuring identity verification. In IoT, security gaps exist due to reverse engineering threats and challenges in rapidly installing cryptographic protocols on insecure devices. On the other hand, noncryptographic methods, such as device-specific signal pattern analysis, complement traditional cryptography by identifying known devices and detecting rogue ones, offering essential security without modifying the IoT devices.

Radio frequency fingerprinting (RFF), being a noncryptographic method, has been in use for a few decades now. However, its potential as a physical layer security feature in wireless sensor networks of IoT has been gaining popularity recently [15,16]. RFF uses hardware impairments in the radio section of an IoT device for classification. These impairments are unique to each IoT device due to inherent nonlinearities in the manufacturing process of these inexpensive devices. The components of an IoT device are shown in Figure 2. It is imperative to point out that the aim of most studies on RFF has been device authentication at the physical layer—threat elimination at the first line of defense.

To this end, a gap exists in studying RFF deployment in a smart grid use case. This article primarily explores the feasibility of integrating RFF into the existing infrastructure of wireless sensor networks in smart grids. The body of this work investigates the potential of RFF as a physical layer security feature for the said application and presents a deployment framework.

The remainder of the article is structured as follows: Section 2 provides an overview of related research. Section 3 illustrates ingredients of a typical DL-aided RFF system. Security challenges and associated discussions are detailed in Section 4. Smart grids as a use case for RFF deployment is covered in Section 5. The ensuing Section 6 argues the potential challenges and directions for future research. Finally, Section 7 concludes the article.

2. Related Work

The core concept behind RFF involves the extraction of distinct patterns or features from devices and utilizing them as signatures for device classification. Previously, a wide range of features including but not limited to physical (PHY) layer and medium access control (MAC) layer have been employed in RFF. However, some straightforward identifiers like Internet Protocol (IP) addresses, MAC addresses, and international mobile station equipment identity (IMEI) numbers are susceptible to spoofing. Similarly, received signal strength indication (RSSI) and channel state information (CSI) could be affected by mobility and environmental changes. A recent research focus has been the investigation of features that are intrinsic to a specific device, possess stability over time, and are challenging for malicious actors to replicate. The authors’ prior work has contributed to the advancement of RFF while it was still a topic of academic research. However, the focus of this work is the discussion of practical deployment aspects of RFF in real-world applications. The following subsections cover the related work from all the domains associated with this body of work.

2.1. Previous Work

The primary focus of previous work has been the development of cost-effective techniques for extracting RF fingerprints. In this context, a method for modifying transient signals was presented [17]. Emphasizing cost-effectiveness, a modular RF front end for RFF analysis of Bluetooth signals was offered [18]. Given the passive nature of RFF, modular solutions are particularly relevant, enabling a single RFF system to classify multiple IoT devices without any modification. A common use case of classifying Bluetooth radios of cellular devices was addressed in [19]. Firstly, the signal was preprocessed through transient signal decomposition using variational mode decomposition (VMD). Subsequently, a linear support vector machine (LSVM) was employed as a classifier. A comparative study on classifiers, considering varying signal-to-noise ratio (SNR) levels and dataset sizes was organized in [20]. The experimental results yielded excellent classification accuracy even at low SNR values, implying tremendous relevance in real-world scenarios. Adhering to open science principles, a rich dataset to aid the research community in advancing RFF technology was submitted in [21]. The goal was to aid prospective researchers with the inclusion of an acquisition method for gathering Bluetooth signals. Another potential avenue for academic exploration is the application of RFF for localization. Addressing this, [22] presented a discussion on recent advances and challenges surrounding RFF localization in outdoor environments.

2.2. Cybersecurity in Smart Grids

As smart grids emerge to play an integral role in the evolution of smart cities, a rising need to overhaul their cybersecurity is imminent. The threat spectrum of cyberattacks being faced by smart girds is tremendous [23]. Various organizations, such as the National Institute of Standards and Technology (NIST) and the Smart Grid Interoperability Panel (SGiP), are shaping security requirements for smart grids. Authentication and authorization are central to the overall security of smart grids. Per the guidelines for smart grid cybersecurity published by NIST [24], the focus of security has been limited to cryptographic techniques only. A detailed framework for key management and associated operational issues was provided in the referred document. Key management can be improved using physically unclonable functions (PUF). Generation of PUF hinges on the intrinsic uniqueness within the integrated circuit of a device. A key generated by a device employing PUF can only be regenerated by the same device. This characteristic is leveraged by the utility to authenticate data generated by smart meters [25]. With developed countries increasingly embracing smart grids, the security concerns and potential remedies have become a focal point for researchers and industry experts [26]. Ongoing endeavors are directed towards securing the network and application layers of IoT in smart grids. Remarkably, the non-cryptographic security techniques in IoT for smart grids have not been extensively studied. This represents a novel area where RFF may emerge as a promising candidate.

