Connectivity in the era of the (I)IoT: about security, features and limiting factors of reconfigurable intelligent surfaces

What are the key drivers of the (Industrial) Internet of Things ((I)IoT)? Alongside the interconnection of the various devices, sensors, and actuators, it is above all the data collected and transmitted that is of particular significance, the (I)IoT itself is the source and recipient of various types of data. Within this, there are two main aspects that need to be considered: (i) the transmission of data with appropriate latency and reliability requirements, and (ii) the safeguarding of this data. Both requirements are taken into account during the development of the Sixth Generation (6G) Wireless Systems. This is conceived to deliver higher data rates, reduced cost deployment, and enhanced reliability while providing universal connectivity. Hence, to assist such a vast network domain, (new) 6G-enabling technologies are developed, which include Reconfigurable Intelligent Surfaces (RISs), that are capable of modifying and reconfiguring the wireless propagation channels. This work describes concepts on how security, in particular Physical Layer Security (PhySec) methods, can be supported by RISs. Furthermore, an effective impedance surface model is presented, allowing efficient simulation of beamsplitting and shaping properties of RISs. Finally, the applicability of the use cases is mentioned, with a particular focus on Visible Light Communication (VLC).


Next generation wireless systems
Wireless systems have already been a transformative impact on the way of interacting and communicating and how information and data is exchanged.Thereby, the transformation is accelerated by technological drivers such as Artificial Intelligence (AI) and the massive switch to automation and deployment of intelligent wireless communication.
In this ongoing process emerging requirements for high data rates, Quality of Service (QoS), ultra-low latency and ultra-high reliability arise to enable scenarios such as digital twins, connected robotics, high-fidelity holographic projections and the Industrial Internet of Things (IIoT) [1,2].Especially in the sector of Internet of Things (IoT), Wireless Sensor

Introduction to RIS
Reconfigurable Intelligent Surface, designated as flat-surfaced, can reconfigure their properties so that an incoming beam can be reflected in a given spatial angle.There are several approaches how to create a fitting surface, but in general, they are classified into antenna-array based [9] and meta-surface based structures [1].In this work, a method for meta-surface based systems is provided, whereby this structure is used to simulate and highlight the different security aspects.In contrast to a metallic surface, a RIS has to consist of many small elements which can reconfigure the local phase with a high resolution.By changing the impedance of these elements, the surface phase profile is tuned.In contrast to an antenna-array based system, the surface properties of a meta-material based structure change due to physical and mechanical changes in the elements.
With first developed structures, it is possible to tune the phase about 180 • by applying a certain voltage onto an ele- ment [10].
The basic architecture of a meta-surface RIS is illustrated in Fig. 1, a meta-surface is a two-dimensional structure with unit cells of subwavelength size and distance considering the wavelength of the incident electromagnetic waves.The unit cell dimensions a are typically in the range of a ≤ 4 .For the example of Fig. 1, each unit cell consists of a metallic patch and a Direct Current (DC) bias network, loaded with a Positive Intrinsic Negative (PIN) diode.Within each unit cell, the PIN diode can be switched between the conducting and insulating state by application of a DC voltage (the DC line is not depicted in Fig. 1).As a result, linearly polarized incident electromagnetic waves are reflected with a phase shift of 180 • from biased unit cells, whereas they experience zero phase shift when reflected from an unbiased one.By voltage control of the spatial phase shift pattern, the beam direction and shape of the reflected wave can be deliberately manipulated [11,12].A more detailed theoretical description of beam forming via phase shift tailoring can be found in [13].

