682
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO. 3, SEPTEMBER 2011
Secure Communications Over Wireless Broadcast
Networks: Stability and Utility Maximization
Yingbin Liang, Member, IEEE, H. Vincent Poor, Fellow, IEEE, and Lei Ying, Member, IEEE
Abstract—A wireless broadcast network model with secrecy constraints is investigated, in which a source node broadcasts confidential message flows to user nodes, with each message intended
to be decoded accurately by one user and to be kept secret from all
other users (who are thus considered to be eavesdroppers with regard to all other messages but their own). The source maintains a
queue for each message flow if it is not served immediately. The
channel from the source to the
users is modeled as a fading
broadcast channel, and the channel state information is assumed
to be known to the source and the corresponding receivers. Two
eavesdropping models are considered. For a collaborative eavesdropping model, in which the eavesdroppers exchange their outputs, the secrecy capacity region is obtained, within which each
rate vector is achieved by using a time-division scheme and a source
power control policy over channel states. A throughput optimal
queue-length-based rate scheduling algorithm is further derived
that stabilizes all arrival rate vectors contained in the secrecy capacity region. Moreover, the network utility function is maximized
via joint design of rate control, rate scheduling, power control, and
secure coding. More precisely, a source controls the message arrival rate according to its message queue, the rate scheduling selects a transmission rate based the queue length vector, and the
rate vector is achieved by power control and secure coding. These
components work jointly to solve the network utility maximization
problem. For a noncollaborative eavesdropping model, in which
eavesdroppers do not exchange their outputs, an achievable secrecy rate region is derived based on a time-division scheme, and
the queue-length-based rate scheduling algorithm and the corresponding power control policy are obtained that stabilize all arrival rate vectors in this region. The network utility maximizing
rate control vector is also obtained.
Index Terms—Broadcast channel, power control, queue-lengthbased algorithm, rate control, rate scheduling, secrecy capacity region, stability, utility maximization.
Manuscript received September 27, 2010; revised May 18, 2011; accepted
May 19, 2011. Date of publication May 31, 2011; date of current version
August 17, 2011. The work of Y. Liang was supported by the National Science
Foundation under Grant CCF-10-26566. The work of H. V. Poor was supported
by the Air Force Office of Scientific Research under Grant FA9550-08-1-0480
and by the National Science Foundation under Grant CNS-09-05398. The work
of L. Ying was supported by the National Science Foundation under Grant
CNS- 08-31756 and Grant CNS-09-53165, and by the DTRA under Grant
HDTRA1-08-1-0016 and Grant HDTRA1-09-1-0055. The associate editor
coordinating the review of this manuscript and approving it for publication was
Dr. Wade Trappe.
Y. Liang is with the Department of Electrical Engineering and Computer Science, Syracuse University, Syracuse, NY 13244 USA (e-mail: yliang06@syr.
edu).
H. V. Poor is with the Department of Electrical Engineering, Princeton University, Princeton, NJ 08544 USA (e-mail: [email protected]).
L. Ying is with the Department of Electrical and Computer Engineering, Iowa
State University, Ames, IA 50011 USA (e-mail: [email protected]).
Color versions of one or more of the figures in this paper are available online
at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/TIFS.2011.2158311
I. INTRODUCTION
W
IRELESS broadcast networks constitute one class of
basic and important wireless networks, in which a
source node simultaneously transmits a number of information
flows (messages) to different destinations. However, broadcast
communications make use of the open nature of the wireless
medium, which presents a great challenge to achieve secure
communication for individual users. This is because information for all users is contained in one transmitted signal, and
hence information destined for one user may be obtained by
nonintended users unless special coding is used. Physical layer
security, which uses randomness of a physical communication
channel to provide security for messages transmitted through
the channel, opens a promising new direction toward solving
wireless networking security problems. This approach was
pioneered by Wyner in [1] and by Csiszár and Körner in [2],
and more recently has been extensively explored in the literature (see [3] for a review of recent advances in physical layer
security).
Physical layer security adopts a precise quantitative measure
of security level, i.e., the equivocation rate defined by Shannon
[4], which equals the entropy rate of the source message conditioned on the channel output at the eavesdropper. This measure of the secrecy level allows security to be considered under
the general Shannon framework of information theory [5], and
hence provides an analytical basis with which to characterize
the fundamental limits on communication rates given the security level constraints. This measure of security level also makes
a unified security design across networking layers possible. The
goal of such a design is to maximize network utility (i.e., to
maximize overall users’ satisfaction of the service rate in a certain fair manner among users) under security, reliability, and stability constraints. This motivates a joint design of rate control at
the transport layer, rate scheduling at the medium access control
layer, and power control and secure coding at the physical layer.