2.3. Historical and Contemporary Use of RFF

The classification of signals using passive radio frequency (RF) receivers enhanced by artificial intelligence has a historical precedent dating back three decades. Initial use of RFF involved the classification of signals from multiple radar sources leveraging their distinct attributes [27]. More recently, RFF has gained popularity in IoT with experiments on wireless devices using frequency, magnitude, phase offsets, and in-phase and quadrate (I/Q) imbalance as differentiating features [28]. Utilizing RFF for device authentication finds its most straightforward application in RFID systems [29]. The cited studies exhibit the relevance of RFF in various legacy and contemporary applications.

2.4. Physical Layer Security in Wireless Communication

There have been substantial studies concerning physical layer security in wireless communication of IoT devices. In the era of ML and DL, physical, network, and application layers of IoT are susceptible to security threats [30]. As adversarial attacks grow more and more complex, security measures on all layers of communication networks are emerging on the horizon. In this regard, classification efforts on cellular phones using their integrated physical components have been conducted [31]. Non-cryptographic methods for user authentication and device identification in static and mobile wireless networks have seen academic interest [32]. Nevertheless, there are advantages, limitations, and implementation challenges associated with these novel methods. A literature review of relevant studies underscore the potential of physical layer security in wireless communication between IoT devices for authentication.

2.5. Machine Learning in RFF

Emitter-specific hardware attributes can be leveraged without the use of machine learning employing expert features in RFF extraction algorithms such as signal phase [33]. However, this approach is over-reliant on the quality of the received signal, which is not practical in actual scenarios as wireless signals undergo drastic changes in amplitude and phase due to channel effects. Conversely, DL-aided RFF has gained popularity due to its ability to detect unique features in datasets. This approach has made the identification and classification problem scalable to cater unseen devices. More precisely, convolutional neural networks (CNN) have exhibited even more accurate results [34]. Automated feature extraction in DL has proven to be a potent solution, surpassing traditional methods employing only the handcrafted features. However, hybrid models have exhibited even better results when a handcrafted feature such as carrier frequency offset (CFO) is used in unison with DL [35]. An examination of reference studies reveals a multitude of prevalent ML, DL, and hybrid methods. The choice of a specific model hinges on the adopted representation of the RF signal, whether it be I/Q, spectrogram, or fast Fourier transform (FFT).

3. Typical DL-Aided RFF System

The two major domains in an RFF system comprise RF and DL. The choice of an SDR architecture for the RF domain is governed by its flexible nature to process raw waveforms and a wide range of operating frequencies. For the DL part, the host processor serves as a platform for training a neural network (NN) on a given dataset followed by classification in the inference stage. The following subsections provide some explanation for the process of RF signal acquisition followed by the rationale for pre-processing before the signal is subject to the training and inference stage.

3.1. RF Signal Acquisition

The first step in RFF comprises the RF signal acquisition. To make the signal fitting for the classification stage, there is a need to pre-process the signal. The collection of signals followed by pre-processing collectively constitutes the signal acquisition process. The requirement for pre-processing stems from the problem statement inherent in the RFF-based device classification. The classical wireless communication model serves a simple mathematical explanation. For the sake of simplicity, the high-frequency carrier component is omitted. Baseband signal at the input of the RFF system, $y\left(t\right)$, can then be given:

$$y\left(t\right)=G\left(h\left(\tau ,t\right)\right)\ast F^K\left(x\left(t\right)\right)+n\left(t\right),$$

