Embed Size (px)
Citation preview
HAL Id: hal-01686327https://hal.archives-ouvertes.fr/hal-01686327
Submitted on 17 Jan 2018
HAL is a multi-disciplinary open accessarchive for the deposit and dissemination of sci-entific research documents, whether they are pub-lished or not. The documents may come fromteaching and research institutions in France orabroad, or from public or private research centers.
L’archive ouverte pluridisciplinaire HAL, estdestinée au dépôt et à la diffusion de documentsscientifiques de niveau recherche, publiés ou non,émanant des établissements d’enseignement et derecherche français ou étrangers, des laboratoirespublics ou privés.
On the Resilience of Wireless Multiuser Networks toPassive and Active Eavesdroppers
Arsenia Chorti, Samir Perlaza, Zhu Han, Harold Vincent Poor
To cite this version:Arsenia Chorti, Samir Perlaza, Zhu Han, Harold Vincent Poor. On the Resilience of Wireless MultiuserNetworks to Passive and Active Eavesdroppers. IEEE Journal on Selected Areas in Communications,Institute of Electrical and Electronics Engineers, 2013. �hal-01686327�
1
On the Resilience of Wireless Multiuser Networksto Passive and Active Eavesdroppers
Arsenia Chorti†,∗, Samir M. Perlaza†, Zhu Han‡, H. Vincent Poor††Dep. EE, Equad 19 Olden Street, Princeton University, Princeton, New Jersey 08544, USA
∗ICS-FORTH N. Plastira 100, Vassilika Vouton, GR-700 13 Heraklion, Crete, Greece‡Dep. ECE, N324, Engineering Building 1, University of Houston, Houston, TX 77004.
{achorti, perlaza, poor}@princeton.edu, [email protected]
Abstract—Physical layer security can provide alternativemeans for securing the exchange of confidential messages in wire-less applications. In this paper, the resilience of wireless multiusernetworks to passive (interception of the broadcast channel) andactive (interception of the broadcast channel and false feedback)eavesdroppers is investigated. Stochastic characterizations of thesecrecy capacity (SC) are obtained in scenarios involving abase station and several destinations. The expected values andvariances of the SC along with the probabilities of secrecy outagesare evaluated in the following cases: (i) in the presence of passiveeavesdroppers without any side information; (ii) in the presenceof passive eavesdroppers with side information about the numberof eavesdroppers; and (iii) in the presence of a single activeeavesdropper with side information about the behavior of theeavesdropper. This investigation demonstrates that substantialsecrecy rates are attainable on average in the presence ofpassive eavesdroppers as long as minimal side information isavailable. On the other hand, it is further found that activeeavesdroppers can potentially compromise such networks unlessstatistical inference is employed to restrict their ability to attack.Interestingly, in the high signal to noise ratio regime, multiusernetworks become insensitive to the activeness or passiveness ofthe attack.
Index Terms—Secrecy capacity, secrecy rate, physical layersecurity, outage probability, multiuser diversity, multiple eaves-droppers, slow fading and side information.
I. INTRODUCTION
Security in the exchange of information has been pri-marily treated as an inherently applied subject, despite thetheoretical formulation of perfect secrecy early on [1]. Inactual networks, security commonly relies on cryptographicalgorithms [2] implemented at upper layers of the protocolstack. Recently, a compelling complementary approach forenhancing the securing of wireless systems has risen from thearea of information theory and has become a focal point ofresearch in the wireless community. The breakthrough conceptof physical layer security is to exploit the characteristics of thewireless medium such as fading or noise to ensure secrecy inwireless transmissions [3], [4], [5], [6].
Seminal earlier analyses that investigated security aspectsof the wiretap channel [7] and the broadcast channel withconfidential messages (BCC) [8] have established that a noisy
This work was supported in part by the IOF “APLOE” (PIOF-GA-2010-274723) grant within the 7th Framework Program of the EuropeanCommunity and in part by the Qatar National Research Fund (QNRF) and U.S.National Science Foundation Grants CCF-1016671, CNS-0905556, CNS-1117560, CNS-0953377 and ECCS-1028782.
communication channel can offer opportunities for perfectlysecure exchange of information. The performance measureof interest, the secrecy capacity (SC), was defined as thelargest communication rate for which encoding schemes existthat simultaneously guarantee reliability in the exchange ofinformation with a legitimate user and perfect secrecy withrespect to an eavesdropper. It has been demonstrated that theSC is strictly positive when the wiretap channel is on averagea degraded version of the main channel. Specifically in thecase of Gaussian encoders, the SC can be expressed as thedifference between the main and the eavesdropper’s channelcapacities, CM and CW respectively, [9],
Cs = [CM −CW ]+ = [log(1 + SNRM )− log(1 + SNRW )]+
(1)where [·]+ = max(·, 0), SNRM and SNRW denote thesignal-to-noise-ratios (SNRs) of the main and eavesdroppingchannels, respectively1.
Similar results were obtained for wireless fading channels[10], [11], [12] and multiple input multiple output (MIMO)systems [13], [14], [15], [16] to cite but a few. Furthermore,many investigations have considered systems with friendlyor un-trusted relays [17], [18], [19] approaches relying onintentionally degrading the eavesdropper SNR using friendlyinterferers [20], [21], [22], etc. Finally, more recently, in-vestigations have appeared for scenarios involving multiplelegitimate users and a single eavesdropper [23], [24] or a singlelegitimate user and multiple eavesdroppers [25]. Some workfrom resource allocation perspective can be found in [26], [27],[28].
In this paper, we build on earlier works that provide singleletter characterizations of the SC for the broadcast fadingchannel and investigate broadcast networks in the presence ofmultiple eavesdroppers. We assume that a central managementunit (base station (BS)) decides on the allocation of networkresources (bandwidth and power) in order to convey secretmessages to one of K destinations. Evidently, in this setting,the SC depends on the relative SNR levels of the strongestuser (in terms of SNR) and the strongest eavesdropper. Theordering of the respective SNRs involves the use of orderstatistics of the respective channel gains. We model thechannel coefficients as realizations of a random process with
1Logarithms hereafter are taken base 2.
2
an underlying Rayleigh probability density function (pdf)2.Assuming that the wireless channel is memoryless and themultiplicative fading coefficients are stationary and ergodicover time, we are primarily concerned with the stochasticcharacterization of the SC as a function of the cell size K,the side information available and the fierceness of the attack.
In particular, to the best of our knowledge, the present paperpresents the first systematic probabilistic characterization ofthe SC in the following cases:
1) Purely antagonistic networks in the absence of any sideinformation. In this worst case scenario, all subscribedusers in a network can in parallel act as eavesdroppers,intercepting the exchange of confidential messages in-tended for other users. Characterizing probabilisticallythe SC in the absence of any side information, we readilydemonstrate that any opportunities for secure exchangeof information vanish with an increase in the size of thenetwork, i.e. with increasing K, the average SC tends to0. Our findings indicate that in real networks, securingany single user against all other users or alternatively anarbitrarily large number of adversaries is not attainablein practical terms.
2) Networks with distinct sets of legitimate users and eaves-droppers. In actual commercial applications, intuitively,only a small number of adversaries may have an interestin compromising the security of the network. Basedon this reasoning, we next consider the scenario inwhich the sets of legitimate users and eavesdroppers aredistinct. Furthermore, we assume that quantitative sideinformation is available regarding the cardinality of theset of eavesdroppers. Such minimal knowledge proves adecisive factor for secure network planning purposes;we demonstrate that upper-bounding the number ofpassive eavesdroppers and increasing the cell size leadsto substantial opportunities for realizing perfectly securetransmissions.
