â Electrical Engineering Dept., University of Texas at Dallas, USA. âSchool of ... mate source node (Alice), one legitimate half-duplex relay node, and one ...
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/LWC.2016.2569526, IEEE Wireless Communications Letters 1
Enhancing the PHY-Layer Security of MIMO Buffer-Aided Relay Networks Ahmed El Shafie†, Dusit Niyato⋆ , Naofal Al-Dhahir† †
⋆
Electrical Engineering Dept., University of Texas at Dallas, USA. School of Computer Engineering, Nanyang Technological University (NTU), Singapore.
Abstract—We investigate the physical-layer security of a buffer-aided multiple-input multiple-output relay channel. The wireless network under investigation is composed of one legitimate source node (Alice), one legitimate half-duplex relay node, and one legitimate destination node (Bob). Alice communicates with both the relay and Bob in the presence of a potential passive multi-antenna eavesdropper (Eve). Without knowing the instantaneous eavesdropper’s channel state information at the legitimate nodes, we propose a precoded artificial-noise injection scheme to enhance the security of the legitimate transmissions. The relay is equipped with a finite buffer to store the unsuccessfully decoded packets at Bob. We analyze the Markov chain of the relay’s queue and derive its steady-state distributions. Our optimization problem is formulated such that the average end-to-end secure throughput is maximized under the secrecy outage probability constraint on the Alice-Relay link. Our numerical results demonstrate that our proposed buffer-aided relaying scheme achieves a significant improvement in the secure throughput compared with the conventional bufferless relaying scheme, where the time slot is divided equally between the source and the relay for their data transmissions. Index Terms—Artificial noise, buffer, relay, security.
I. I NTRODUCTION Information-theoretic security was first investigated in the seminal work of Wyner in [1] and is now well-known as the physical (PHY) layer security paradigm. The use of artificial noise (AN) to confuse a potential eavesdropper was proposed in [2]. AN precoding systems assume that the eavesdropper (Eve) is passive, and that the channel state information (CSI) of the eavesdropper is unknown to the legitimate nodes. The authors of [3] considered the multiple-input multiple-output multiple antenna Eve (MIMOME) relay channel. Both the source node (Alice) and her destination node (Bob) cooperate in jamming Eve. However, the authors assumed the special case of no direct link between Alice and Bob and adopted the assumption that Bob helps in jamming Eve. Unlike [3], we investigate the availability of a buffer at the relay node and assume direct links between nodes. In [4], the authors investigated the PHY-layer security of a buffer-aided relay system. The authors proposed a link selection scheme that adapts the time slot assignment to the source and relay nodes based on channel quality. Two suboptimal node selection schemes were proposed to simplify the system analysis. The authors in [4] assumed that there
is no direct link between Alice and both Bob and Eve, which simplifies the system analysis and presents an upper bound on the achievable secrecy rates since the first-hop is assumed to be completely secured from eavesdropping. 1) Contributions: In this letter, we leverage the potential advantages of the legitimate links’ CSI, the presence of direct links between each node pair, and the buffer state information (BSI) of the relay’s data buffer to further enhance the PHYlayer security of the system studied in [4]. In addition, we consider the general case of multi-antenna nodes. The contributions of this letter are summarized as follows. • We design a secure precoded-AN-aided access scheme. Based on the system CSI and BSI, either the relay or Alice is selected for data transmissions. We assume a packetized system where the data is transmitted as fixedsize packets. • Unlike [3], [4], we assume the presence of a direct link between Alice and Bob. Moreover, unlike [4], we consider the impact of a direct link between Alice and Eve. • Unlike [4], we assume that all nodes are equipped with multiple antennas and the relay is equipped with a finite buffer. We analyze the relay’s Markov chain (MC) and derive the queue steady-state distributions. 2) Notation: Unless otherwise stated, lower and upper case bold letters denote vectors and matrices, respectively. The matrix IN denotes the identity matrix whose size is N × N . CM×N denotes the set of all complex matrices of size M ×N . (·)∗ denotes Hermitian (i.e. complex-conjugate transpose) operation. The function min{·, ·} (max{·, ·}) returns the minimum (maximum) among the values enclosed. 0 denotes the all-zero matrix/vector and its size is understood from the context. II. S YSTEM M ODEL AND M AIN A SSUMPTIONS We consider a wireless network composed of one source node (Alice), one eavesdropping node (Eve), one half-duplex relay node, and one destination node (Bob). All nodes are assumed to be equipped with multiple antennas. The number of antennas at Alice, Eve, the relay, and Bob are denoted by NA , NE , NR , and NB , respectively. Time is partitioned into equal-length slots. Alice is assumed to be always backlogged with data to transmit. A. Relay’s Model
This paper was made possible by NPRP grant number 6-149-2-058 from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors.