Without security constraints, the above issues have been
separately studied for wireless broadcast networks in previous
work. The physical layer issue of reliability requires that
each information flow is received correctly at intended corresponding destinations, and optimal coding schemes to achieve
reliability and the corresponding capacity region that includes
all achievable rate vectors (rate allocation among users) have
been studied in, e.g., [6]–[8]. Based on a queue-length-based
scheduling algorithm that achieves the network throughput region [9], stability and utility maximization in wireless networks
have been studied in, e.g., [10]–[15]. With security constraints,
following the seminal work of [1], [2], physical layer secure
coding schemes and the fundamental limits on the secrecy
1556-6013/$26.00 © 2011 IEEE
LIANG et al.: SECURE COMMUNICATIONS OVER WIRELESS BROADCAST NETWORKS
683
Fig. 2. Two time scales.
Fig. 1. Fading broadcast network.
communication rates have been studied for broadcast networks
in [16]–[33], where reliability and secrecy are jointly studied.
Although jointly considering secrecy, reliability, and stability
for network utility maximization has the potential for significant impact in improving network performance and resource
efficiency, this perspective has not been examined before. One
reason is because the physical layer approach to achieve security, which quantifies the measure of secrecy and greatly facilitates this joint design, has attracted considerable attention only
recently. This joint design is the goal of this paper.
In this paper, we study a broadcast network (see Fig. 1), in
which a source node transmits confidential message flows to
user nodes, and each message flow is intended to be decoded
accurately by one node while being kept secret from all other
nodes. Nodes are thus considered to be eavesdroppers with regard to all other messages but their own. We consider two eavesdropping models. The first one is referred to as a collaborative
eavesdropping model, in which the eavesdroppers can exchange
their outputs to interpret the message. The second one is referred to as a noncollaborative eavesdropping model, in which
eavesdroppers do not exchange their outputs. We assume that
the source node maintains a queue for each message flow if it
is not served immediately. Each queue needs to remain stochastically stable so that no queue length builds up to infinity. As
the measure of users’ satisfaction about network transmission
services, a utility function is associated with each user. As the
measure of the overall performance, the sum of all users’ utility
functions needs to be maximized given that transmission of all
information flows over the network is secret, reliable, and stable.
In this paper, stability means queue stability, i.e., the queues do
not build up to infinity.
We assume that the channel from the source to the
users
is a fading broadcast channel, in which the channel outputs at
each user are corrupted by a multiplicative fading gain process
in addition to an additive white Gaussian noise process. We
assume that the channel state information (channel gain realization) is known to the source node and to the corresponding
receiver. This assumption is justified in the broadcast scenario
considered here, because all users receive information from the
source node and hence it is reasonable for them to feed their
channel states back to the source node to obtain better service
rates from this node. There are two time scales (see Fig. 2): one
is the symbol time level, at which the channel state varies across
symbol times, and the other is the packet time level, which spans
a large number of symbol times during which the channel state
behaves ergodically.
To achieve reliable and secure communication for users, we
adopt the physical layer security approach [1], [2] to employ a
stochastic encoder at the source node. The source node allocates
its power not only among message flows (i.e., among users) but
also dynamically according to the channel state information to
improve secrecy communication rates. Hence the source power
control operates over the symbol time scale, and determines the
service rate allocation among users at the packet time level. At
the packet time level, to maintain the stability of all queues, the
source node implements a rate schedule scheme that adapts its
service rate allocation dynamically among users based on the
queue lengths. Furthermore, rate control is performed also at
the packet time level to maximize the network utility function.
Our goal is to study how to jointly design rate control and rate
scheduling at the packet time scale and power control and secure
coding at the symbol time scale to achieve network utility maximization under reliability, security and stability constraints.
For the collaborative eavesdropping model, we first obtain the
secrecy capacity region, within which each rate vector can be
achieved by a time-division scheme, i.e., at each channel state,
the source transmits only to the user whose channel gain is better
than the sum of the channel gains of all other users. It is clear
that this user must have the best channel gain at this state. The
power control among the channel states thus determines the rate
allocation among users, i.e., rate allocation among components
of a rate vector. We further show that all arrival rate vectors
contained in this region can be stabilized by a throughput optimal queue-length-based scheduling scheme at the packet time
level, where queue length determines the service rate allocation
among users, and hence determines the corresponding power
control to achieve this service rate vector at the symbol time
level. Finally, we obtain a distributed rate control policy that
maximizes the overall network utility maximization given that
reliability, secrecy, and stability are achieved. This maximization is achieved by joint design of rate control, rate scheduling,
power control, and secure coding.