3) Networks in the presence of a single active eavesdrop-per. In our model, an active eavesdropper possesses anoptimal receiver, has global channel state information(CSI) and additionally exchanges signalling messageswith the BS, appearing as a legitimate user. The goalof this adversary is not only to intercept the broadcastchannel but also to interferer with the decision makingprocess regarding the allocation of resources in order toincrease the amount of secret information leaked. Ourfindings indicate that in order for the BS to counteractsuch malicious behavior, qualitative side informationis required concerning behavioral aspects of the activeeavesdropper tactics. Intuitively, a fiercer type of attackrequires stronger defence mechanisms.
The paper is organized as follows: the problem formulationis outlined in Section II. The scenario of passive eavesdroppingwithout side information is examined in Section III, whilein Section IV results are presented when quantitative sideinformation is available. In Section V, the case of active
2Our results can straightforwardly be extended to the general case ofNakagami-m distributions.
Fig. 1. Broadcast network in the presence of multiple eavesdroppers.
eavesdropping is investigated, which is formulated as a one-shot two player zero-sum game. In Section VI, the SC inthe high SNR regime is stochastically characterized while inSection VII heuristic transmission strategies are compared.Finally, Section VIII includes the conclusions of this study.
II. PROBLEM FORMULATION
Consider the system set up illustrated in Fig. 1 correspond-ing to a typical downlink scenario in a multiuser network.A central management unit or BS communicates with a setK = {1, 2, . . . ,K} of K = |K| destinations in the presenceof a set E = {1, 2, . . . , E} of E = |E| eavesdroppers.Communication occurs in consecutive transmission frames.During each time frame, the BS transmits to destinationk∗ ∈ K a message s = (s(1), . . . , s(q)) ∈ Sq , whose elementsare uniformly drawn from a set of source symbols S.
In the present investigation, the destination k∗ is determinedon the sole criterion of keeping the eavesdroppers as igno-rant as possible of the message transmitted by the source.Towards this end, the BS employs an encoding functionφ : Sq → Xn, with X the set of transmitted symbols. Eachcodeword is a sequence of n-elements denoted by x = φ(s),x = (x(1), . . . , x(n)), satisfying a frame-based average power
3
constraint,
E�x2�=
1
n
nXi=1
E�x2(i)
�6 pmax. (2)
For random encoding arguments to hold, we further assumethat i) the channel realizations between the source and alldestinations and eavesdroppers remain constant during a givenframe, and ii) communication frames are long enough to allowthe transmission of infinite length codewords, n→ ∞, invok-ing that the channel capacities can be asymptotically reached.In this framework and focusing on one transmission frame,the channel realization between the source and destination k isdenoted by hk, with k ∈ K. Similarly, the channel realizationbetween the source and the eavesdropper j is denoted by hj ,with j ∈ E .
All channel realizations are assumed to be ergodic over timeand independent and identically distributed (i.i.d.) from chan-nel to channel drawn from a zero-mean unit variance complexGaussian distribution. Thus, all channel gains gk = |hk|2
and gj =���hj���2 are random variables drawn from a chi-
square probability distribution with 2 degrees of freedom, withunderlying pdf
f(λ) = e−λ, (3)
and a corresponding cumulative distribution function (cdf)
F (λ) = 1− e−λ. (4)
It is noteworthy that the results presented in the followingsections can straightforwardly be generalized to the case ofNakagami-m channels by appropriately defining f(λ) andF (λ), respectively [29].
During a given communication frame, the outputs of optimalreceivers at destination k, yk = (yk(1), . . . , yk(n)) and eaves-dropper j, zj = (zj(1), . . . , zj(n)) are expressed, respectively,as follows:
∀k ∈ K, yk = gkx+wk, (5)∀j ∈ E , zj = gjx+ wj . (6)
yk ∈ Yn and zj ∈ Zn, where Y and Z are obser-vations at the destination and the eavesdropper. The termswk = (wk(1), . . . , wk(n)) and wj = (wj(1), . . . , wj(n))are n-dimensional vectors whose components are zero-meanunit-variance circularly symmetric complex Gaussian randomvariables.
At destination k, the decoding function ϕk : Yn → Sqis used to recover the source symbols from the observations.The error probability associated with the code (φ, ϕ) during aparticular transmission interval at destination k is defined as
P (k)e = Pr (ϕk(yk) = s) . (7)
The level of ignorance of eavesdropper j with respect to thetransmitted message is measured by its equivocation rate R(j)
e .That is, the rate of the entropy of the message S conditionedon the received signal Zj and the channel realizations h andh,
R(j)e =
1
nH(S|Zj ,h, h). (8)
In the following, we focus on information theoretic perfectsecrecy, implying that the equivocation rate is at least equalto the rate of the message R. Perfectly secret transmission atrate R is achieved at destination k∗ if for any arbitrarily smallϵ > 0, there exists a sequence of codes (2nR, n) such that forn→ ∞, the following hold [7], [8]:
P (k∗)e 6 ϵ, (9)
∀j ∈ E , R(j)e =
1
nH(S|Sj ,h, h)) > R− ϵ. (10)
During a given transmission frame, the secrecy capacity Csis the maximum achievable rate R that satisfies both (9) and(10), i.e.,
Cs = maxE�x2�< pmax
I(X;Y k∗ |h, h))− I(X;Zj∗ |h, h)
= [log(1 + gk∗pmax)− log(1 + gj∗pmax)]+, (11)
where indices k∗ and j∗ denote the most capable (in termsof SNR) of the destinations and eavesdroppers, respectively.Solving the optimization problem (11) to pmax is a conse-quence of the monotonicity of the SC as a function of thepower in slow fading conditions. For fast fading channels,transmitting at constant power under an average power con-straint is no longer optimal and power control should beadopted [30].
Finally, an underlying assumption of the present studyis that potential eavesdropping terminals do not cooperate,i.e., we examine the scenario of non-colluding eavesdroppers.This is a plausible assumption in a purely individualisticnetwork where an eavesdropper would hesitate to reveal itsidentity to probably “friendly” eavesdroppers in order notto jeopardize its own safety (being identified and “removed”from the network). The more pessimistic scenario of optimallycooperating eavesdroppers is to be investigated in future work.
III. STOCHASTIC CHARACTERIZATION OF THE SC INABSENCE OF SIDE INFORMATION
We commence our investigation by examining the case inwhich the BS has no side information regarding the existenceof eavesdroppers. As a worst case approach, the networkis treated as purely antagonistic; the BS assumes that allsubscribed users act as passive eavesdroppers intercepting thebroadcasting of confidential messages to other users. Aiming atevaluating lower bounds, in this scenario the set of destinationsK is extended to include any terminal that can act as aneavesdropper, i.e., E ⊂ K. We finally note that in thisblind approach, we should in principle allow the number ofeavesdroppers to grow unboundedly, i.e., K → ∞. In thissetting, only the strongest of K destinations has potentiallya non-zero SC. The SC during a transmission frame strictlydepends on the SNR difference between the destination withthe highest SNR and the destination with the second highestSNR. For ease of notation, we denote the former with indexk∗ and the latter with index k∗∗, i.e.,
k∗ = argmaxk∈K
gk, (12)
k∗∗ = arg maxk∈K\{k∗}
gk. (13)
4
Fig. 2. Joint probability of the K-th and (K − 1)-th order statistics of thefading channel for K = 100.
Building on the assumption that the channel realizations gk∗and gk∗∗ are i.i.d. random variables, their pdfs f (K)
K (gk∗) andf(K)K−1(gk∗∗), respectively, are the K-th and (K − 1)-th order
statistics of a sample of K channel realizations:
f(K)K (λ) = KF (λ)K−1f(λ), (14)
f(K)K−1 (λ) = K(K − 1)F (λ)K−2(1− F (λ))f(λ) (15)
with cdfs F (K)K (λ) and F (K)
K−1(λ), respectively. The concept ofordering the channel gains in physical layer security studiesis a central point of our approach and its significance will beemphasized throughout the rest of this study.