We assume the relay to be a half-duplex node as in, e.g., [5] and the references therein. This is a practical assumption
2162-2337 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/LWC.2016.2569526, IEEE Wireless Communications Letters 2
since the implementations of full-duplex schemes are typically costly due to their stringent self-interference cancellation requirements. To increase the ambiguity at Eve, we assume that Alice and the relay use different codebooks [6].1 The relay decodes and stores the unsuccessfully decoded Alice’s packets at Bob. The packets are stored in a finite buffer, denoted by QR , whose maximum size is Qmax < ∞ packets. B. Channel Model Each link exhibits a flat block-fading channel where the channel coefficient is assumed to be fixed during one time slot duration. It is assumed that the channel of the link connecting Antenna nk (k ∈ {1, 2, . . . , Nn }) at Node n and Antenna mℓ (ℓ ∈ {1, 2, . . . , Nm }) at Node m, denoted by hnk ,mℓ 2 , is independent and identically distributed (i.i.d.) from one slot time to another with zero mean and variance 2 σn,m . Furthermore, the channels are spatially independent. The channel matrix between Node n ∈ {A, B, R} and Node m ∈ {A, B, R, E} is Hn,m , where ‘A’, ‘B’, ‘E’, and ‘R’ denote Alice, Bob, Eve, and the relay, respectively. We assume that Eve knows all the channel coefficients of all links as in, e.g., [7].3 The thermal noise at the receiving node m is modeled as additive white Gaussian noise (AWGN) with zero mean and variance κm Watts/Hz. We assume that each legitimate node knows perfectly the channels connecting itself with the intended receiver (e.g. Bob or the relay) in a given time slot, but it does not know Eve’s CSI. Since the legitimate links’ CSI is known at the legitimate transmitters, they know when exactly to transmit the data to mitigate channel outages.4 We assume fixed-power transmissions as in [4]. The transmit power of Node n is Pn Watts, n ∈ {A, B, R}. Moreover, we assume fixed-length packets transmissions, where the legitimate transmitters (i.e. Alice or the relay) wish to securely transmit a packet of size Bs over one time slot duration (T seconds) and channel bandwidth of W Hz. The secrecy transmission rate of a packet transmission is Rs = Bs /(T W ) bits/sec/Hz. III. P ROPOSED AN-A IDED S ECURE S CHEME We assume that based on the CSI of the links and BSI of the relay’s queue, either Alice or the relay is selected for data transmission. To increase the probability of secure transmission (i.e. decrease Eve’s decoding ability), we assume a precoded AN transmission by the relay node when Alice transmits to Bob, by Alice when the relay transmits to Bob, or by Bob when Alice transmits to the relay. The AN vector is assumed to be canceled at the desired receiver. Hence, Eve (the undesired receiver) will suffer from AN transmitted by the legitimate nodes. Letting Ri,j denote the data rate of the i−j link, the secrecy rate of the i−j link in the presence of a potential eavesdropper + + k is Rsec = max{·, 0}. The i,j = (Ri,j − Ri,k ) , where (·) 1 This
relaying scheme is known as the randomize-and-forward relaying [6]. simplify the notation, we omit the time index from the variables. 3 Eve perfectly knows the data and AN precoders of all nodes in the network. This assumption represents the best-case scenario for Eve and enables her to eavesdrop the transmissions of the legitimate nodes. 4 Channel outage is different from secrecy outage. The former occurs when the data link rate is lower than the transmission rate, whereas the latter occurs when the secrecy rate is lower than the secrecy transmission rate. 2 To