(1)

where $x\left(t\right)$ is the theoretical modulated signal. $G\left(·\right)$ denotes the hardware effects of the receiver and $h\left(\tau ,t\right)$ is the impulse response of time dispersive wireless channel with delay $\tau$. $F^K\left(·\right)$ signifies the transmitter specific effect of device under test (DUT), K, $n\left(t\right)$ is the additive white Gaussian noise (AWGN), and $\mathbf{\ast }$ is the convolution operation. The goal of RFF is to extract $F^K\left(·\right)$, unique to each hardware and difficult to clone or tamper. There are, however, some common hurdles in the development of a robust RFF. Firstly, the transmitter specific $F^K\left(·\right)$ is miniscule and overly reliant on the signal quality [33]. One approach could be to artificially create artifacts in the transmitter, but this could hamper communication performance. Moreover, in practical wireless channels, the received signal $y\left(t\right)$ undergoes amplitude and phase dispersion due to channel impulse response $h(\tau ,t)$. Therefore, the NN shown in Figure 3 has the tendency to make inaccurate predictions, since $h(\tau ,t)$ is not predictable and may vary significantly between training and inference. As already highlighted, DL-aided RFF systems have shown performance improvement; however, DL relies on the assumption that the data points follow an independent and identical distribution (i.i.d). In other words, statistical parameters, such as mean and variance, must remain consistent across the entire dataset. The varying impulse response of a time-dispersive channel could therefore be a cause for a DL model to generalize poorly on unseen data. In dynamic scenarios, the variance of $h(\tau ,t)$ is an even bigger challenge. In addition to the channel variance, the relative motion between the communicating nodes induces Doppler shift given by the following expression:

$${\Delta f=f}_c\frac{c}{v}\mathit{cos}\left(\theta \right),$$

(2)

where $∆f$ is the Doppler shift in the carrier frequency $f_c$ due to relative motion between the communicating nodes having a relative velocity $v$ at an angle $\theta$, and $c$ is the speed of light. The effect of Doppler shift causes signal degradation, which in turn affects the classification performance. CFO is another challenge that is prevalent in inexpensive radios; by virtue, low-cost crystal oscillators have accuracies in the excess of multiple tens of parts per million (PPM). Amidst these challenges, there is a burgeoning requirement to pre-process the signal before it is stacked in a dataset to train the NN. Pre-processing comprises signal conditioning, as employed in any legacy radio receiver, for accurate symbol detection. The most important aspect of pre-processing is to mitigate the channel effects, since it is the most unpredictable variable in the entire process. Various mitigation methods are prevalent in the literature, such as the channel-independent spectrogram for narrowband communication channels that experience very little change in a short time interval [36]. Another direction is data augmentation where a channel simulator may aid in training the NN on simulated channel conditions. This approach can minimize the channel effects since a NN trained on a dataset containing diverse channel conditions shall generalize much better in the inference stage. Nonetheless, rationale for the requirement of channel equalization is clear and justified. Detailed discussion of the implementation of channel equalizers is beyond the scope of this work. More importantly, it must be realized that synchronization is a mandatory step for channel equalization. Among other issues, the effect of the receiver $G\left(·\right)$ must not alter the classification performance. A practically deployable RFF system must be agnostic to the effects of the receiver. A NN trained on one RFF system must be able to perform equally well on the other if there is a need to replace it in the event of failure. Lastly, normalization of the received signal is performed to bar the NN from using signal strength as a feature for training.

3.2. Deep Learning

Figure 3 illustrates the working of a modern RFF system as a two-stage process, training and inference. As evident, training comprises receiving samples from $N$ unique devices and an RF signal is received from device K in the inference stage to differentiate between a legitimate and rogue transmitter on a per packet basis. The mathematical model for the classification problem ensues. Let $D^{train}$, a training dataset from $N$ devices be given by

$$D^{train}={\left\{\left(y_m{,P}_m\right)\right\}}_{m=1}^{M_{train}},$$

(3)

where $y_m$ is the mth training sample and $P_m$ is the respective output of the one-hot encoding function $O$($·$) for the mth DUT label, given by

$$P_m=O\left(l_m\right),$$

(4)

where $l_m$ is the ground truth DUT label of the mth training sample. If $M_{train}$ is the total number of training samples in a neural network $f\left(y;\Theta \right)$, parameters $\Theta$ can be optimized using $D^{train}$ by the following expression:

$$\Theta =\underset{\Theta }{argmin}\frac{1}{M_{train}}{\sum }_{(y,p){\in D}^{train}}{L}_{ce}(f\left(y;\Theta \right),p),$$