The random variables gk∗ and gk∗∗ are generated througha common ordering operation over the set of K channelrealizations, which is clearly a nonlinear transformation. Asa result, they are not independent [31]. Based on the generalexpression for the joint pdf of any two order statistics [31],the joint pdf f (K)
K,K−1(gk∗ , gk∗∗) of gk∗ and gk∗∗ is derived as
f(K)K,K−1(gk∗ , gk∗∗) = K(K − 1)F (gk∗∗)
K−2f(gk∗∗)
× f(gk∗)U(gk∗ − gk∗∗), (16)
where U(·) is the step function and is depicted in Fig. 2.The SC is a random process that we will fully characterize
in the following, generalizing the reasoning presented in [10]and [11], assuming that the fading channel is wide sensestationary3. We begin by deriving the pdf of the SC and thenevaluate its expected value and variance.Theorem 1 [Pdf of the SC without side information]: The pdffCs(Cs) of the SC Cs when the legitimate destination is chosenfollowing (12) and all the other destinations are consideredas passive eavesdroppers can be expressed as
fCs(Cs) = ln(2)K(K − 1)β�2Cs , p,K
�2Cs
× exp
�− 2Cs − 1
p
�U(Cs), (17)
3The assumption of a wide sense stationary fading channel can be removedif we let the underlying pdfs of the channel coefficients become timedependent functions.
0 0.5 1 1.5 2 2.5 30
0.2
0.4
0.6
0.8
1
1.2
1.4
1.6
1.8
2
Cs
f Cs(C
s)
K=3K=5K=8
Fig. 3. Pdf of the SC in a set of K destinations without side information.
where
β(λ, p,K) =
Z ∞
0(pµ+ 1)
�1− exp(−µ)
�K−2
× exp�− (1 + λ)µ
�dµ. (18)
Proof : In order to derive the pdf of the SC Cs =hlog
�1+gk∗pmax
1+gk∗∗pmax
�i+, we note that the pdf of the ratio ξ = λ
µ
of two non-negative dependent random variables with joint pdffΛM (λ, µ) can be expressed as [32]:
fΞ(ξ) =
Z ∞
0µfΛM (µξ, µ)dµ. (19)
Furthermore, the pdf of the output of a hard limiter ξ = [λ]+
when the pdf of the input is fΛ(λ), is a discontinuous functionat the origin and equals
fΞ(ξ) = fΛ(ξ)U(ξ) + Pr(λ ≤ 0)δ(ξ). (20)
From the previous discussion, the pdf of the SC is derivedfrom the joint pdf of gk∗ and gk∗∗ by performing the followingsequence of operations: i) ϕ = 1 + gk∗p, ψ = 1 + gk∗∗p, ii)ξ = ϕ
ψ , iii) η = log(ξ), and iv) Cs = [η]+. �In Fig. 3 the pdf of the SC is depicted for K = 3, 5 and
8 destinations. As the number of destinations increases, thepdf mass concentrates on smaller values of the SC, implyingthat with increasing cell size the expected value of the SCdecreases. We conjecture that for K → ∞, the probabilitymass of the SC is concentrated at the point Cs = 0+. Evidenceof the validity of this conjecture is provided by the evaluationof the expected value and the variance of the SC:Proposition 1 [Expected value and variance of the SC]:The expected value and the variance of the SC when thelegitimate destination is chosen following (12) and all theother destinations are considered as passive eavesdropperscan be given by
E [Cs] =
Z +∞
0
Z λ
0log
�1 + λpmax
1 + µpmax
�f(K)K,K−1(λ, µ)dµdλ
(21)
5
100
101
102
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
1.1
1.2
K
Exp
ecte
d va
lue
of th
e S
C in
bits
/sec
/Hz
p=0 dBp=3 dBp=6 dB
Fig. 4. Expected value of the SC without side information as a function ofK.
100
101
102
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
K
Sta
ndar
d de
viat
ion
of th
e S
C in
bits
/sec
/Hz
p=0 dBp=3 dBp=6 dB
Fig. 5. Standard deviation of the SC without side information as a functionof K.
and
E�C2s
�− E [Cs]
2=
Z +∞
0
Z λ
0log2
�1 + λpmax
1 + µpmax
�× f
(K)K,K−1(λ, µ)dµdλ− E [Cs]
2(22)
respectively.Numerical evaluations4 of the expectation and the standard
deviation of the secrecy capacity are depicted in Figs. 4and 5, respectively. As expected, the average SC reducesmonotonically with the cardinality K of K. This is due to thefact that the probability of finding two destinations with similarSNR levels increases monotonically with K. Thus, from (21) itbecomes clear that in the absence of any side information, thebroadcasting of secret messages can be compromised, unless asubstantial decrease in the transmission rate can be tolerated.
We further note that the mean value of the ratio of thestandard deviation to the expected value is roughly equal to
4All numerical integrations hereafter were executed in MAPLE 16 r.
100
101
102
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
K
Sec
recy
Out
age
Pro
babi
lity
$Pou
t$
τ=0.1 bits/sec/Hz
τ=0.3 bits/sec/Hz
τ=0.5 bits/sec/Hz
τ=0.8 bits/sec/Hz
Fig. 6. Secrecy outage probability without side information as a function ofK for pmax = 0 dB.
0.85 (it increases slightly with an increase in the cell size).The large variations around the expected value impose furtherrestrictions in the design of perfectly secure multiuser networktransmission protocols.
On the contrary, given the problem formulation, the proba-bility of a positive secrecy capacity is unity and can be derivednoting that by definition gk∗ ≥ gk∗∗ :Proposition 2 [Secrecy outage probability]: In a set of K non-colluding destinations, the probability of a positive secrecycapacity is the probability mass of f (K)
K,K−1(gk∗ , gk∗∗) in theentire plane of admissible values of gk∗ and gk∗∗ and istherefore unity,
Pr(Cs > 0) =
Z ∞
0
Z λ
0f(K)K,K−1(λ, µ)dµdλ = 1. (23)
The probability of a secrecy outage, with respect to a tar-get threshold secrecy capacity value τ , is the probabilitymass of f (K)
K,K−1(gk∗ , gk∗∗) in the left of the plane gk∗∗ =1+gk∗pmax−2τ
2τpmaxand is given by
Pout = Pr(Cs ≤ τ) = 1− Pr�log
1 + λpmax
1 + µpmax> τ
�
= 1−Z ∞
0
Z 1+λpmax−2τ
2τ pmax
0f(K)K,K−1(λ, µ)dµdλ. (24)
In Fig. 6 numerical evaluations of the secrecy outage prob-ability are depicted for pmax = 0 dB. These numerical eval-uations further stress the dramatic effect - in terms of perfectsecrecy - of the antagonistic relations between all destinations,even for medium size networks of K = 30 destinations. Forexample, transmitting perfectly secret messages at a rate of 0.5bits/sec/Hz is only possible roughly 20% of the time due to thefact that the most capable destination in a given transmissionframe is being attacked by K−1 = 29 eavesdroppers. Finally,it is noted that for τ = 0.8 bits/sec/Hz numerical errors inthe evaluation of the outage probability result in less accurateevaluations.
6
The importance of side information in multiuser networksis highlighted in the next section where reverse conclusionsare drawn by adopting a more realistic and less pessimisticpoint of view. The investigations presented next are motivatedby the intuition that in typical commercial applications thevast majority of destinations have no interest in eavesdropping;malicious behavior is on the contrary confined to a small setof adversaries.
IV. STOCHASTIC CHARACTERIZATION OF THE SC WITHSIDE INFORMATION
In this section, we consider that there exists a set Eof eavesdroppers that wish to decode secret messages andthat this set is distinct from the set of destinations K, i.e.,ETK = ∅. Nevertheless, although the individual identities of
the eavesdroppers are unknown, side information is availableregarding the cardinality E = |E| of the set of potentialeavesdropping terminals5. Amongst this population, we em-ploy index j∗ to denote the eavesdropping terminal that hasthe highest statistical advantage for eavesdropping. In thepresent work we further assume that the eavesdroppers arenot cooperating.