expression of Rsec i,j implies that the increase of Ri,j boosts the secrecy rate. Since the legitimate nodes do not know Eve’s CSI (and hence Ri,k is unknown), we design the system such that a link is selected when Ri,j ≥ αi,j , where αi,j is an adjustable threshold. Otherwise, the communication link is not used for data transmission. Our proposed AN-aided scheme is summarized as follows. • If RA,B ≥ αA,B , Alice transmits a packet to Bob and the relay transmits an AN vector to confuse Eve. • If RA,B < αA,B , RR,B < αR,B , RA,R ≥ αA,R , and QR < Qmax , Alice transmits a packet to the relay using the appropriate data precoding matrix, as will be discussed in Section IV, the relay receives Alice’s data, and Bob transmits an AN vector to confuse Eve. • If RA,B < αA,B , RR,B < αR,B , RA,R ≥ αA,R , and QR = Qmax , all nodes remain idle. • If RA,B < αA,B , RR,B ≥ αR,B , RA,R ≥ αA,R , and QR < Qmax , Alice transmits a packet to the relay using the appropriate precoder matrix with probability γ or the relay transmits a packet to Bob with probability γ = 1−γ when QR > 0. We optimize γ to enhance the achievable secrecy throughput. If QR = 0, Alice transmits with probability 1. If Alice is the transmitting node, the relay receives Alice’s data and Bob transmits an AN vector. If the relay is the transmitting node, Alice transmits an AN vector to confuse Eve. • If RA,B < αA,B , RR,B ≥ αR,B , RA,R ≥ αA,R , and QR = Qmax , the relay transmits a packet to Bob with probability 1 since there is no way for the relay to accept a new packet, and Alice helps in confusing Eve. • If RA,B < αA,B , RR,B < αR,B , and RA,R < αA,R , all nodes remain idle. IV. AN-P RECODING M ATRICES AND N ODE R ATES In this section, we design the data and AN precoding matrices. The AN precoders are designed such that the AN vectors are completely canceled at the legitimate receiving node (i.e. the relay or Bob). In the following, we investigate the signal models and node rates under the cases discussed in our proposed jamming scheme in Section III. 1) Alice Transmits Data to Bob: In a given time slot, the received signal vector at Bob is given by J yB = HA,B PD A,B xA +HR,B PR,B zR +nB ,
(1)
where yB ∈ CNB ×1 is the received vector at Bob, nB ∈ CNB ×1 is the AWGN vector at Bob, xA ∈ Cmin{NA ,NB }×1 is the data vector transmitted from Alice to Bob, PD A,B ∈ CNA ×min{NA ,NB } is the data precoder matrix at Alice, zR is the AN vector transmitted by the relay node, and PJR,B ∈ CNR ×(NR −min{NA ,NB }) is the AN precoder matrix at the relay node. To maximize the signal-to-noise ratio (SNR) at legitimate receiving node m, transmitter node n uses the singular value decomposition (SVD) of the channel matrix Hn,m to design its ∗ transmit precoder. Let Hn,m = Un,m Σn,m Vn,m , where the columns of Un,m are the left singular vectors of Hn,m , Σn,m is the singular values diagonal matrix, and the columns of Vn,m are the right singular vectors of Hn,m . Hence, the data
2162-2337 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/LWC.2016.2569526, IEEE Wireless Communications Letters 3
PD n,m
is the Nn,m = min{Nn , Nm } columns precoder matrix of Vn,m corresponding to the largest non-zero singular values, and the receive filter Cn,m is the Nn,m columns of Un,m corresponding to the largest non-zero singular values. For MIMO systems with equal power allocation, the covariance matrix of the data vector is pD n,m INn,m = (Pn /Nn,m )INn,m . A cooperative jamming node ℓ must transmit the AN vector such that its interference is zero at the legitimate receiver m. Hence, the AN cancellation condition is given by C∗n,m Hℓ,m PJℓ,m = 0,