Conceivable applications and use-cases for RISs
RIS-enabled technologies provide the potential to investigate various applications with respect to enhancing signal coverage, maximization of signal-to-noise ratio, optimizing beam splitting/forming, massive MIMO systems, Terahertz, as well as VLC [14].Recently, they gained much attention in the research of IoT devices that provide the benefit of shortrange communication with the required parameters of optimizing latency, energy, and performance, which can be further enhanced with RIS systems.The PhySec of the IoT networks are exposed to the broad surface of attacks such as jamming, tampering, eavesdropping, and man-in-the-middle attacks.
In addition to the mentioned application areas, RISs are a promising technology for cellular networks, B5G.In the cover of optical communication and indoor communication, the use of RIS could solve the indispensable problems that will appear through the use of high frequencies, which can be blocked easily.It can be used to cover shadowed areas for future smart cities and solve reliability problems that are necessary for unmanned systems or autonomous vehicles.Also, it could deliver the needed power and security for future IIoT devices and networks.
To understand the effect of transmitted power performance of RIS, an experimental setup, as shown in Fig. 2, is constructed in a simulated environment based on the reference simulations provided by [15].A 3GPP Urban Micro (UMi) model from [16] is used, which operates with a carrier frequency of 3 GHz.The channel antenna gains for the source and RIS is 5 dBm, while destination is assigned with 0 dBm.The RIS operates with 256 elements with a reflection coefficient of 1.A wave signal-use-case in a rectangle of 25 m to 100 m is used to calculate the required transmit power shown in Fig. 3 to achieve a bit rate of 2 bit/s/Hz.The unique color of the plots indicates the transmitted power of the system.As described in Sect.2, a RIS is a device capable of controlling the shape of an electromagnetic wave after being reflected at its surface.This ability is used for example to split the incoming wave into multiple beams, that are targeted towards several devices.For this task, it is imperative to know the correlation between the phase shift pattern of the RIS and the far field of the reflected radiation.In the past, this correlation was already calculated analytically [17].This approach, however, comes with several disadvantages.First, it is not possible to take boundary effects into account and the quality of the approximation depends on the size of the unit cells.Second, the model can only accurately describe the far field of the reflected radiation, while the characterization of a RIS is often performed in the near field.For a more detailed analysis of the RIS' effect on an incoming electromagnetic wave, full wave simulations are performed using the software CST Microwave Studio [18].Yet, these simulations are complex and require a lot of resources.For large-scale RIS with a size up to 1 × 1 meter, a full wave simulation performed with a time domain solver can consume several weeks even on modern hardware.If, for instance, the results are used to train the control software of a RIS, hundreds of simulations with different unit cell patterns would be required, implying an even higher time consumption.Therefore, an alternative approach to characterize a RIS by using impedance surfaces is investigated.Instead of calculating the interaction between an electromagnetic wave and the microstructured surface, a homogeneous, effective impedance is assigned to each unit cell interacting with the incoming radiation.CST Microwave Studio allows for the definition of this type of effective material.The surface impedance itself depends on the geometry of the unit cells and can be derived from their S-parameters, calculated by the frequency domain solver.This method has proven to be at least an order of magnitude faster on the used hardware.The results for both simulation methods are compared in the following section.
In the first approach, a hardwired design as shown in Fig. 4a was used instead of utilizing a diode to control the phase shift.Because no vias and DC lines are needed for such a passive RIS, the complexity of the simulation and thus the simulation time is decreased.The unit cells of the passive RIS consist of a 510 µm thick RT/duroid®5880 substrates and a patch antenna at the front of the RIS, as well as an unstructured ground plane at the backside of the substrate.The antenna has the shape of two loops that can either be completely separate or connected in the middle of the unit cell.The phase shift between these two states is 180 • for a design frequency of 27.4 GHz.The simulated surface consists of 28 × 28 unit cells with a width and height of 2.8 mm ( ≈ 4 ) each.They are arranged in the shape of a checkerboard, where 4 × 4 unit cells with the same phase shift build one square of the board.