(5)

where $L_{ce}$(·) is the cross-entropy loss. In the inference stage, the receiver captures a signal y′ and feeds it into the well-trained neural network $f\left(y;\Theta \right)$ for prediction. A probability vector $\widehat{\mathit{p}}$ is obtained in the inference stage as

$$\widehat{p}=f\left(y^{\prime };\Theta \right),$$

(6)

where $\widehat{p}$ = {$\widehat{p}$₁, …, $\widehat{p}$_k, …, $\widehat{p}$_N} is a probability vector over all the $N$ DUTs, and $\widehat{p}$_K is the estimated probability for the $K\mathrm{t}\mathrm{h}$ DUT. The predicted device label $\widehat{l}$ is derived by simply selecting the index of the element with the highest probability as defined below.

$$\widehat{l}=\underset{k}{\mathrm{a}\mathrm{r}\mathrm{g}\mathrm{m}\mathrm{a}\mathrm{x}}\left(\widehat{p}\right).$$

(7)

The model outlined above serves as the foundation for device classification, utilizing labels derived from a predefined dataset. To declare an unknown device as rogue, each element from the set $\widehat{p}$ must exhibit a probability value below a predetermined threshold. This criterion designates a device as absent from the roster of legitimate devices, thereby classifying it as rogue. This ability of the NN to identify unseen devices adds scalability to the system and makes the classification step an open-set problem.

To summarize, a typical DL-aided RFF system must have a common set of attributes. The scope of this article is to present a practically deployable RFF system. Therefore, based on state-of-the-art and literature reviews of relevant dissertations [37,38] and an elaborate survey [39], essential features of a practical DL-aided RFF system are listed:

• Synchronization.
• CFO Compensation.
• Doppler Compensation.
• Normalization.
• Channel Equalization.
• Receiver Agnostic.
• Scalability.

4. IoT in Smart Grids

The US Department of Energy defines smart grids as modernized electrical grids that leverage advanced technology to enhance the efficiency, reliability, and sustainability of electricity generation, distribution, and consumption [40]. They incorporate various power generation sources, including customer-generated energy, solar, wind, and more. Understanding the role of IoT in smart grids and the security challenges it presents is crucial before delving into discussions about the necessity to bolster cybersecurity.

4.1. D2D Wireless Communication in Smart Grids

The effectiveness of smart grids is rooted in their ability to anticipate fluctuations in energy supply, optimize grid operations, and promptly respond to changes in demand and power failures. This capability not only strengthens grid stability but also contributes to the reduction in energy wastage, enhancing overall sustainability [41]. Central to the realization of this concept is D2D wireless communication between IoT devices at the control center, the power station, and consumers. Figure 4 shows the evolution of power grids. The dotted lines mark the communication network, which is crucial in achieving the functionality of smart grids.

4.2. Security Challenges in Wireless Communication

In wired networks, nodes are physically linked by cables. Conversely, wireless networks face heightened vulnerability due to their broadcast nature. They are susceptible to various malicious attacks, such as eavesdropping [42], denial-of-service (DoS) [43], spoofing [44], man-in-the-middle (MITM) [45], message falsification/injection [46], etc. To ensure confidentiality and authentication, existing systems commonly use cryptographic techniques to prevent eavesdropping and unauthorized access to networks [47,48].

Conventional cryptography ensures identity verification using techniques like message authentication codes, digital signatures, and challenge-response sessions [49]. However, in widely distributed IoT, security gaps persist due to reverse engineering threats [50], impracticality of rapid cryptographic protocol installation in insecure devices [51], and inefficacy against hijacked devices.

In a post-quantum computing era, the above cited challenges could be overcome using quantum cryptography. For instance, quantum light could be used to generate inherently unforgeable quantum cryptograms [52]. These cryptograms have exhibited the potential to be used in practical applications with near-term technology. Future IoT may benefit tremendously at the application layer as a solution to vulnerabilities present in symmetric cryptographic schemes. Non-cryptographic methods, such as device-specific signal pattern analysis, supplement traditional cryptography by identifying known devices and detecting rogue ones [53]. These approaches are crucial for enhancement of cybersecurity in IoT, without requiring major system modifications [54].

4.3. Cybersecurity in Smart Grids

The layered architecture in IoT of smart grids is illustrated in Figure 5 [55]. At the physical layer, data from sensors, actuators, and smart meters are collected at the gateways. At the network layer, data from multiple gateways are concentrated and relayed to the application layer operating on servers in the control center using legacy communication methods. The goal of cybersecurity in IoT is to ensure protection at every layer; the same is applicable in smart grids as well. A closer look at the threat spectrum being faced by smart grids underscores the importance of device authentication [56,57], although physical layer intrusion detection systems have the capacity to perform device authentication at the first stage of defense in wireless networks [58]. But, to this end, there has not been a study on the implementation of physical layer security measures in wireless communication between IoT devices of smart grids for authentication. To fill this gap, RFF emerges as a potential solution and this article builds the case for discussion on the associated deployment aspects in smart grids.

