Network authentication by close-loop synchronized chaotic lasers

We numerically study a new hardware method for network authentication, using a pair of chaotic lasers subject to the same optical injection from a third chaotic laser, in a close-loop configuration. One laser is in the secure environment, the other is in the unsecure environment, and if their parameters are matched (i.e., they are ‘twins’), in suitable operating conditions they synchronize and generate the same pseudo-random amplitude modulation. Access to the secure environment is authorized only if the two responses are found equal. As in other schemes based on Physical Unclonable Functions (PUFs), security relies on unavoidable small differences between nominally identical but physically separate devices: due to the strong sensitivity of chaos to laser parameter dispersion, finding a suitable laser to synchronize is a very difficult task for the Adversary, while the laser of the Authorized user can be selected as a twin of the one in the secure environment.


Introduction
Challenge-response authentication schemes based on Physical Unclonable Functions (PUFs) have been proposed and are being actively investigated as an alternative to standard authentication protocols, especially for the Internet of Things (IoT) applications (Shamsoshoara 2020, Velasquez 2018, Suh 2007, Babaei 2019, Idriss 2016, Mall 2022, Najafi 2009, Gao 2022, Zang 2014. With PUFs, authentication is based on secrets, which are produced in the unsecure environment from complex physical characteristics of integrated circuits or other electronic devices, and which are the response to a specific stimulus (challenge) sent from the secure environment. The main advantage of these methods is that they provide a good security level, without requiring neither to store the key in the unsecure environment A preliminary numerical evaluation on the validity of this approach could open the route to a new PUF based authentication method, which could then be investigated in detail both theoretically and experimentally. This is the goal of our contribution.

The authentication scheme
In Fig. 1 we show the proposed scheme of challenge-response authentication with chaotic lasers.
The driver laser DRV is routed to chaos by delayed optical feedback, provided by an external mirror M, and injects (this is the challenge) two Slave lasers: SL1, in the secure environment, and SL2 in the unsecure environment. Slave lasers also work in the chaotic regime, due to delayed optical feedback produced by local mirrors (M). If SL1, SL2 are twins, in suitable operating conditions they synchronize, i.e., they produce the same chaotic modulation. A bit sequence can be easily obtained from the chaotic waveform by photodetection and electronic processing. The response in the unsecure environment is the bit stream produced by Slave SL2. The reference response in the secure environment is the bit stream generated by SL1. Only if the responses match (as detected by the EXOR block), authorization is granted.
As usual with PUFs, a small number of errors in the response bit sequence must be tolerated, because synchronization is never perfect in practice. A threshold is to be defined, to offer a probability of success of (or next to) 100% to the Authorized user, while keeping the probability of success of the Adversary as low as possible.
This can really be obtained, in practice, not only because the Authorized user can own a SL2 laser which is twin to SL1, while getting a matched laser is a very difficult task for the Adversary; moreover, the Authorized user can train his system, by optimizing pump current and optical injection to minimize errors, before using it in the field (Annovazzi-Lodi 2022). This is not possible for the Adversary, who can only sweep his parameters, trying many different lasers and working points. As already observed, the responses need not to be stored, not even in the secure environment, but they are produced on the fly, which improves security.