Figure 4b shows the far field surface plot of the reflected radiation as calculated by the full wave simulation on the structured surface and on the model of an effective impedance surface.In both simulations, the wave is back-scattered from the RIS and shows four symmetric sidelobes.In the case of the impedance surface, the amplitude of the main lobe is strongly reduced.This is the desired behavior of the RIS, because only the direction of the sidelobes can be altered by the phase shift pattern to target single users.Yet, the full wave simulation performed on the structured surface has displayed a less suppressed main lobe.This is caused by the insufficient resolution of the simulation.The width of the loops, that define the patch antenna, is in the area of 100 , thus the size of a single mesh cell used in the time domain solver should be at least in the order of 1000 to accurately describe the surface.However, to keep the simulation time reasonably low, the mesh cells had a size of 100 leading to a larger error and therefore a higher main lobe amplitude compared to the impedance surface.The cross-sectional electric field distribution of the sidelobes in Fig. 4c allows a direct comparison of both simulation models.It can be seen that the sidelobes show a deflection angle close to 30 • in both cases.The shape and magnitude of the sidelobes are also nearly identical for both methods, with their magnitude being about 10 % smaller Fig. 4 Unit cell design and full-wave simulations for a passive RIS for the structured surface.It is again suspected, that this difference stems mostly from the resolution of the simulation and should vanish for infinitesimally small mesh cells.
Additionally, an active RIS with a diode in each unit cell was simulated (Fig. 5a).The unit cells were enlarged to a width and height of 5.3 mm ( ≈ 2 ) to have enough space for the used PIN-diodes and their corresponding vias and DC lines to fit inside and at the same time avoid crosstalk between the circuits.To maintain a reasonable computation time when simulating the structured surface with this more complex design, the number of unit cells was reduced to 10 × 10 .Because of the DC lines on the backside of the RIS, the substrate is split up into two layers that are separated by a copper ground plane.The top layer of the substrate is simulated with a thickness of 760 µm, and the bottom layer with a thickness of 270 µm.
The phase of the incoming wave is shifted depending on the state of the PIN diode for each unit cell.By changing the DC voltage applied to the diode, it is possible to gradually tune the impedance of the diode and thus the electrical properties of the unit cell.Therefore, a range of different phase shifts could be generated.For simplicity, however, only two different possible voltage states of the diode were considered.Similar to the passive RIS, the difference in phase shift between these two states is 180 • at a working frequency of 26.4 GHz.The diodes are also wired in a way that only allows for a columnwise switching.For full control over the switching state of each single unit cell, additional electrical components and a more complex layout of the transmission line would be necessary, leading to an even more complex simulation.Therefore, a periodic stripe shape instead of a checkerboard was investigated.Each stripe consists of two columns of unit cells with the same phase shift.Figure 5b again shows the surface plot of the reflected radiation for both simulation methods.Because of the changed symmetry of the surface, only two sidelobes appear in this case.Similar to the passive RIS, the main lobe is nearly fully suppressed for the effective impedance model, while being more prominent in the full-wave simulation of the microstructured surface.Because of the even more complex structure, this behavior was expected.Especially the electromagnetic response of the vias needs to be simulated with an extremely high resolution, which is not the case when using an effective impedance surface.This discrepancy also becomes obvious from the cross-sectional amplitude distribution of the electric field of the two sidelobes and the main lobe shown in Fig. 5c.
For both simulation models, the sidelobes show the same direction and overall shape, yet the electric field is now nearly 25 % smaller for the effective impedance surface.This highlights once more, that much smaller mesh cells would be required to obtain an accurate result in the time domain simulation, which can be circumvented by using the effective impedance surface model.
Independent of the simulation model, it becomes clear that the proposed RIS can be used to send information to a multitude of users simultaneously by changing the phase shift pattern and thus by generating sidelobes with a certain shape and deflection angle.Both simulation models deliver nearly the same deflection angles, but the impedance surface allows for a vastly decreased simulation time and also suffers from fewer artifacts that are typically caused by insufficient