(2)
where PJℓ,m is the AN precoder matrix at Node ℓ. Since C∗n,m Hℓ,m is min{Nn , Nm } × Nℓ , the null space exists if Nℓ > min{Nn , Nm }. If Nℓ ≤ min{Nn , Nm }, the cooperative jamming node ℓ remains idle since (2) cannot be satisfied. Since Eve’s CSI is unknown at the legitimate nodes, the cooperative jamming nodes combine the basis vectors of the null space of C∗n,m Hℓ,m randomly using complex Gaussian symbols with equal power. Hence, the AN symbol power is Pℓ , where Nℓ − min{Nn , Nm } is the pJℓ,m = Nℓ −min{N n ,Nm } number of basis vectors in the null space of C∗n,m Hℓ,m . The achievable rate at Bob is thus given by ! �∗ pD A,B D D RA,B = log2 det INB + HA,B PA,B HA,B PA,B . κB W (3) On the other hand, the received signal vector at Eve is J yE = HA,E PD A,B xA + HR,E PR,B zR + nE ,
(4)
where nE ∈ CNE ×1 is the AWGN vector at Eve. The achievable rate at Eve is thus given by � �∗ −1� D D RA,E = log2 det INE +pD H P H P RE , A,E A,B A,B A,E A,B (5) � ∗ where RE = κE W INE + pJR,B HR,E PJR,B HR,E PJR,B . 2) Alice Transmits Data to the Relay: In a similar fashion, when the relay node is selected for data reception, the achievable rate at the relay is ! pD �∗ A,R D D RA,R = log2 det INR + . HA,R PA,R HA,R PA,R κR W (6) The achievable rate at Eve is given by � �∗ −1� D D ˆ R H P RA,E = log2 det INE +pD H P A,E A,E A,R A,R A,R E , (7) � � � ∗ J ˆ E = κE W INE + pJ HB,E PJ . H P where R B,E B,R B,R B,R 3) Relay Transmits Data to Bob: When the relay is the transmitting node, we assume that Alice transmits an AN vector to confuse Eve. The achievable rate at Bob is ! �∗ pD R,B D D . HR,B PR,B HR,B PR,B RR,B = log2 det INB + κB W (8) The achievable rate at Eve is thus given by
� �∗ −1� D D ˜ RR,E = log2 det INE +pD R R HR,E PR,B HR,E PR,B E , (9) � ∗ J ˜ E = κE W INE + pJ HA,E PJ where R A,B A,B HA,E PA,B .
V. R ELAY Q UEUE MC AND P ROBLEM F ORMULATION A. Relay Queue MC Since the relay node is half-duplex, its state can either remain unchanged, increase by one data packet, or decrease by one data packet in a given time slot. Consequently, the MC of the relay’s queue can be modeled as a birth-death process. When the relay’s queue is nonempty and {RA,B < αA,B , RA,R ≥ αA,R }, the probability of a packet arrival at the relay’s queue is γ when {RR,B ≥ αR,B } and with probability 1 when {RR,B < αR,B }. If the relay’s queue is empty and {RA,B < αA,B , RA,R ≥ αA,R }, the relay receives the packet with probability 1. Hence, the probability that the queue moves one state up is given by aν = γ Pr{RA,B < αA,B , RA,R ≥ αA,R , RR,B ≥ αR,B } + Pr{RA,B < αA,B , RA,R ≥ αA,R , RR,B < αR,B }, a0 = Pr{RA,B < αA,B , RA,R ≥ αA,R },
(10)
where 0 < ν < Qmax . Similarly, from the description of our proposed scheme in Section III, the probability that the relay’s queue moves one state down is given by bν = γ Pr{RA,B < αA,B , RA,R ≥ αA,R , RR,B ≥ αR,B } +Pr{RA,B < αA,B , RA,R < αA,R , RR,B ≥ αR,B }, (11) bQmax = Pr{RA,B < αA,B , RR,B ≥ αR,B },
where 0 < ν < Qmax . The joint probabilities used in computing aν and bν in (10) and (11), respectively, are obtained numerically by averaging over many channel realizations. Analyzing the MC of QR , the local balance equations are given by βν aν = βν+1 bν+1 , 0 ≤ ν ≤ Qmax −1,
(12)
where βν denotes the probability of having ν packets at QR . Using the balance equations successively, the stationary distribution of βν is given by βν = β0
ν−1 Y ̺=0
a̺ , b̺+1
(13)
�−1 � P Qmax Qν−1 a̺ where β0 = 1 + ν=1 is obtained using the ̺=0 b PQmax ̺+1 normalization condition ν=0 βν = 1.