For the noncollaborative eavesdropping model, we study a
time-division scheme, in which the source transmits to one user
in each channel state. The secrecy rate region based on this
scheme is derived. Although the time-division scheme is suboptimal, it is simple and important from a practical point of view.
We also provide and discuss improved secure coding schemes
based on non-time-division schemes. Based on a simple achievable secrecy rate region, a queue-length-based rate scheduling
algorithm is derived that stabilizes the arrival rate vectors contained in this rate region. We also obtain the distributed rate control policy that achieves the overall network utility maximization.
The rest of the paper is organized as follows. In Section II, we
introduce the channel model of interest. In Sections III and IV,
we present our results for the collaborative and noncollaborative
eavesdropping models, respectively. In Section V, we conclude
the paper with a few remarks.
684
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO. 3, SEPTEMBER 2011
II. CHANNEL MODEL
We consider the
-user fading broadcast network (see
Fig. 1), in which a source node transmits
confidential messages to
user nodes. Each message is intended for one user
and needs to be kept secret from all other nodes. Hence, with
regard to one message, all users other than its intended receiver
are considered to be eavesdroppers.
We assume that the channel from the source node to the
users is a fading broadcast channel, in which the channel outputs at each user are corrupted by a multiplicative fading gain
process in addition to an additive white Gaussian noise process.
The channel input–output relationship is given by
In this paper, we focus on the case of perfect secrecy, in which
the eavesdroppers do not obtain any information about the messages. This happens if
(3)
.
for
The second model is referred to as the noncollaborative
model, which assumes that the eavesdroppers do not exchange
their outputs. For this model, the secrecy level of the confidential message
at user is measured by the following
equivocation rate:
(4)
(1)
where denotes the th user, and denotes the th symbol
time instant. At the symbol time instant ,
is the channel
input from the source,
is the channel output at user ,
is the source-to-user channel gain coefficient, and
is the
noise term at user . We define
, and assume
is a stationary and ergodic vector proper complex random process. We assume that the channel state information (i.e., the realization of ) is known at both the source node
and the corresponding receivers. Here, the fading coefficients
across users are not necessarily independent, and nor are they
necessarily identically distributed. It will be clear in Sections III
and IV that as long as the channel state information is known,
only the marginal channel distributions to individual users affect
the performance of the network. The noise processes
for
are independent identically distributed (i.i.d.)
proper complex Gaussian processes with zero means and unit
variances. The input sequence
is subject to the average
power constraint , i.e.,
A
1)
code consists of the following:
message sets:
for
with each message
uniformly distributed over the set
, respectively;
2) one (stochastic) encoder at the source node that maps
each message vector
to a
codeword ; and
3)
decoders: each at one user node that maps a received
sequence
to a message
for
.
In this paper, we study two eavesdropping models. The first
model is referred to as the collaborative eavesdropping model,
which assumes that all eavesdroppers collaborate and exchange
their outputs to interpret a receiver’s message. As in [1], the
secrecy level of the confidential message
is measured by the
following equivocation rate:
(2)
In the case of perfect secrecy, we have
(5)
,
and
. We note that
for
the definitions of collaborative and noncollaborative eavesdropping models have appeared in [34] and [35] for multiple access
wiretap channels.
A rate vector
is achievable if there exists a sequence of
codes such that as goes to infinity, the average probability of error goes to zero and asymptotic perfect secrecy is achieved for each message.
The secrecy capacity region is defined to be the set that includes all achievable rate vectors
such that perfect secrecy can be achieved. Since the source node has access
to the channel state information, the source can dynamically
change its transmission power as the channel state varies at the
symbol time level. Each rate vector in the secrecy capacity region is a service rate allocation among users and is achieved by
a corresponding power control policy at the source node.
We assume that the source node maintains one queue for each
message flow if it is not served immediately. We first consider
the case in which the arrivals of the message flows are on the
packet time scale, and are assumed to be random and independent of each other. We use
to denote an arrival rate vector at
packet time slot , with each component representing the arrival
rate of one queue at packet time slot . The system is stochastically stable if no queue builds to infinity (see the formal definition in [9, Def. 3.1]). We use the vector
to denote the queue length vector at packet time slot , with each
component
denoting the queue length for the th queue.
