Battery-Free Sensor Nodes (BFSNs) are increasingly being used in applications where maintenance-free operation is essential, be it infrastructure monitoring or industrial sensing. Many of these systems rely on Simultaneous Wireless Information and Power Transfer (SWIPT), where radio waves deliver both energy and data connectivity.
In dual-wave SWIPT systems, one radio signal supplies power while another handles data transmission. This enables the use of microcontrollers and established protocols such as LoRaWAN or Bluetooth Low Energy (BLE).
However, choosing such a system requires a compromise: Severe energy constraints often force devices to rely on simplified or reduced-security communication modes.
In LoRaWAN deployments, for example, Battery-Free Sensor Nodes frequently use Activation by Personalization (ABP), which avoids the energy cost of frequent key exchanges but relies on static session keys that are vulnerable to replay attacks. Similarly, BLE-based battery-free nodes often broadcast data without connection handshakes, increasing exposure to spoofing and injection attacks.
Existing security techniques proposed for SWIPT systems range from jamming-based defenses to spread-spectrum methods, intelligent reflecting surfaces, and deep-learning approaches. These methods often require additional hardware, complex signal processing, or substantial computational resources, which are impractical for ultra-low-power devices.
Get all the details: Grab your PDF here!
Using the Power Wave as an Identifier
The new approach, reported in the journal Electronics, takes a different path. Instead of securing the data channel itself, the researchers add a protocol-independent identification layer by exploiting the Wireless Power Transfer (WPT) power wave, known as the P-wave, that already energizes the sensor.
The system manages this through a small add-on module that does not alter the sensor’s existing circuitry. A fail-safe Single Pole Double Throw (SPDT) RF switch connects the sensor node to two monopole antennas with orthogonal linear polarizations, such as vertical and horizontal.
In normal operation, when the node is unpowered or harvesting energy, the switch defaults to the primary antenna, resulting in minimal insertion loss and preserving the original RF rectifier's efficiency. Once enough energy has accumulated, the node’s microcontroller generates a digital private key and toggles the RF switch using simple GPIO signals.
This switching action modulates how the incoming power wave is reflected back toward the reader.
By alternating between orthogonally polarized antennas, the sensor backscatters an identification signal that is distinct from the incoming wave and easier to isolate from environmental reflections and interference.
Encoding Identity With Minimal Energy
The private key sequence is Manchester-encoded, a deliberate design choice that ensures reliable clock recovery and a DC-balanced signal. This prevents long steady states that could degrade synchronization under multipath propagation or polarization-induced amplitude fluctuations.
The private key itself is 16 bytes long, matching the block size used by AES-128. This alignment allows the identification layer to integrate cleanly with existing low-power cryptographic frameworks without adding memory, computation, or energy overhead at the sensor node.
The identification signal is transmitted without activating the sensor’s radio transceiver, keeping energy consumption to a minimum.
To validate the concept, the researchers integrated the polarization-shift backscatter module into a LoRaWAN-based Battery-Free Sensor Node and tested it in a real-world setup. At the Communication Node, a dedicated P-wave monitoring chain, separate from the data receiver, was used to detect and decode the backscattered identification signal.
The results showed that the private key could be reliably extracted before normal data transmission, confirming that the approach works without interfering with the node’s primary sensing and communication functions.
Small Energy Cost, Measurable Gains
To achieve battery-free operation, the added energy cost is minimal. A complete 3-ms identification sequence consumed approximately 95 μJ, negligible compared to the more than 10 mJ required for a full sensing and transmission cycle.
Of that overhead, only about 8.9 μJ is attributable to the RF switch itself during polarization switching, with the remainder due to brief microcontroller activity. Compared to earlier backscattering-rectifier-based approaches, the new method adds just 11 μJ more energy while avoiding the efficiency penalties associated with replacing the original harvesting circuitry.
Measurements of RF-to-DC conversion efficiency showed that the polarization-shift approach outperformed backscattering-rectifier designs by 5 to 15 %, largely thanks to the switch’s low insertion loss of 0.4 dB or less.
Designing a Future of Secure and Battery-Free Networks
The work demonstrates that secure identification can be added to Battery-Free Sensor Nodes as a lightweight, non-intrusive layer that operates independently of the data communication protocol. Because the solution can be retrofitted, it is particularly attractive for sensor networks that are already in use, where redesigning hardware is not an option.
Future work will focus on developing low-cost, practical reader implementations, such as SDR-based or envelope-detector-based P-wave monitors, and exploring more compact antenna designs, including dual-polarized and circularly polarized configurations, to further improve robustness and integration.
For battery-free sensing systems that must balance energy scarcity with growing security demands, the study points to a practical way forward by using the power wave itself as part of the solution.
Journal Reference
Djidjekh T. E., Takacs A. (2026). Polarization-Shift Backscatter Identification for SWIPT-Based Battery-Free Sensor Nodes. Electronics, 15(1), 186. DOI: 10.3390/electronics15010186