5. Deployment of RFF in Smart Grids

The aim of this article is to conduct a feasibility study and discuss practical deployment consideration apropos of the use of RFF in smart grids. Existing IoT frameworks have been considered for seamless integration of RFF with minimal changes. The core idea is to present RFF as an addition to existing IoT infrastructure instead of reinventing the wheel. The following sub-sections provide considerations and requirements for deployment of RFF in smart grids.

5.1. Network Considerations

In line with the aim of this article, performance metrics of existing IoT serve as a good starting point. Coverage and energy efficiency are important metrics for choosing a network topology [59]. Furthermore, data rate, range, application layer security, and localization are important factors for selecting a particular low-power wide-area network (LPWAN) [60]. From a practical standpoint, cost and scalability hold particular significance [61]. In the UK, smart meters communicate via cellular networks, utilizing 2G or 3G waveforms [62]. However, the use of a long-range wide-area network (LoRaWAN), a star-of-star network topology, in advanced metering infrastructure has been reported as well [63,64]. Given the novelty of RFF and the consideration of performance metrics including cost, energy efficiency, network topology, and communication range, LPWAN is a suitable candidate for the deployment of RFF.

5.2. Security Considerations

Cybersecurity experts have expressed concerns, revealing that 70% of IoT devices are vulnerable to cyberattacks [65]. The wireless sensor network of IoT exhibits vulnerabilities across various layers, and cyberattacks can manifest at different stages [66]. Likewise, LPWAN is not exempt from cyber threats [67]. Wireless sensor networks in smart grids comprise IoT devices equipped with temperature, humidity, light, and wind sensors. The threat from rogue IoT devices to generate falsified data is a significant concern. For instance, exaggerated sensor readings from a smart meter could lead to an unwarranted stimulus from the control station. The limitations of existing security schemes have been discussed in the introduction section of this article. Considering the vulnerability of higher layers to attacks, a novel approach is to secure the physical layer of D2D wireless communication across the network. It is proposed that this extra layer of security should always be in the loop for all end-to-end data transactions between IoT devices in the network.

5.3. Proposed RFF Framework

A key facet of smart grid infrastructure is the real-time estimation of household loads [40,41]. This requirement can be effectively addressed by smart energy meters transmitting data wirelessly at regular intervals. However, this simple task becomes challenging from a cybersecurity perspective in the presence of rogue devices. This scenario is accurately addressed in the physical layer security framework of RFF, as depicted in Figure 6. The proposed configuration ensures that all data transmission from the sensors must pass through the physical security barrier of the RFF system before reaching the control station. The star-of-stars network topology ensures that all the sensors first concentrate their data at their respective gateways. Hosted on the IoT gateways, RFF serves as a filter to allow readings from only legitimate sources while filtering the rogue ones on a per packet basis. Since these gateways can send and receive wireless data, they can filter data from rogue gateways as well.

It is worth mentioning that within a mini star network, multiple gateways could be employed for time-based direction of arrival estimation. This can be extremely helpful in the localization of a rogue device followed by necessary remediation. The IoT devices equipped with sensors communicate unidirectionally with their respective IoT gateways. However, to cater for dynamic load requirements, the control station may issue commands to renewable energy plants, directing them to release stored energy into the system or increase power generation. This requires bidirectional communication in line with the fundamental characteristics of a smart grid [40,41]. This bidirectional communication offers a significant challenge for deployment of RFF in existing low-resource IoT devices, which is discussed in Section 6.

5.4. Performance Considerations

Before a technology is deemed suitable for practical deployment, it is important to estimate its performance considering real-world conditions. The aim of presenting a typical DL-aided RFF system in Section 3 was to highlight the hurdles in achieving the desired outcome. The key performance indicator (KPI) of an RFF system is its classification accuracy. There has not been a study on the estimation of this KPI in a smart grid use case. However, the authors’ previous work in [19] covered the performance comparison of various ML-aided classifiers with different SNR values of the received signal.

Table 1. Comparison of classifiers with various levels of SNR [19].