A. Side Information over the Exact Number of EavesdroppersAssuming that side information over the exact number of
eavesdroppers is available, the pdf f (E)E (gj∗) of the channel
gain gj∗ of the most capable eavesdropper (in terms of SNRstrength) can be characterized as the E-th order statistics of asample of E channel realizations,
f(E)E (λ) = EF (λ)E−1f(λ) (25)
with cdf F (E)E (λ). It is important to note that in the case under
examination g∗k and g∗j are generated from two independentordering operations and consequently are independent (wemake no assumption over the ordering of gk∗ with respect togj∗). The joint pdf f (K)(E)
K,E (g∗k, g∗j ) of the channel gain of the
strongest destination and the strongest eavesdropper is merelythe product of the marginal distributions, i.e.,
f(K)(E)K,E (gk∗ , gj∗) = f
(K)K (gk∗)f
(E)E (gj∗). (26)
As a result the pdf of the SC is derived as follows:Theorem 2 [Pdf of the SC with side information]: The pdffC∗
s(C∗
s ) of the SC C∗s in a set of K non-colluding desti-
nations in the presence of a distinct set of E non-colludingeavesdroppers can be expressed as
fC∗s(C∗
s ) = fC∗k∗ (C
∗s )⊗ fC∗
j∗(−C∗
s )U(C∗s )
+ Pr(C∗k∗ ≤ C∗
j∗)δ(C∗s ) (27)
where
C∗k∗ = log(1 + gk∗p), (28)C∗j∗ = log(1 + gj∗p), (29)
fC∗k∗ (λ) = ln(2)p−12λf
(K)K
�(2λ − 1)p−1
�, (30)
fC∗j∗(λ) = ln(2)p−12λf
(E)E
�(2λ − 1)p−1
�, (31)
5In a sense we assume that a statistical characterization of the vulnerabilityof the wireless network has been performed and priors were extracted.
0 1 2 3 4 50
0.05
0.1
0.15
0.2
0.25
0.3
0.35
0.4
0.45
Cs*
f Cs*(
Cs* )
K=5K=30K=100
Fig. 7. Pdf of the SC with side information over the existence of E =1 eavesdropper. The weights of the delta discontinuities at the origin (notdepicted here) are Pr(C∗
k∗ ≤ C∗j∗ ) = 0.17, 0.02, 0.01 for K = 5, 30, and
100, respectively.
where ⊗ denotes convolution and
Pr(C∗k∗ ≤ C∗
j∗) = Pr(gk∗ ≤ gj∗)
=
Z ∞
0
Z ∞
λf(K)K (λ)f
(E)E (µ)dµdλ.(32)
Proof : The derivation of (27) is straightforward based on thesubstraction of two independent random variables and passingthe output through a hard limiter. (32) is the consequence ofdefining p on a continuous support so that Pr(p = 0) = 0. �
Numerical evaluations of the pdf of the SC are depicted inFig. 7 for a single eavesdropper in networks of K = 5, 30, and100 destinations. With increasing cell size K, the probabilitymass concentrates to higher values of the SC C∗
s , reversingthe conclusions drawn in the section without side information.Furthermore, with K → ∞ the discontinuity of C∗
s at theorigin vanishes, i.e., Pr(C∗
k∗ ≤ C∗j∗) → 0, implying that
almost surely a positive SC can be established.In the case of non-cooperative eavesdroppers, the expected
value and the variance of the SC of the network with respectto a set E , E = |E| of eavesdroppers can be expressed asProposition 3 [Expected value and variance of the SC]:The average SC of a set of K non-colluding destinationswith respect to a distinct set of E non-colluding passiveeavesdroppers is given by
E [C∗s ] =
Z +∞
0
Z λ
0log
�1 + λpmax
1 + µpmax
�dF
(E)E (µ)dF
(K)K (λ),
(33)and
E�C∗s2�− E [C∗
s ]2
=
Z +∞
0
Z λ
0log2
�1 + λpmax
1 + µpmax
�× f
(K)K (λ)f
(E)E (µ)dµdλ− E [C∗
s ]2
(34)
respectively, with f (K)K (λ)dλ = dF
(K)K (λ) and f (E)
E (µ)dµ =
dF(E)E (µ).
7
100
101
102
0.5
1
1.5
2
2.5
K
Ave
rage
sec
recy
cap
acity
in b
its/s
ec/H
zAverage SC in the presence of one eavesdropper
p=0 dBp=3 dBp=6 dB
Fig. 8. Expected value of the SC with side information over the existenceof a single eavesdropper as a function of K.
100
101
102
0.4
0.5
0.6
0.7
0.8
0.9
1
1.1
1.2
1.3
K
Ave
rage
Sec
recy
cap
acity
in b
its/s
ec/H
z
Average SC in the Presence of 5 Eavesdroppers
p=0 dBp=3 dBp=6 dB
Fig. 9. Expected value of the SC with side information over the existenceof E = 5 eavesdroppers as a function of K.
Numerical evaluations of (33) are depicted in Figs. 8 and 9in the presence of E = 1 and E = 5 eavesdropping terminals,respectively. Notably, in the case of a single eavesdropper, theexpected value of the SC approaches substantial values as thecell size increases. This results from the substantial increase inthe probability of finding a destination with a higher SNR thanthe eavesdropper. This observation recalls the notion of multi-user diversity [33]. Furthermore, albeit the expected value ofthe SC decreases with increasing numbers of eavesdroppers,substantial secrecy rates are still attainable on average whenthe legitimate users outnumber the eavesdroppers, i.e., E ≪K.
Furthermore, numerical evaluations of (34) are depictedin Figs. 10 and 11 for E = 1 and E = 5 eavesdroppersrespectively. The ratio of the standard deviation to the expectedvalue monotonically decreases with increasing K, while thestandard deviation decreases with increasing E. For E = 1 andpmax = 0 dB, it ranges from approximately 1 for K = 2 to
100
101
102
0.5
0.6
0.7
0.8
0.9
1
1.1
1.2
1.3
K
Sta
ndar
d de
viat
ion
of th
e S
C in
bits
/sec
/Hz
p=0 dBp=3 dBp=6 dB
Fig. 10. Standard deviation of the SC with side information over the existenceof a single eavesdropper as a function of K.
100
101
102
0.4
0.45
0.5
0.55
0.6
0.65
0.7
0.75
K
Sta
ndar
d de
viat
ion
of th
e S
C in
bits
/sec
/Hz
p=0 dBp=3 dBp=6 dB
Fig. 11. Standard deviation of the SC with side information over the existenceof E = 5 eavesdroppers as a function of K.
approximately 0.38 for K = 100. This effect is the immediateconsequence of keeping the number of eavesdroppers constantwhile increasing K. Therefore, increasing the cell size in thepresence of a limited number of adversaries creates someroom for network planning and rate adaptation around theexpected value of the secrecy capacity. Relevant directions willbe discussed in the final section of this paper.
Finally, the probability of a secrecy outage can be derivedasProposition 4 [Secrecy outage probability]: In a set of Knon-colluding terminals, the probability of a positive SC withrespect to a distinct set of E non-colluding eavesdroppers isthe probability mass of f (K)(E)
K,E (gk∗ , gj∗) in the left of theplane gk∗ = gj∗ and is given by
Pr(C∗s > 0) = Pr(gk∗ > gj∗)
=
Z ∞
0
Z λ
0f(K)K (λ)f
(E)E (µ)dµdλ. (35)
8
100
101
102
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
K
Pro
babi
lity
of p
ositi
ve S
C
E=1E=5
Fig. 12. Probability of positive SC with side information over the existenceof E eavesdroppers as a function of K.
100
101
102
0
0.2
0.4
0.6
0.8
1
K
Sec
recy
Out
age
prob
abili
ty P
out
τ=0.1 bits/sec/Hzτ=0.5 bits/sec/Hzτ=1 bit/sec/Hzτ=1.5 bits/sec/Hz
Fig. 13. Secrecy outage probability with side information over the existenceof a single eavesdropper as a function of K.