RIS-based physical layer security
The 6G wireless systems will be about intelligence delivery, implying the handling of huge amounts of (privacy-sensitive) information.Besides, 6G will have the capability to impact the physical world.Either one raises security concerns more seriously than ever before.But the task is complicated by numerous Reduced Capacity (RedCap) devices for example industrial sensor networks or Body Area Networks (BANs)-which are part of the networks-, unsuitable for conventional computationally intensive cryptography.Yet, for precisely those requirements Physical Layer Security scenarios offer a promising solution [19].By utilizing inherently available information and influences, minimal additional overhead is required to still incorporate a sufficient level of security.
This Section first describes the current state of research on RIS-based PhySec, followed by the description of five specific use cases in which RISs can be deployed in terms of security.These are illustrated concisely in Fig. 6.

Current work on RIS-based PhySec
RISs being a very active field of research.The applicability of metamaterials in particular, but also the possibilities of multi-antenna systems, have driven development in this area.Accordingly, there are approaches in the literature covering RISs in relation to individual PhySec scenarios.
Although the authors of these works are considering various scenarios such as wiretap channel models, linear antenna arrays as well as Multiple Input Single Output (MISO) and Multiple Input Multiple Output (MIMO) systems, the main application is the same: RIS enabled beamforming, anti-jamming and optimizing the secrecy rate.For instance Lu et al. propose a solution to minimize the signal leakage towards an eavesdropper and focus the reflecting beams towards legitimate users [20].Furthermore, Chen et al. [21] describe how to optimize these beams by adjusting the reflecting coefficients.Feng et al. are also dealing with the optimization of the beams, in particular by optimizing the phase shifts of the reflected signals [22].Due to the broadcast nature of wireless communication systems, they are inherently prone to interfering noise and jamming attacks.Lyu et al. are for instance considering the attacker's point of view by highlighting how RISs can be applied as "green jammers" [23] in order to attack communication without the need of any internal energy.In contrast to that, Yu et al. propose to add RIS-assisted artificial noise to the system to actively jam eavesdroppers and attackers and only allow legitimate users to transmit signals [24].
The optimization of the secrecy rate in terms of entropy and capacity is another frequently discussed aspect.For instance, Chu et al. consider the power consumption of the system with respect to the secrecy rate by optimizing the transmit power and the reflected phase-shift [25].Whereas Shen et al. are dealing with the secrecy rate maximization, also by adjusting the signals phase shifts [26].Other than this, the work of Staat et al. [27] is dealing with RIS-enhanced SKG.Similar to the approach discussed below, they describe how RISs can contribute to the key generation by actively influencing the characteristics of the wireless channel.
Besides, there is work about PhySec RIS aided wireless communication systems by Cao et al. investigating the passive presence of an eavesdropper for IoT application [28].A comprehensive survey on the RIS-assisted PhySec for future wireless communication is given by Almohamad et al. [29].
RIS-related PhySec in context of vehicular networks is examined by Makarfi et al.Thereby, they are considering two aspects, specifically Vehicular-to-Vehicular (V2V) communication and the adoption of a vehicular adhoc network (VANET) [30].
An overview about the usage of RIS in VLC at the transmitter to focus the information towards legitimate users is given by Aboagye et al. [31].Similar to Radio Frequency (RF) as presented in [32] a VLC-RIS could be used for jamming to decrease the signal at the receiver.
But, in contrast to the literature mentioned, this work highlights in Sect.4.2 five different use-cases of RISs with respect to Physical Layer Security.This is the first paper describing various use-cases including such as SKG by manipulation the channel characteristics and using the particular RIS-specific characteristics for authentication of the particular RIS.

Proposed RIS-based PhySec use-cases
Though some of the RIS use-cases have already been mentioned, all conceivable PhySec-relevant RIS applications are clearly described here.In addition to the beamforming possibilities mentioned, this also covers approaches to consciously and unconsciously add contextual information which can be used, for example, for the authentication of a RIS and actively manipulating the wireless channel and thus the SKG.

RIS-enabled beamforming and -splitting
A fundamental attribute of wireless systems is their broadcast characteristics.Electromagnetic waves are transmitted and propagated in different modes depending on the given antenna characteristics.Tighter beams up to pencil-sharp beamforming, as indicated in Fig. 6a, can change the properties of the radio channel from a pure broadcast medium to targeted communication.Thus, as shown in Fig. 6a, the targeted beams make it more difficult for an attacker to eavesdrop on content.
The working principle of the SKG is based, among other things, on the fact that an attacker is at a distance greater than 2 from the transmitter/receiver, since in this range the channel characteristics are significantly different [19].Therefore, PhySec can benefit from using massive antenna propagation to generate beams that are highly directional.By using RIS-enabled beamforming, the energy of the beam toward the legitimate user can be focused constructively while destructively suppressing the signal quality of the eavesdropper.Thereby, both are possible for beamforming and beamsplitting (Figs. 4 and 5).