Classifier	SNR (dB)
	(8–10)	(12–15)	(18–23)
L-SVM	79.3%	82.1%	90.5%
Complex Tree	66.8%	68.8%	85.4%
LDA	76.6%	77.8%	83.6%

summarizes the experimental results from that study. The results show decent performance even in low SNR conditions. Given that the IoT devices in wireless sensor networks of smart grids are deployed in a static setting, empirical propagation measurements in urban environments may serve as a good reference for RSSI estimation [68]. Figure 7 provides a path loss curve in decibels (dB) against the distance between communicating nodes. Using the locations of smart meters, sensors, and IoT gateways, the expected RSSI could be estimated at the RFF receiver.

Subsequently, the resultant SNR could be used to estimate the classification accuracy using Table 1. It is pointed out that the scope of this study is not limited to a specific smart grid. It is expected that through careful decision making in the selection of appropriate classifier and signal attributes, decent classification accuracy can be achieved, even with low SNR. The classification accuracies of various signal representations for as many as 60 unique LoRa devices are given in

Table 2. Classification accuracy of different models with required training time [37].

Signal Representation	DL Model	Accuracy			Number of Parameters	Training Time (minutes)
		w/o CFO Comp.	w/o CFO Comp.	Hybrid
I/Q samples	MLP	54.08%	55.73%	78.26%	19,018,009	25
	CNN	64.10%	92.26%	98.11%	4,361,545	75
	LSTM	61.16%	89.54%	95.14%	4,267,289	70
FFT results	MLP	55.44%	94.48%	96.17%	19,018,009	25
	CNN	61.14%	82.10%	85.58%	4,361,545	75
	LSTM	49.20%	58.26%	82.81%	4,267,289	69
Spectrogram	MLP	88.60%	91.82%	95.95%	8,821,017	22
	CNN	83.53%	95.35%	96.40%	1,545,193	20
	LSTM	68.16%	89.50%	98.04%	3,427,609	80

. It may be noted that there is another important aspect in gauging the performance of an RFF system: the time required for training. It is only reasonable to assume that installation, repair, and maintenance of IoT devices in smart grids is likely to be conducted by electric supply companies. Hence, this one-time training activity, even in a practical deployment scenario, may be tolerable given the extraordinary classification performance achieved as a trade-off. Therefore, for a smart grid use case, training time may not be treated as a KPI. Referring to the star network topology outlined in Section 5.3, each wireless sensor network incorporates an IoT gateway. These gateways have been proposed as an optimal site for RFF, ensuring comprehensive access to all IoT devices within the network for accurate classification. Considering the performance metrics across a large set of devices, the findings from referred studies can be reasonably extrapolated as a valuable reference for the smart grid.

5.5. Implementation Aspects

The RFF for smart grids emerges as a highly feasible solution for deployment, primarily owing to its cost-effectiveness and seamless integration capabilities within existing systems. Positioned at the intersection of two prominent domains, RF and ML, RFF may seem intricate from a technical perspective, but from the user’s perspective, it can be offered as a plug-and-play solution, hence, simplifying its adoption into existing IoT. Smart grids, being a critical infrastructure from an operation standpoint, can benefit from the passive nature of RFF systems during training as well as inference stages. This can be helpful in ensuring uninterrupted functionality of the smart grids during the deployment process. RFF systems do not necessitate integration into every IoT device. Instead, they can be intelligently deployed only into IoT gateways and leverage the available processing prowess. Moreover, power efficiency poses no significant challenge since RFF systems operate in passive mode, necessitating no significant power requirement. Considering RFF is deployed as a technology, the hardware infrastructure overhead is minimal. In the features of a typical DL-aided RFF system, the ability to be receiver agnostic was discussed as a desirable feature. It would be a highly recommended feature in the event of a device failure, allowing hot replacement but not necessitating training the NN again. Lastly, an RFF system for smart grids was proposed as an open-set solution. This signifies that once the NN is trained on all legitimate IoT devices, any number of rogue devices could be detected [38]. This scalability further adds to the practicality of RFF. Overall, cost effectiveness, power efficiency, low deployment overhead, and scalability make RFF an appropriate practical choice. It is noteworthy that mobility-induced challenges such as antenna cross-polarization loss and Doppler shift may not pose significant hurdles within the context. This assertion is based on the observation that RFF gateways and IoT sensors predominantly exhibit static characteristics in the said application. These elements further simplify the implementation process.