The probability of a secrecy outage, with respect to a targetthreshold secrecy capacity value τ , is the probability mass off(K)(E)K,E (gk∗ , gj∗) in the left of the plane gj∗ = 1+gk∗pmax−2τ
2τpmax
and is given by
Pout = Pr(C∗s ≤ τ) = 1− Pr
�log
1 + gk∗pmax
1 + gj∗pmax> τ
�
= 1−Z ∞
0
Z 1+λpmax−2τ
2τ pmax
0f(K)K (λ)f
(E)E (µ)dλdµ.(36)
In Fig. 12 numerical evaluations of the probability ofpositive SC are depicted for E = 1 and E = 5 eavesdroppers.Increasing the cell size to K = 100 destinations invokes thatin the presence of a single eavesdropper a positive secrecycapacity can be established almost surely. Additionally, in Fig.13 the probability of a secrecy outage has been evaluatedin the case of E = 1 eavesdropper. It is noteworthy thata target secrecy rate of 0.5 bits/sec/Hz can be establishedapproximately 90% of the time for a cell size of K = 30
destinations; moderate perfectly secure rates are attainablewith high probability when E ≪ K.
B. Side Information over the Distribution of the Number ofEavesdroppers
Relaxing the requirement for obtaining side information onthe exact number of eavesdropping terminals, we now explorethe case where a probability mass function (pmf) over thenumber of eavesdroppers is available. We define the randomvariable ε of the number of eavesdropping terminals, i.e. fora specific realization εi of ε we have |E| = εi, with pmf
fE(ε) =Xi
Pr(εi)δ(ε− εi). (37)
Noting that ε, gk∗ and gj∗ are independent and that their jointpdf is concentrated on the discrete points εi, we can employthe results of the previous section and derive the pdf of theSC as follows:Theorem 3 [Pdf of the SC with side information over the dis-tribution of the number of eavesdroppers]: The pdf fC∗
s(C∗
s )of the SC C∗
s in a set of K non colluding destinations in thepresence of a distinct set of ε non colluding eavesdropperswith pmf fE(ε) can be expressed as
fC∗s(C∗
s ) = fC∗k∗ (C
∗s )⊗ fC∗
ei(−C∗
s )U(C∗s )
+ Pr(C∗k∗ ≤ C∗
ei)δ(C∗s ) (38)
where
C∗ei = log(1 + gj∗p) (39)
fC∗ei(λ) =
Xi
Pr(εi) ln(2)p−12λf (εi)εi
�(2λ − 1)p−1
�,(40)
Pr(C∗k∗ ≤ C∗
ei)
=Xi
Pr(εi)
Z ∞
0
Z ∞
λf(K)K (λ)f (εi)εi (µ)dµdλ.
(41)
We have so far demonstrated the importance of side in-formation in broadcast networks with multiple eavesdroppers.It has been shown that understanding the vulnerability ofthe wireless network to passive attacks can create opportu-nities for building perfectly secure systems with satisfactorydata rates for common commercial applications. However,given the extra effort devoted to enhancing the robustness ofthe network, it is only reasonable to assume that potentialeavesdroppers will on the other hand take countermeasuresto mitigate any advantages gained. In the next section weinvestigate such a scenario. A single eavesdropper tries toconfuse the BS in order to establish opportunities for listeningto secret conversations, i.e. the eavesdropper becomes active.
V. STOCHASTIC CHARACTERIZATION OF THE SC WITHSIDE INFORMATION IN THE PRESENCE OF AN ACTIVE
EAVESDROPPER
Next, we consider the scenario in which a single activeeavesdropper is registered in the network as a subscribed userand exchanges signaling messages with the BS. For simplicity,it is further assumed that the only objective of this malicious
9
user is to decode private messages of any legitimate user (thisscenario is a subcase of the Byzantine attack [34] [35]). Theinformation accumulated by the eavesdropper depends on thetransmission rate and its equivocation rate, with eavesdroppingreferring to overhearing other users’ data.
In this setting, the eavesdropper should intuitively adopt thefollowing strategy:
1) If it has the highest CSI during a given channel re-alization, i.e., gj∗ > gk∗ , then it can report a falseCSI gj∗ < gk∗ to the BS. If the BS does not identifythe forgery, it will transmit a private message x to alegitimate user k∗. In this case, the eavesdropper willbe able to at least partially decode x;
2) If the eavesdropper does not have the highest SNR, itmight not be able to eavesdrop. In this case, it canreport a higher false CSI gj∗ > gk∗ claiming networkresources from the BS. If the BS chooses to transmitto the eavesdropper, although no private information isleaked, the network resources are wasted as none of thelegitimate destinations receives any new information.
In such a setting, it would appear that the legitimate usersare completely unprotected against active attacks. Neverthe-less, at least in principle, deviations in reported CSIs couldbe bounded around the true value. For example, in the caseof a dense network primarily populated by legitimate users,the BS can employ statistical tests to isolate malicious nodes[36]. Bearing this in mind, we are interested in investigatingthe network’s resilience to active eavesdroppers. That is,eavesdroppers that can mislead the transmitter by introducingfalse information about their own CSI.
Let us assume the following: (i) the BS can potentiallytransmit only to the user with the highest reported CSI and(ii) the eavesdropper always reports a CSI gj∗ that deviatesfrom its true CSI gj∗ by a certain additive quantity ϵ, i.e.,gj∗ = gj∗ + ϵ. Given these assumptions, we define thefollowing function u : R+ ×R → R, with
u (p, ϵ) = log
�1 + gk∗p
1 + gj∗p
�1{gk∗>gj∗+ϵ},
= log
�1 + gk∗p
1 + gj∗p
�1{gk∗>gj∗}, (42)
where 1{·} denotes the indicator function. The BS should aimat the maximization of u(p, ϵ), while the eavesdropper at itsminimization.
Discussing the problem in more detail, we identify thefollowing cases:
1) When gk∗ > gj∗ and gk∗ > gj∗ , then u (p, ϵ) > 0. Thus,the strict positiveness of u is a necessary and sufficientcondition for guaranteeing perfect secrecy.
2) When u (p, ϵ) = 0, the BS either does not transmitat all or it transmits to the eavesdropper. In this case,no private messages are leaked. However, the networkefficiency is compromised.
3) When u (p, ϵ) < 0, the eavesdropper is able to partiallydecode the messages of a legitimate user.
In the following, we study the optimal behavior of theBS and the eavesdropper with respect to the function u, by
adopting the assumption of full CSI availability at both thetransmitter and eavesdropper. This serves only as a first theo-retical approximation to determine secrecy rate bounds underthe assumption of fully rational base station and eavesdropper.
A. BS Optimal Strategy
Given the action adopted by the eavesdropper, the optimalaction of the BS is to choose its transmit power to maximizethe function u in (42). That is, the best response of thetransmitter, denoted by BRB : R → {0, pmax}, is
BRB(ϵ) = arg maxp∈{0,pmax}
u (p, ϵ) . (43)
Thus, we write
BRB(ϵ) =
§pmax, if gk∗ > max(gj∗ , gj∗),0, otherwise. (44)
B. Eavesdropper Optimal Strategy
The choices of the eavesdropper consist of reporting aforged CSI gj∗ = gj∗ + ϵ, greater or lower than its trueCSI value gj∗ . Indeed, the optimal choice of ϵ ∈ R is theone that minimizes the function u given the choice on thetransmit power p ∈ {0, pmax} made by the BS. We define thebest response of the eavesdropper by BRe : {0, pmax} → R,where,
BRe(p) = argminϵ∈R
u (p, ϵ) . (45)
Thus, we write
BRe(p) =
§ϵ, if gk∗ > gj∗ ,ϵ, otherwise, (46)
where the additive errors e and e must satisfy the followingconditions to allow the eavesdropper to mislead the transmitter,
ϵ ∈ (|gk∗ − gj∗ | ,+∞) , (47)ϵ ∈ (−∞,− |gk∗ − gj∗ |) . (48)
We remark that according to the given formulation, for anyaction adopted by the BS, the eavesdropper has infinite choicesin ϵ. Observing (44) and (46), we conclude that the beststrategy for the BS as well as the eavesdropper depends oneach other’s actions. Thus, in the following, we use gametheoretic tools to investigate this competitive interaction.