RIS-based anti-jamming
The broadcast characteristics mentioned above render wireless systems vulnerable to jamming conscious or unconscious interference with other signals.Thereby different applications are conceivable: (i) RISs enabled targeted constructively and destructively superimposition (Fig. 6b) whereby the interference signals can be mitigated and the communication with the legitimate user supported; (ii) by phase-shifting the reflecting signal it can be ensured that only certain devices receive signals; (iii) by broadband and narrowband (depending on the specific scenario) attackers and eavesdroppers can be jammed to mitigate the information leakage.Furthermore, in combination with other technologies that come along with the development of 6G wireless systems, such as localization and sensing, the (anti)jamming capabilities can enable/ disable selective communication.

RIS-enhanced channel profiles
The working principle of PhySec-SKG [19] is based on measuring the characteristics of the wireless channels, arising through scattering, reflections and diffraction of the electromagnetic waves (Fig. 6c).Thereby, different approaches use the Received Signal Strength Indicator (RSSI)/Reference Signal Received Power (RSRP), the Channel State Information (CSI) and the Channel Impulse Response (CIR).
RISs allow to actively influence and manipulate this channel behavior and thereby influence those metrics.By controlling the single RIS-cells one can influence the emitting characteristic which directly influences the channel entropy and thereby the quality of the derived SKG keys.

RIS-individual "Fingerprints"
As described in Sect.2, RISs are man-made surfaces built of several semiconductors, each equipped with intrinsic manufacturing related physical characteristics.According to the same principle as Physically Unclonable Function (PUF) [33] the combination of many electrically individual semiconductors results in an individual component.

RIS-supported adding of context information
For the purpose of authenticating participants or legitimizing access, the use of context information is being increasingly relied upon.For instance, the plausibility of access from a specific device at a certain time is taken into account, which allows conclusions to be drawn about possible attacks.
If RISs inherently already have individual properties which give them unique fingerprints, it is further conceivable to add additional information, such as deliberately adding certain materials with desired properties to them.As already indicated, such a scenario can be advantageous if only legitimate communication with precise devices is to be allowed.Adding plausibility helps to prevent attackers from gaining access to systems.

A short introduction: combinating VLC and RIS
VLC is an alternative to RF because of the potential low-cost, high-performance solutions outside the interference spectrum of RF.In contrast to the latter, VLC has the intrinsic security advantage of the necessity of a Line of Sight (LoS) between the transmitter and a potential eavesdropper.Malicious users have to be in plain sight of the source and cannot hide behind walls and obstacles, and therefore are easier to detect.Kumar et al. propose the simultaneous use of VLC and RF technology based on the secrecy rate of the current link.
The LoS requirement is also a major factor regarding the applicability for legitimate users.Here the addition of RISs to create alternative virtual LoS paths tackles this fundamental requirement and simultaneously adds security through beamforming towards known legitimate users.In VLC there are two main types of RISs, Mirror arrays with individual steerable small mirrors and meta-surfaces, made out of graphene, ferrites, or liquid crystals, which allow the manipulation of the phase of an incident by applying external voltages [31].In general, the exploration of the security potential of RIS in VLC is not far advanced yet and further research is required.Arfaouri et al. report for securing indoor VLC systems with no available CSI only two available PhySec schemes: Artificial noise transmission in the nullspace of the receiver and restricting the illuminated area to certain areas to reduce the danger of eavesdropping as specifications of the basic concepts of friendly jamming and beamforming [34,35].In summary, the goal of the mentioned PhySec techniques is always to maximize the difference in signal strength between the legitimate user and an eavesdropper.To solve this maximation problem, a corresponding algorithm to find the optimized direction of a mirror array RIS was proposed by Qian et al. [36].

Classification and discussion of the use-cases
As discussed in Sect. 4 and illustrated in Fig. 6, there are several scenarios where RISs contributes to the security of the networks.Among others, the following issues should be discussed: (i) how feasible are these scenarios; (ii) what is the cost/benefit ratio of an implementation; (iii) how secure are the corresponding proposals.