5.6. Regulatory Requirements

The adherence to regulatory standards for RF-based systems stands as a crucial concern. Every country delineates unique requirements governing the utilization of frequency bands. Moreover, there is a limit on maximum permissible power levels for RF transmission. However, RFF, being a passive technology, poses no challenges in this regard. Since the addition of RFF has been proposed for existing LPWAN, the use of industrial, scientific, and medical (ISM) bands for operation is possible. The use of LPWAN in unlicensed bands is a viable direction for smart cities [53]. Having no additional regulatory compliance contributes to the overall feasibility and cost-effectiveness [54] of implementing RFF technology in wireless sensor networks of smart grids. However, the SDR of an RFF system may require EMC certification [69] subject to user needs.

6. Challenges and Future Directions

Being a novel technology and an unprecedented use case in smart grids, RFF entails challenges as well as significant potential for growth in the future. The aim of this section is to underscore the existing challenges and their potential solutions that can significantly advance the deployment of RFF in real-world applications. Additionally, prospective research directions aimed at the maturation of RFF as a technology are deliberated.

6.1. Challenges

RFF for wireless sensor networks of smart grids faces a multifaceted set of challenges. To start, long-term deviation in hardware impairments remains a largely uncharted territory. There has not been a study on long-term operational performance of RFF in IoT. Additionally, bidirectional communication security remains a notable challenge, particularly in scenarios where IoT devices are deployed as receivers. Due to limited resources available on these devices, identification of rogue gateways using RFF is not possible at the present. Addressing these multifarious challenges constitutes a burgeoning area of academic research. The longevity and robustness of RFF technology in the evolving landscape of wireless sensor networks of smart grids needs to be closely monitored in the years to come. Moreover, the emergence of deep generative attackers employing generative adversarial networks is a growing apprehension. These attackers pose a significant threat to device identification even at the physical layer. By leveraging these models, malicious entities can effectively train highly realistic signal or data packet generators capable of mimicking the signal characteristics of legitimate devices. This threat can overcome the ability of RFF systems to identify rogue devices as the success rate of spoofing attacks may increase from less than 10% to approximately 80% [70]. Another significant challenge lies in the availability of abundant datasets for conducting research and experimentation. Addressing these challenges can further add to the potential of RFF as a practical solution for the enhancement of cybersecurity in smart grids.

6.2. Future Research

Research efforts in the realm of RFF are required for channel estimation and equalization. This area holds immense potential for enhancing the reliability and performance of RFF systems in practical scenarios. Specifically, researchers can focus on developing advanced channel estimation techniques that effectively counteract signal distortion caused by time-dispersive channels. However, long training sequences (LTS) can be used to achieve high classification accuracy in 802.11 devices even if the training samples are collected from diverse locations [71]. This research direction has massive potential to benefit LPWAN as well. Simultaneously, the design of a receiver chain that minimizes the combined impact of the channel and receiver components is of paramount importance. Such research efforts can aid in the collection of I/Q datasets that closely resemble the originally transmitted signals, thereby bolstering the overall resilience and classification accuracy of RFF in real-world deployment scenarios. There is another issue in scenarios where IoT devices may be spoofed from a rogue RFF gateway, mimicking its hardware attributes. Such threats may be mitigated using multiple input multiple output (MIMO) receivers. Such localization methods can aid in estimating the difference between the expected and actual position of an IoT device. This additional check can be very useful, especially in smart grids, since the devices in the network are static. But these research directions remain unexplored to this end. Moreover, as already cited in the previous section, there is a pressing need for the collection and publication of open-source datasets. The creation of such datasets will not only facilitate a deeper understanding of RFF as a technology but also empower researchers to develop and validate new algorithms and models effectively. A few datasets have been published in [21,72], but this trend is limited. By fostering an environment of open data sharing and collaboration, the research community can collaborate in improving RFF as a technology for practical deployment in real-word scenarios.

7. Conclusions

The article argues for the potential of RFF as a physical layer security feature for wireless communication between IoT devices of smart grids. It underscores the importance of smart grids and identifies associated cybersecurity threats. It offers RFF as a complementary addition to contemporary cryptographic methods in existing IoT. Characteristics of a typical DL-aided RFF system were presented and the rationale behind design choices was highlighted. Previous work and the reference literature were reviewed as a substantial starting point. Cybersecurity aspects, network architecture, regulatory considerations, and implementation aspects of RFF for smart grids were deliberated. The article culminates with a discussion on the existing limitations and future research directions to improve RFF as a technology and its utilization as a long-term solution for smart grids.