B. Secrecy-Throughput Optimization
The average end-to-end secure throughput, denoted by µd , is µd = γ Pr{RA,B < αA,B , RA,R ≥ αA,R , RR,B ≥ αR,B , Rsec R,B ≥ Rs}π sec + Pr{RA,B < αA,B , RR,B ≥ αR,B , RR,B ≥ Rs , QR = Qmax } � +Pr{RA,B ≥ αA,B , Rsec A,B ≥ Rs } Rs , (14)
where π = Pr{0 < QR < Qmax } is the probability that the relay’s queue is neither empty nor full. The expression in (14) is explained as follows. A packet from Alice is securely decoded at Bob when {RA,B ≥ αA,B , Rsec A,B ≥ Rs }, + = (R − R ) ≥ R is the condition where Rsec A,B A,E s A,B
2162-2337 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/LWC.2016.2569526, IEEE Wireless Communications Letters 4
α=[αA,B ,αR,B ,αA,R ],γ
s.t. αA,B , αR,B , αA,R ≥ Rs , 0 ≤ γ ≤ 1,
(15)
Pr{(RA,R −RA,E )+ < Rs |RA,R ≥ αA,R } ≤ 1−η, where 1−η is the constraint on the SOP of the Alice-relay link. Typically, η should be close to 1 to ensure high probability of secure transmissions from Alice to the relay. Remark 1. The optimization problem in (15) is solved at a predetermined control unit (i.e. Alice, Bob, or the relay). To solve (15), the control unit needs the statistics of Eve’s links. The solution is obtained numerically where we apply a 4-dimensional search over αA,B , αR,B , αA,R , and γ. We note here that, although the problem is solved numerically, its solution depends on the average system’s parameters and not their instantaneous values. Hence, the complexity in obtaining the solution is relatively low and the solution of (15) is used throughout the network lifetime and as long as the system parameters’ statistics remain unchanged. VI. N UMERICAL S IMULATIONS In this section, we simulate the secure relay network under consideration and show the benefits of our proposed scheme. The fading channels are assumed to be complex circularlysymmetric Gaussian random variables. The parameters used to generate Fig. 1 are: η = 0.9, κR = κB = κE = κ, Pn /(κW ) = 9 dB, n ∈ {A, R}, PB /(κW ) = 15 dB, 2 Qmax = 5, NA = 6, NB = NE = 3, NR = 2, σA,R = 1, 2 2 σA,E = 0.5, and σR,E = 0.8. Fig. 1 shows the impact of the Alice-Bob link variance on the achievable end-to-end secure throughput, µd . This figure quantifies the benefits of three important factors: 1) the Alice-Bob link (direct link), 2) 2 = 0 (no direct link), the relaying, 3) relay’s buffer. When σA,B rate is non-zero since there is a relay node. Thus, as expected, the relay enhances the throughput significantly. We compare our proposed scheme, which we refer to as ‘PS’ in the figure’s
4 2 PS: σA,B =1
3.5
µd [bits/sec/Hz]
that Alice’s packet is secured from eavesdropping (i.e. transmission secrecy rate is lower than the channel secrecy rate). Furthermore, a packet from the relay is decoded securely at sec Bob when {RR,B ≥ αR,B , Rsec R,B ≥ Rs }, where RR,B = + (RR,B −RR,E ) ≥ Rs is the condition that the relay’s packet is secured from eavesdropping. The main problem with this metric is that it does not ensure the security of the packets from Alice to the relay. Hence, there might be a packet at the relay’s queue which was already decoded at Eve. Hence, we impose a constraint on the secrecy outage probability (SOP) of the Alice-relay link given that there is a packet transmission. That is, we assume that the SOP of the Alice-relay link is below a certain threshold. Now we are ready to formulate our optimization problem. We aim to optimize the thresholds αA,B ≥ Rs , αR,B ≥ Rs and αA,R ≥ Rs that are used to perform link selection and the random selection probability 0 ≤ γ ≤ 1 such that the end-to-end secure throughput is maximized. This throughput is defined as the number of securely decoded bits at Bob from Alice and the relay. The constrained optimization problem is stated as follows: max : µd