C. Two Player Game Formulation
We model the competitive interaction between the BS andthe eavesdropper by the following one-shot two-player zerosum game:
G(gk∗ , gj∗) = {AB,Ae, u} . (49)
In the course of this game, both gk∗ and gj∗ are parametersthat are fixed and known to both players. The sets AB and Ae
contain the actions available to the BS and the eavesdropper:
AB = {0, pmax} , (50)Ae = {ϵ, ϵ} . (51)
10
For the sake of simplicity, we assume that both ϵ, and ϵ arefixed constants such that ϵ > 0 and ϵ < 0. That is, both setsAe and AB are finite.
The value of u does not depend on the exact value of theadditive error ϵ but only on its sign. When the actions p andϵ are played, the benefit of the transmitter is u (p, ϵ) whilethe benefit of the eavesdropper is −u (p, ϵ). To explore theoptimal strategies of the two players, we use the concept ofthe Nash equilibrium (NE), defined as follows:
Definition 1 (Nash Equilibrium): The strategy profile(p∗, ϵ∗) ∈ AB × Ae is a Nash equilibrium of the gameG(gk∗ , gj∗) if
p∗ ∈ BRB (ϵ∗) and ϵ∗ ∈ BRe (p∗) . (52)
Following Def. 1, we state the following lemma.Lemma 1 (Equilibria in G(gk∗ , gj∗)): Let (p∗, ϵ∗) ∈ AB×
Ae be a Nash equilibrium of the game G(gk∗ , gj∗), with ϵ > 0and ϵ < 0. Then,
• If gk∗ > gj∗ + ϵ, then (p∗, ϵ∗) ∈ {(pmax, ϵ), (pmax, ϵ)};• If gj∗ + ϵ > gk∗ > gj∗ , then (p∗, ϵ∗) ∈ {(pmax, ϵ)};• If gj∗ > gk∗ > gj∗ + ϵ, then (p∗, ϵ∗) ∈ {(0, ϵ)}; and• If gj∗ + ϵ > gk∗ , then (p∗, ϵ∗) ∈ AB ×Ae.
The proof of Lemma 1 follows immediately from Def. 1. Inparticular, Lemma 1 indicates that there always exists at leastone NE for the game G(gk∗ , gj∗), for all (gk∗ , gj∗) ∈ R2
+.Nonetheless, the equilibrium is not necessarily unique. Forinstance when gk∗ > gj∗ and condition (47) is not met, thereexist two NEs: (pmax, ϵ) and (pmax, ϵ). More interestingly, inthis case, u(pmax, ϵ) = u(pmax, ϵ) = log( 1+gk∗
1+gj∗) > 0. That
is, independently of its forgery, the eavesdropper can neitherbe allocated the channel nor eavesdrop the communication.Hence, transmitting secret information to the receiver withthe highest channel gain, independently of the action of theeavesdropper, is always a NE.
In contrast, when gk∗ > gj∗ and condition (47) is met,there exists a unique NE: (pmax, ϵ) and u(pmax, ϵ) = 0. Inthis case, the transmitter decides to transmit but it chooses theeavesdropper as the destination as it appears as the receiverwith the highest channel gain. No leak of secret informationoccurs. Albeit, the eavesdropper introduces a delay in thecommunication of the transmitter with one of the legitimatereceivers.
On the contrary, when gk∗ < gj∗ and condition (48) is notmet, there exist four NEs. Basically, any possible combinationof actions is an NE and more interestingly u(pmax, ϵ) = 0for all (pmax, ϵ) ∈ AB × Ae. This is due to the fact that thetransmitter, if it transmits, always chooses the eavesdropperas the destination, and thus, no secret information is leaked.However, none of the legitimate receivers is able to receivesecret information. On the contrary, when condition (48) ismet, there exists only one NE: (0, ϵ) and u(0, ϵ) = 0. Here,the transmitter remains silent and no information is transmittedto any of the destinations.
Thus, when conditions (47) and (48) are met the transmitteris unable to convey secret messages to the legitimate desti-nations at the NE. However, no leak of secret informationoccurs either. This implies that when an eavesdropper is able
to properly set its additive error term ϵ, it cannot eavesdropsecret messages but it can introduce an infinitely long delayin the network before a legitimate destination receives a secretmessage.
On the contrary, when the eavesdropper is unable to setup its error terms ϵ following both (47) and (48), then thetransmitter is able to convey secret messages to the legitimatereceivers as long as gk∗ > gj∗ .
We describe the average secrecy rate (SR) at the NE in thefollowing proposition.Proposition 5 [Expected value of the SR with one activeeavesdropper]: In the game G(gk∗ , gj∗) with K legitimateusers and a single active eavesdropper, when the conditions(47) and (48) are not satisfied, the average secrecy rate at theNE is
E [Rs(ϵ)] =Z +∞
0
Z λ− ϵpmax
0log
�1 + λpmax
1 + µpmax
�dF (µ)dF
(K)K (λ).
(53)
Otherwise, when both conditions (47) and (48) are true,
E [Rs(ϵ)] = 0. (54)
From Prop. 5, it can be inferred that when conditions (47)and (48) are not met the respective loss in the achievableaverage secrecy rate as a function of ϵ is
∆Rs(ϵ) = E [C∗s ]− E [Rs]
=
Z +∞
0
Z λ
λ− ϵpmax
+log
�1 + λpmax
1 + µpmax
�dF (µ)dF
(K)K (λ).
(55)
The result in (55) shows that the larger ϵ in the interval (47),the more significant the reduction of the secrecy rate is withrespect to the case of a passive eavesdropper.
Another interesting point is that
limϵ→∞
E [Rs(ϵ)] = 0, (56)
which implies that if the eavesdropper can choose ϵ arbitrarilylarge, it can fully block the transmission of secret messagesin the system. Nonetheless, an unreasonably large difference|gk∗ − gj∗ | could be used as an indicator of the existence ofmalicious behavior and serve as a tool for the identification ofactive eavesdroppers, e.g. [37], [38].
VI. STOCHASTIC CHARACTERIZATION OF THE SC WITHSIDE INFORMATION IN THE HIGH SNR REGIME
Interestingly, in the high SNR regime, for finite ϵ <∞, thesystem becomes robust to active attacks, since
C∗sH = lim
pmax→∞Rs(ϵ) = lim
pmax→∞C∗s =
�log
�gk∗gj∗
��+.(57)
This implies that in the high SNR regime, the SC of the systemis independent of whether the eavesdropper is active or passive.
11
100
101
102
1.4
1.6
1.8
2
2.2
2.4
2.6
2.8
3
3.2
K
Ave
rage
sec
recy
cap
acity
in b
its/s
ec/H
z
Fig. 14. Expected value of the SC in the high SNR regime in the presenceof one active or passive eavesdropper as a function of K.