All that glitters is not gold
Although RISs is a frequently discussed and current field of research, the idea is by no means new.The wireless repeater, for instance, was invented back in 1899, and the relaying technology is supported since the Third Generation (3G) wireless systems.Nonetheless, the possibility of integrating (new) metamaterials, combined with application such as those presented, render it attractive.
Besides, the arguments offered by Bjonson et al. that RISs "can be implemented with reduced energy consumption and cost since the use of printed meta-materials requires no amplifiers" [37] may hold true, but the crucial part will be controlling the individual elements.Especially in terms of time, an adaptation in real time will still require some additional research.As further described by Bjornson et al. the efficiency of a reflected signal scales with the number of elements, but will always be inferior to known relay-based setups without the use of very large reflecting surfaces and hundreds of elements [37,38].Among the hundreds of elements, another aspect emerges the financial one.A RIS composed of hundreds of individual PIN diodes can become expensive quite fast, especially if whole house facades are to be equipped with RIS (as planned sometimes).
Moreover, most of the current RIS ideas are theoretical constructs-although the idea is already a very old one, which is however only revived by the 6G development-, an implementation into test/real operation is still pending.
It is evident, certain methodologies delineated herein are not directly or exclusively applicable to RIS.Specifically, the concept of beamforming or beam-splitting is contingent on the antenna characteristics, which influences the resulting beams.Narrower beams inherently increase the difficulty of intercepting legitimate communication.Nonetheless, RIS offers potential advantages in terms of energy efficiency, necessitating the attacker to be in closer proximity to the passive elements rather than the broadcasting channel.In addition, as described by Molero et al., metamaterials open up new possibilities in terms of beamforming/-splitting [39].

The attacker's point of view
On the flip side of the coin, if one can actively influence and manipulate channel characteristics with a RIS, the same applies to attackers.It is considered that attackers use RISs to manipulate the channel and derive legitimate SKG keys.For instance, Staat et al. describe such a "wireless environment reconfiguration attack" [32] as a RIS-based jamming attack.Besides, the beamforming/-steering capabilities can be used for jamming attacks as well.
However, a conceivable countermeasure is available in the other use cases mentioned, if each RISs inherently possesses a fingerprint, and on the other hand it is conceivable to influence this fingerprint by deliberate injection of materials, then there may be lists/databases of legitimate RISs and compromise can be prevented.Moreover, the (RIS-based) PhySec is not the only security feature, it should be perceived as a lightweight addition and combination with existing mechanisms.

Conclusion and outlook
The development of the Sixth Generation wireless systems, with handling huge amounts of (privacy-sensitive) data, focuses particularly on the security of the networks.This work discusses how one of the promising 6G technologies, Reconfigurable Intelligent Surface, will contribute to security improvement.Therefore, five concrete use-cases are described: RIS-enabled beamforming and -splitting, RIS-based anti jamming, RIS manipulated channel profiles, RIS individual Fingerprints and RIS-supported adding of context information.
First simulations yield good results for beamforming, as well as for actively influencing the channel properties.The use of an effective impedance surface model reduced the simulation time by at least an order of magnitude, while at the same time being less susceptible for errors caused by the given spatial resolution of the simulation.Besides, the results from the field of PUFs indicate that RIS-fingerprinting will also yield promising results.
In addition, to the highlights of possible approaches.The next step is to physically implement RIS elements to confirm with corresponding results.In the first step, the PIN-diode based RIS elements are realized for this purpose, while in a second implementation, different metamaterials are considered.The experimental setups are intended to confirm the functionality of the use cases described here.In particular, the RIS-based fingerprinting and context information are of special interest.

Fig. 3
Fig. 3 3D-Colorplots of the simulated Transmitted Power of IoT devices for a rectangle of 100 m to 25 m. a Shows the Transmitted Power of a fixed source through a Non-Lineof-Sight (NLoS), b shows the transmitted power for a fixed source and a fixed RIS-structure of 256 elements with the setup shown in Fig. 2

Fig. 5
Fig. 5 Unit cell design and full-wave simulations for an active RIS