Numerical model
The well-known Lang-Kobayashi model (Lang 1980) is used to describe the lasers. The set of equations for the driver and the two slave lasers of the setup of Fig. 1 is the same used for the three-laser chaos-protected transmission (Annovazzi-Lodi 2011), without, however, including a message. The different devices are described by varying index J in Eqs. 1-3: For J = D, we have the equations describing the DRV dynamics, while for J = 1 and J = 2 we have the equations describing the SL1 and SL2 dynamics, respectively. Coefficient Δ D,J is zero for J = D, otherwise it is Δ D,J = 1.
In these equations, E J (t) is the slowly varying, complex electric field, N J (t) the carrier density, G J (t) the linear gain coefficient, the pump current, e the electron charge and K J , τ are the feedback parameter and the time of flight to the external mirrors. For J = T,R the terms K D,J /τ in and T D,J represent the injection rate and the propagation time from the driver into transmitter and receiver, respectively. For simplicity, in the simulations we have taken T D,T = T D,R = 0. Other parameters are defined in Table 1.
The Langevin noise terms L Ej(t) L EJ(t) and L Nj(t) (Ju 2004), are given by: The terms e , and n are time series with zero-mean, unit-variance Gaussian distribution, and Δt is the time resolution in the modeling of white noise.
It is worth noting that the equation set 1-3 differs from that of the open-loop scheme (Annovazzi-Lodi 2022) for the inclusion of a term describing the reflection from each laser mirror in the equations for the electric fields (second term in Eq. 1).
As usual, the electric fields are normalized in (m −3/2 ). The true value of each electric field (in [V/m]) is given by: where ℏ is the Planck's constant, Z 0 = (1/ε 0 c) the vacuum impedance, ε 0 the vacuum permittivity and c the speed of light. The photodetected currents of PD1, PD2 are obtained by computing In the next Section, we report the numerical results obtained with this model. In all simulations, in addition to the Langevin noise, the photodetector noise has been taken into account. This has been done by assuming Johnson noise and shot noise as white Gaussian processes of variance 4K B TB/R and 2e < I > B, respectively, where K B is the Boltzmann constant, T is the absolute temperature (T = 300 K), R is the load resistance (R = 50 Ω) and < I > is the mean detected current. For the simulations, time samples for each noise source have been obtained by a standard numerical routine.
In our previous paper (Annovazzi-Lodi 2022) the proposed authentication method was evaluated in the open loop (Kj = 0 for both SLs). The parameters of DRV and SL1,2, and the working point, were optimized to obtain a robust synchronization. Then, the main internal parameters, i.e., the linewidth enhancement factor α, the carrier lifetime τs, the photon lifetime τp, the gain coefficient had been swept in numerical simulations from 1 to 10%, to test different levels of mismatch of SL2 with respect to SL1. For each combination of the internal parameters, the external parameters of the lasers, i.e., the supply current and the injection from the DRV, were also varied, on more that 16 million combinations.
In the present analysis, two more parameters have been added to describe the close loop, i.e., the reflectivity Kj of the mirrors in front of each slave laser, and the time of flight τ from each mirror to its laser. Figure 2 shows the chaotic waveforms generated by the DRV, Photodiode responsivity = 1.0 A W −1 SL1 and SL2 in a typical close loop simulation. The time series generated by the SLs are identical since the lasers are twins in this case. The time series generated by the DRV is significatively different, since this laser has been intentionally selected to be unmatched with respect to SL1,2. This is required to prevent the Adversary from recovering the bit stream directly from processing the DRV emission. For the Authorized user, who can select the laser, we have assumed a parameter mismatch of 2%, while for the Adversary the assumed mismatch was from 3 to 10%. For each internal parameter combination, the external parameters of the lasers have been also varied, as for the open loop. For the Authorized user, who can train his system, the error number was minimized by properly selecting the external parameters, while, for the Adversary, these parameters were simply swept, and all combinations were added to the statistics.
In principle, all the parameters of the close loop should be swept in the numerical analysis, getting a total number of more than 56 million combinations for each single percentage of mismatch. Due to the large number of combinations, we have begun by assuming, as a reasonable starting point, a 2% mismatch for the Authorized user, and a 5% for the Adversary, as often done with chaos-protected transmission. For these two values, all parameter combinations have been tested. For the other cases, to reduce the machine time, we have first considered the results obtained with constant nominal values for the two new parameters. From them, we have selected the combinations giving the least number of errors, and only for these lasers we have swept the two new parameters, for approximately 7 million combinations per laser. In this way, we have been able to get the results for a mismatch of 3, 4, 7 and 10% in a relatively short time.
For 2% (Authorized) and 5% (Adversary) the number of detected errors is reported in Table 2, for a 128-bit sequence (2 ns bit time) obtained from the chaotic waveforms with a low-pass filter followed by a comparator to obtain a two-level signal (where the time of each level over the full sequence is approximately the same), which is then sampled by a clock. In Fig. 3 the reference response SL1, in the secure environment, is shown  together with those of the Authorized user (SL2, in optimized condition), and of the Adversary (SL2, typical case).
The results for the open loop (Annovazzi-Lodi 2022) are also shown in Table 2, for comparison.
From Table 2, we would like to point out the difference in the performance of the Authorized user vs. the Adversary, which is large for both the open and the close loop. Even if for the Adversary the minimum error number is low, because sweeping parameters occasionally results in a well performing device, this event is very unlikely (Fig. 4). The mean error number is very small, instead, for the Authorized user.
Finally, we have calculated (Table 3) the authentication success rate, for different levels of mismatch.
As already observed, this implies to define a maximum acceptable error number. From Table 2, for 2% mismatch at least 7 errors should be tolerated, in order to obtain a success rate of 100%, for the Authorized user with the close loop. Even if we select a threshold of 9 errors, to get some margin, the success rate of the Adversary with 5% mismatch is only 0.0004%. In comparison, the open loop (Annovazzi-Lodi 2022) performs, with the same mismatch levels and a 6-error threshold, an authentication success of 0.004% (i.e., ten times lower) for the Adversary, while it is 100% for the Authorized user.
Similar results have been obtained with different mismatch levels for the Adversary, which are also shown in Table 3.
From these outcomes, we conclude that the proposed scheme is well performing in both versions, and thus it represents a new promising method of network authentication. Moreover, based on the new available data, the close loop is found to offer a significative improvement vs. the open loop. Thus, the close loop scheme should be considered for applications where the security improvement it offers overcompensates the increased complexity of the setup.
Following the numerical analysis, next step will be the experimental evaluation of the authentication scheme. We are confident that both versions can be successfully implemented, based on the experiments already performed on similar setups in chaos-secured transmission (Donati 2002, Larger 2004, Annovazzi-Lodi 2011. In these papers stable synchronization is demonstrated and since the time series of chaos are matched (they can be subtracted almost to zero), we expect that also bit sequences obtained from them should be equal, but for a small percentage of occurrences. As in (Syvridis 2009) a suitable photonic integration technology could be considered to produce a conveniently compact and stable system.
About the statistical properties of the authentication key obtained by our method, the digital sequence should reflect the characteristics of chaos, i.e., it should be pseudo-random. However, the exact statistics is expected to depend on the source characteristics and working point, as well as on the electronic processing (Li 2019, 2022, Aromataris and Annovazzi-Lodi 2012, and thus it should be evaluated in a real implementation.

Conclusions
In this paper we have proposed an authentication method based on twin chaotic lasers, synchronized by the common optical injection from a third chaotic laser. Our numerical analysis demonstrates the good performance of both the open and the close loop version of our scheme. However, the results for the close loop, where both lasers are chaotic even before injection, are far better than for the open loop, in spite of a somewhat more complex