Theorem 4 [Pdf of the SC in the High SNR]: In the high SNRregime, the pdf fC∗
sH(C∗
sH) of the SC C∗sH in a set of K non-
colluding destinations in the presence of a single passive oractive eavesdropper can be expressed as
fC∗sH
(C∗sH) = fC∗
kH∗ (C∗sH)⊗ fC∗
jH(−C∗
sH)U(C∗sH)
+ Pr(C∗k∗ ≤ C∗
j∗)δ(C∗sH) (58)
where
C∗kH∗ = log(gk∗), (59)C∗jH∗ = log(gj∗), (60)
fC∗kH∗ (λ) = ln(2)2λf
(K)K (2λ), (61)
fC∗jH∗ (λ) = ln(2)2λf(2λ). (62)
Proposition 6 [Expected value and variance of the SC in thehigh SNR]: In the high SNR regime, the expected value andthe variance of the SC in a set of K non-colluding destinationsin the presence of a single active or passive eavesdropper aregiven, respectively, by
E [CsH∗] =
Z +∞
0
Z λ
0log
�λµ
�dF (µ)dF
(K)K (λ) (63)
and
E�CsH
∗2�− E [CsH
∗]2
=
Z +∞
0
Z λ
0log2
�λµ
�dF (µ)
× dF(K)K (λ)− E [CsH
∗]2. (64)
Numerical evaluations of the expected value and the stan-dard deviation of the SC in the high SNR regime are depictedin Fig. 14 and Fig. 15, respectively. It is clear that in suchscenarios opportunities of perfectly secure transmission canbe substantiated.
Finally, we have the followingProposition 7 [Secrecy outage probability]: The secrecy out-age probability with respect to a threshold SC τ is evaluated
100
101
102
1.72
1.74
1.76
1.78
1.8
1.82
1.84
1.86
1.88
1.9
K
Sta
ndar
d de
viat
ion
of th
e S
C in
bits
/sec
/Hz
Fig. 15. Standard deviation of the SC in the high SNR regime in the presenceof one active or passive eavesdropper as a function of K.
100
101
102
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
K
Sec
recy
Out
age
prob
abili
ty P
out in
the
high
SN
R r
egim
e
τ=0.1 bits/sec/Hzτ=0.5 bits/sec/Hzτ=1 bit/sec/Hzτ=1.5 bits/sec/Hz
Fig. 16. Probability of a secrecy outage with respect to a target thresholdSC value in the high SNR regime in the presence of one active or passiveeavesdropper as a function of K.
as the probability mass of fC∗sH
(C∗sH) in the left of the plane
gj∗ = gk∗2τ ,
Pr(C∗sH < τ) = 1−
Z ∞
0
Z λ2τ
0f(K)K (λ)f(µ)dµdλ.(65)
The secrecy outage probability is depicted in Fig. 16. Notably,it is demonstrated that for a medium cell size of K = 30destinations in the presence of a single active or passive eaves-dropper, a perfectly secure transmission rate of 0.5 bits/sec/Hzis attainable more than 93% of the time.
VII. HEURISTIC TRANSMISSION STRATEGIES IN THEHIGH SNR REGIME
In the following, we compare two heuristic transmission ap-proaches. A systematic investigation of possible transmissionstrategies is a subject for planned future research. The presentsection serves as an example of how the results presented
12
in this paper can be employed towards making informeddecisions regarding the allocation of resources, parametricallyto the network layout.
In the first approach, the BS always transmits at the destina-tion with the highest reported CSI at a constant rate Rc equalto the expected value of the SC minus the standard deviation,i.e.,
Rc = E [C∗sH ]−
qE�C∗2sH
�− E [C∗
sH ]2. (66)
In the second approach, the BS adopts an on/off approachbased on a comparison of the highest reported channel gain tothe expected value of the K-th order statistic of the channelgains; the BS chooses not to transmit if the former is lowerthan the latter. In the opposite case it transmits at a rateRv equal to expected value of the SC minus the standarddeviation, i.e.,
Rv =
(E [C∗
sH ]−qE�C∗2sH
�− E [C∗
sH ]2, gk∗ ≥ E [gk∗ ] ,
0, otherwise.(67)
In the following we evaluate the information leaked in thetwo heuristic strategies. In both cases it is assumed that theBS employs encoding schemes that ensure perfect secrecy aslong as the transmission rate is smaller than the SC.
A. Constant Rate TransmissionFor the constant rate transmission approach, information is
leaked to the eavesdropper during those transmission intervalsfor which Rc ≥ C∗
sH . The probability of this event is evaluatedas
Pc = Pr(Rc ≥ C∗sH) = Pr(gk∗ ≤ 2Rc gj∗)
=
Z ∞
0
Z 2Rc gj∗
0dF
(K)K (gk∗)dF (gj∗). (68)
Therefore, in N transmission intervals, assuming N is suffi-ciently large, the expected value of the information leaked,denoted by Ic(N), in ergodic channel conditions, can beexpressed as
Ic(N) = NPc
�E [C∗
sH ]−qE�C∗2sH
�− E [C∗
sH ]2�. (69)
B. Variable Rate TransmissionIn the case of variable rate transmission, information is
leaked when gk∗ ≥ E [gk∗ ] and Rv ≥ C∗sH . These two events
are independent and as a result, information is leaked whenE [gk∗ ] ≤ gk∗ ≤ 2Rv gj∗ . Therefore, information is leakedwith probability Pv, evaluated as
Pv = Pr(E [gk∗ ] ≤ gk∗ ≤ 2Rv gj∗)
=
Z ∞
0
Z 2Rv gj∗
E [gk∗ ]dF
(K)K (gk∗)dF (gj∗). (70)
Clearly, Pv ≤ Pc. The expected value of the informationleaked, denoted by Iv(N), in N transmission intervals, as-suming N is sufficiently large and the channel is ergodic, canbe expressed as
Iv(N) = NPv
�E [C∗
sH ]−qE�C∗2sH
�− E [C∗
sH ]2�. (71)
101
0
0.02
0.04
0.06
0.08
0.1
0.12
0.14
K
Rat
e of
info
rmat
ion
leak
ed in
bits
/sec
Ic/N
Iv/N
Fig. 17. Rate of information leaked for the constant rate and variable ratetransmission approaches in the high SNR regime in the presence of one activeor passive eavesdropper as a function of K.
In the constant rate approach, information is leaked witha higher probability than in the variable rate approach. InFig. 17 we depict numerical evaluations of the rate of in-formation leaked per transmission interval, i.e. Ic/N andIv/N , respectively. Interestingly, as the cell size increases, therate of information leaked is the same for both transmissionapproaches, indicating that with increasing K, the K-th orderstatistic of the channel gains is with a high probability closeto its expected value.
VIII. CONCLUSIONS
In this paper, we have presented an extensive set of resultsregarding the stochastic characterization of SCs in wirelessmultiuser networks. In our setting, a management unit wishesto transmit secret messages to a set of destinations. It hasbeen demonstrated that in a purely antagonistic scenarioand in absence of any information about the existence ofpotential eavesdroppers, such an endeavor could be seriouslycompromised. Nevertheless, if quantitative side information isavailable regarding the cardinality of the set of passive eaves-droppers, substantial secrecy rates are attainable on average.Indeed, the achievable secrecy rates increase with the ratiobetween the number of legitimate users and the number ofeavesdroppers.
Furthermore, the effect of an active eavesdropper has beensystematically evaluated through the use of game theoretictools. Here, the difference between an active and a passiveeavesdropper is captured in behavioral aspects. The former,interacts with the BS providing false feedback, for instance,false CSI. We have formulated the competitive interactionbetween the BS and the active eavesdropper as an one-shotzero-sum game and evaluated upper bounds for the achievableaverage secrecy rates. Our analysis suggests that in orderto minimize the loss incurred by such attacks, extra sideinformation is required.
Notably, we have found that in the high SNR regime,the network is insensitive to the passiveness or activeness of
13
the attack. It has been demonstrated that in such scenarios,moderate perfectly secure rates are achievable with a very highprobability in medium size networks. Finally, the results pre-sented in this paper can serve as the basis for the comparisonof practical transmission strategies with respect to the cell size.
REFERENCES
[1] C. Shannon, “A mathematical theory of cryptography,” Bell SystemTechnical J., vol. 28, p. 656715, Oct. 1949.
[2] B. Schneier, Applied Cryptography: Protocols, Algorithms, and SourceCode in C, 2nd ed. John Wiley and Sons, Inc., 1996.