We note that each packet time slot contains a large number of
symbol time slots, during which the channel state changes in a
stationary and ergodic manner. For each packet time slot, the
rate scheduling at the source node is accomplished by choosing
a secrecy rate vector as a service rate vector, which is achieved
by a corresponding power control policy at the symbol time
level. The stability region is defined to include all arrival rate
vectors that can be stabilized by a rate scheduling algorithm.
In the second case, we assume that associated with each user,
a standard -fair utility function [36] is given by
LIANG et al.: SECURE COMMUNICATIONS OVER WIRELESS BROADCAST NETWORKS
where
denotes the rate at which the source node generates
the messages for user . The objective is to control arrival rate
vectors for users properly so that the following network utility
function is maximized, i.e.,
685
Theorem 1: For the collaborative eavesdropping model, the
secrecy capacity region of the fading broadcast network is given
by
(6)
given that information flow to each user is securely and reliably received, and each queue is stabilized. This involves
jointly designing rate control and a scheduling algorithm at
the packet time scale and a power control policy and a secure
coding scheme at the symbol time scale to achieve reliable and
perfectly secure communication for all users, and at the same
time to maintain the queues of all message flows stochastically
stable.
III. COLLABORATIVE EAVESDROPPING MODEL
A. Secrecy Capacity Region
In this section, we consider the collaborative eavesdropping
model, in which for a given message, all users (eavesdroppers) other than the intended destination can exchange their
outputs to try to decode a given message. Since the eavesdroppers can exchange their outputs, they can be viewed as a
super-eavesdropper that has
receive antennas with each
antenna receiving the outputs of one eavesdropper. Hence, the
channel is equivalent to the wiretap channel [1] with the eavesdropper having multiple antennas, whose secrecy capacity (see
Appendix A) can be obtained from that for the multiple-input
multiple-output (MIMO) wiretap channel given in [37]–[40].
It is then clear that for each channel state, only a user whose
channel gain is larger than the sum of the channel gains of all
other users (eavesdroppers) can receive its message with perfect secrecy. Note that such a user may not exist. It is clear that
this user must have the best channel state among all users. This
suggests a time-division scheme with the source transmitting to
at most one user in each channel state (or at the corresponding
symbol time slot).
For a given channel state
, let
denote
the source power allocation for state . We use
to denote
the set that includes all power allocation functions (i.e., power
control policies) that satisfy the power constraints, i.e.,
(7)
Now let
be the set of all channel states for which the channel
gain of user is larger than the sum of the channel gains of all
other users, i.e.,
(8)
The following theorem states that a time-division scheme is
optimal to achieve the secrecy capacity region.
(9)
where the random vector
has the same
distribution as the marginal distribution of the random process
at one symbol time instant.
Proof: See Appendix A.
We note that each rate
in (9) decreases as the number of
users increases, because the sum of channel gains of all other
users in the second term in the bound for rate
increases. This
is intuitive because more eavesdroppers reduce the secrecy rate
for each user.
Remark 1: It is clear from (9) that no power is allocated to
channel states that are not contained in any of the sets
for
, because no user can obtain perfect secrecy over
these states.
Remark 2: In Theorem 1, only ergodicity and stationarity are
assumed for the fading process
, which can be correlated across time and across components, and is not necessarily
Gaussian.
Remark 3: Each rate vector contained in the secrecy capacity
region given in (9) is achieved by a certain power control policy
over the symbol time slots. It also represents average service
rates for users over a large number of fading states and hence at
the packet time level.
B. Stability and Utility Maximization
The secrecy capacity region given in Theorem 1 includes
all achievable secrecy rate vectors with each component representing the service rate for one user. It still remains to determine a rate scheduling algorithm to choose a service rate vector
at each packet time slot to stabilize all queues and correspondingly to determine a power control policy over the symbol time
slots to achieve this service rate vector. The rate scheduling algorithm and the power allocation policy are given in the following two theorems, respectively.
Theorem 2: For the collaborative eavesdropping model, the
information flows (i.e., the queues) are stable only if the arrival
rate vector is in the secrecy capacity region given in (9), i.e.,
. Furthermore, given any arrival rate vector
that satisfies
(where denotes a -dimensional
vector with all components equal to ), the system is stochastically stable under the following queue-length-based algorithm:
for any given queue length vector
, the secrecy rate vector
686
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO. 3, SEPTEMBER 2011
is chosen to be a solution to the following optimization
problem:
(10)
Proof: See Appendix B.
Remark 4: Since the queue-length-based algorithm given in
Theorem 2 stabilizes any arrival rate vector inside the secrecy
capacity region, it is referred to the secrecy throughput optimal
scheduling scheme.