2 PS: σA,B =0
3
2 BL: σA,B =1
2.5
2 BL: σA,B =0
2 1.5 1 0.5 0
0
1
2
3
4
5
6
7
8
9
Rs [bits/sec/Hz] Fig. 1. Average end-to-end secure throughput versus Rs . The parameters used to generate the figure are: η = 0.9, κR = κB = κE = κ, Pn /(κW ) = 9 dB, n ∈ {A, R}, PB /(κW ) = 15 dB, Qmax = 5, NA = 6, NB = NE = 2 2 2 3, NR = 2, σA,R = 1, σA,E = 0.5, and σR,E = 0.8.
legend, with the bufferless (BL) conventional relaying scheme, where a time slot is divided into two equal portions for Alice 2 and the relay’s transmissions. When σA,B increases from 0 to 1, the throughput increases significantly which demonstrates the benefits of having a direct link between Alice and Bob. Our proposed scheme improves the average end-to-end secure throughput significantly relative to the BL scheme. The BL 2 scheme gives zero throughput for all Rs when σA,B = 0. The average end-to-end secure throughput increases with Rs until a maximum value is reached then decreases at moderate and high Rs levels. Hence, we can select Rs that maximizes the secure throughput by changing the packet size. VII. C ONCLUSIONS We analyzed the security of a buffer-aided relay wireless network. We have proposed an AN-aided secure scheme to enhance the system security in which Alice, Bob and the relay node cooperate in jamming Eve by transmitting AN vectors. In our proposed AN-aided secure scheme, the legitimate nodes transmit AN vectors to confuse Eve by exploiting the additional dimensions provided by the difference between the number of transmit and receive antennas at the transmitting and receiving nodes. Our numerical results demonstrated the benefits of exploiting CSI of the legitimate links and BSI of the relay node to enhance the end-to-end secure throughput. R EFERENCES [1] A. D. Wyner, “The wire-tap channel,” Bell Syst. Tech. J., vol. 54, no. 8, pp. 1355–1387, 1975. [2] S. Goel and R. Negi, “Guaranteeing secrecy using artificial noise,” IEEE Trans. Wireless Commun., vol. 7, no. 6, pp. 2180–2189, 2008. [3] J. Huang and A. L. Swindlehurst, “Cooperative jamming for secure communications in MIMO relay networks,” IEEE Trans. Sig. Process., vol. 59, no. 10, pp. 4871–4884, Oct 2011. [4] ——, “Buffer-aided relaying for two-hop secure communication,” IEEE Trans. Wireless Commun., vol. 14, no. 1, pp. 152–164, 2015. [5] I. Krikidis, “Relay selection in wireless powered cooperative networks with energy storage,” IEEE J. Sel. Areas Commun., vol. 33, no. 12, pp. 2596–2610, Dec 2015. [6] J. Mo, M. Tao, and Y. Liu, “Relay placement for physical layer security: A secure connection perspective,” IEEE Commun. Lett., vol. 16, no. 6, pp. 878–881, June 2012. [7] A. Khisti and G. W. Wornell, “Secure transmission with multiple antennas-part II: The MIMOME wiretap channel,” IEEE Trans. Inf. Theory, vol. 56, no. 11, pp. 5515–5532, Nov 2010.
2162-2337 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