[3] Y. Liang, H. V. Poor, and S. Shamai, Information Theoretic Security.Hanover, MA: Now Publishers, 2009.
[4] R. Liu and W. Trappe, Securing Wireless Communications at thePhysical Layer. New York, NY: Springer, 2010.
[5] M. Bloch and J. Barros, Physical-Layer Security: From InformationTheory to Security Engineering. Cambridge, UK: Cambridge UniversityPress.
[6] H. V. Poor, “Information and inference in the wireless physical layer,”IEEE Wireless Communications Magazine, vol. 1, no. 19, pp. 40–47,Feb. 2012, invited article.
[7] A. D. Wyner, “The wire-tap channel,” Bell Syst. Techn. J., vol. 54, no. 8,pp. 1385–1357, Oct. 1975.
[8] I. Csiszar and J. Korner, “Broadcast channels with confidential mes-sages,” IEEE Trans. Information Theory, vol. 24, no. 3, pp. 339–348,May 1978.
[9] S. K. Leung-Yan-Cheong and M. E. Hellman, “The Gaussian wire-tapchannel,” IEEE Trans. Information Theory, vol. 24, no. 4, pp. 451–456,Jul. 1978.
[10] M. Bloch, J. Barros, M. R. D. Rodrigues, and S. W. McLaughlin, “Wire-less information-theoretic security,” IEEE Trans. Information Theory,vol. 54, no. 6, pp. 2515–2534, Jun. 2008.
[11] P. K. Gopala, L. Lai, and H. El Gamal, “On the secrecy capacity offading channels,” IEEE Trans. Information Theory, vol. 54, no. 10, pp.4687–5403, Oct. 2008.
[12] Y. Liang, H. V. Poor, and S. Shamai, “Secure communication over fadingchannels,” IEEE Transactions on Information Theory, vol. 6, no. 54, pp.2470–2492, Jun. 2008.
[13] S. Shafiee and S. Ulukus, “Towards the secrecy capacity of the GaussianMIMO wire-tap channel: the 2-2-1 channel,” IEEE Trans. InformationTheory, vol. 55, no. 9, p. 4033 4039, Sep. 2009.
[14] A. Khisti and G. W. Wornell, “Secure transmission with multiple anten-nas - part I: The MISOME wiretap channel,” IEEE Trans. InformationTheory, vol. 56, no. 7, pp. 3088– 3104, Jul. 2010.
[15] ——, “Secure transmission with multiple antennas - part II: TheMIMOME wiretap channel,” IEEE Trans. Information Theory, vol. 56,no. 11, pp. 5515– 5532, Nov. 2010.
[16] S. Gerbracht, C. Scheunert, and E. Jorswieck, “Secrecy outage in MISOsystems with partial channel information,” IEEE Trans. on InformationForensics and Security, vol. 7, no. 2, p. 704 716, Apr. 2012.
[17] D. Lun, Z. Han, A. P. Petropulu, and H. V. Poor, “Improving wirelessphysical layer security via cooperating relays,” IEEE Trans. SignalProcessing, vol. 58, no. 3, part 2, pp. 1845–1888, Mar. 2010.
[18] R. Zhang, L. Song, Z. Han, and B. J. M. Debbah, “Physical layer securityfor two way relay communications with friendly jammers,” in Proc. ofIEEE Global Communications Conf., Miami, USA, 6-10 Dec. 2010, pp.1–6.
[19] J. Huang, A. Mukherjee, and A. L. Swindlehurst, “Secrecy analysis ofunauthenticated amplify-and-forward relaying with antenna selection,”in Proc. IEEE International Conference on Acoustics, Speech and SignalProcessing (ICASSP), 2012, pp. 2481 – 2484.
[20] X. Tang, R. Liu, P. Spasojevic, and H.V. Poor, “Interference assistedsecret communication,” IEEE Trans. Information Theory, vol. 57, no. 5,pp. 3153–3167, May 2011.
[21] A. Chorti and H. V. Poor, “Achievable secrecy rates in physical layersecure systems with a helping interferer,” in Proc. IEEE Int. Conferenceon Computing, Networking and Communications, 2012, pp. 18–22.
[22] J. Chen, R. Zhang, L. Song, Z. Han, and B. Jiao, “Joint relay and jammerselection for secure two-way relay networks,” IEEE Transactions onInformation Forensics and Security, vol. 7, no. 1, pp. 388–396, Feb.2012.
[23] A. Khisti, A. Tchamkerten, and G. Wornell, “Secure broadcasting withmultiuser diversity,” in Allerton 2006, 2006.
[24] J. Hyoungsuk, K. Namshik, C. Jinho, L. Hyuckjae, and H. Jeongseok,“On multiuser secrecy rate in flat fading channel,” in Proc. IEEE MilitaryCommunications Conference (MILCOM), Boston, MA, Oct. 2009.
[25] M. Z. I. Sarkar and T. Ratnarajah, “Secure communications throughRayleigh fading SIMO channel with multiple eavesdroppers,” in Proc.IEEE International Conference on Communications (ICC), Cape Town,South Africa, May 2010.
[26] Z. Han, N. Marina, M. Debbah, and A. Hjorungnes, “Physical layersecurity game: Interaction between source, eavesdropper and friendlyjammer,” EURASIP Journal on Wireless Communications and Network-ing, Jun. 2009, special issue on Wireless Physical Layer Security.
[27] O. Koyluoglu, H. El Gamal, L. Lai, and H. V. Poor, “Interferencealignment for secrecy,” IEEE Transactions on Information Theory,vol. 57, no. 6, pp. 3323–3332, Jun. 2011.
[28] Q. Li and W. Ma, “Optimal and robust transmit designs for MISOchannel secrecy by semidefinite programming,” IEEE TransactionsSignal Processing, vol. 59, no. 8, pp. 3799–3812, Aug. 2011.
[29] M. Z. I. Sarkar and T. Ratnarajah, “Secure communication throughNakagami-m fading MISO channel,” in Proc. IEEE International Con-ference on Communications (ICC), Kyoto, Japan, Jun. 2011.
[30] A. El Gamal and Y.-H. Kim, Network Information Theory. Cambridge,UK: Cambridge University Press, 2011.
[31] H.-C. Yang and M.-S. Alouini, Diversity, Adaptation and Sceduling inMIMO and OFDM Systems. Cambridge University Press, 2011.
[32] A. Papoulis and S. U. Pillai, Probability, Random Variables and Stochas-tic Processes. New York, NY: McGraw-Hill Higer Education, 2002,4th edition.
[33] R. Knopp and P. A. Humblet, “Information capacity and power controlin single-cell multiuser communications,” in Proc. IEEE InternationalConference on Communications (ICC), vol. 1, Seattle, USA, Jun. 1995,pp. 331–335 vol.1.
[34] R. S. L. Lamport and M. Pease, “The byzantine generals problem,” ACMTrans. Programming Languages Syst., vol. 4, no. 3, p. 382401, Jul. 1982.
[35] V. M. S. Marano and L. Tong, “Distributed detection in the presenceof Byzantine attack,” IEEE Trans. Signal Process., vol. 57, no. 1, pp.16–29, Jan. 2009.
[36] A. L. Toledo and X. Wang, “Robust detection of selfish misbehavior inwireless networks,” IEEE J. Selected Areas in Communications, vol. 25,no. 6, pp. 1124–1134, Aug. 2007.
[37] A. Algans, K. I. Pedersen, and P. E. Mogensen, “Experimental analysisof the joint statistical properties of azimuth spread, delay spread, andshadow fading,” IEEE Journal on Selected Areas in Communications,vol. 20, no. 3, pp. 523–531, Apr. 2002.
[38] L. Woongsup and C. Dong-Ho, “A new neighbor discovery schemebased on spatial correlation of wireless channel,” in Proc. IEEE Ve-hicular Technology Conference (VTC-Spring), Barcelona, Spain, Apr.2009.