Theorem 3: For the collaborative eavesdropping model, the
power control policy that achieves the secrecy rate vector for
the queue-length-based algorithm given in Theorem 2 is given
as follows. For a given queue length vector
if
otherwise
(11)
where is chosen to satisfy the power constraint given in (7).
Proof: See Appendix C.
Remark 5: It can be seen from (11) that more power may be
allocated to user to increase its service rate and stabilize its
queue when its queue length increases.
We now consider the following network utility maximization
problem:
(12)
A solution to the above problem provides an optimal rate control vector for the source node to generate messages for users
so that the overall network utility is maximized given that all
information flows are securely and reliably received, and each
queue is stabilized.
Theorem 4: Consider the following joint rate control, rate
scheduling, and power allocation algorithm: For any given
queue length vector
, the source node generates messages
for user with a rate
(13)
Remark 6: In the above theorem, is a tuning parameter that
controls the trade-off between optimality of utility maximization and the queue length. As increases, the rate control vector
determined by (13) approaches the optimal solution to the utility
maximization problem.
Remark 7: The rate
depends only on the utility function
of user and the queue length of user . If information flows are
generated at separate source centers, the rate control algorithm
given in (13) provides a distributed way to control packet generation at these source centers.
IV. NONCOLLABORATIVE EAVESDROPPING MODEL
A. Secrecy Rate Region
In this section, we consider the noncollaborative eavesdropping model, in which users do not share their outputs. For
a given message, the channel can be viewed as the wiretap
channel with multiple eavesdroppers [41] or with one eavesdropper whose channel to the source node is a compound
channel [42]. For this model, we first consider a time-division
scheme, i.e., the source node transmits to only one user at one
symbol time or equivalently in one channel state realization
. We use
to denote the index of the user to which the
source node transmits in the state . Hence,
, as a function, describes a particular time-division (i.e., state allocation)
scheme. We also use
to denote the set that includes all
possible state-division schemes.
For a given channel allocation scheme
, we consider the
set of states for transmitting to user , i.e.,
The channel states in this set may not necessarily satisfy the
condition that user has the best channel state among all users.
The channel corresponding to these states can be viewed as parallel channels to every user with each subchannel corresponding
to one state realization . Since during these states, the source
node transmits information only to user , this channel is a parallel compound wiretap channel [43] with user being the legitimate receiver and other users being eavesdroppers, and both
the legitimate user and eavesdroppers having parallel Gaussian
channels. For the compound parallel wiretap channel, an optimal secure coding scheme was proposed in [44] to code across
all parallel channels. Applying this scheme, an achievable rate
for user can be obtained and is given by
is chosen to be a solution to the
and the secrecy rate vector
following optimization problem:
For the collaborative eavesdropping model, we have
where
is the optimal solution of the network utility maximization problem.
Proof: See Appendix D.
where
equals its argument if it is positive and equals zero
otherwise. It is clear that the total power allocated for transmitting to user is given by
Similar to the above steps, we can obtain the achievable secrecy rates for other users, and hence these rates constitute a rate
LIANG et al.: SECURE COMMUNICATIONS OVER WIRELESS BROADCAST NETWORKS
vector achieved for a given power control scheme
and a
channel allocation scheme
. An achievable secrecy rate region for the broadcast channel includes achievable secrecy rates
obtained for any power control scheme and any possible state allocation scheme, which is given below.
Theorem 5: For the noncollaborative eavesdropping model,
an achievable secrecy rate region for the fading broadcast
channel is given by
(14)
where the random vector
has the same distribution as the marginal distribution of the random process
at one symbol time instant.
We further consider a simple state allocation function, in
which the source node transmits to user if user ’s channel is
the best among users. We define the set
to include all such
channel states, i.e.,
(15)
Then we have the state allocation function
if
for
. Based on this state allocation function, we
have the following corollary.
Corollary 1: For the noncollaborative eavesdropping model,
an achievable secrecy rate region for the fading broadcast
channel is given by
(16)
has the same distriwhere the random vector
bution as the marginal distribution of the random process
at one symbol time instant.
Proof: For each channel state, the source transmits only to
the user with the best channel state, and hence the channel is the
wiretap channel with multiple eavesdroppers. The achievable
secrecy rate follows directly from the proof in [42].
We note that similar to the collaborative eavesdropping
model, each rate
in (16) decreases as the number of users
increases, because the number of rate terms that the “min” is
taken over increases.
We also note that the gap between the regions given in (16)
and (9) suggests the impact of eavesdropper collaboration on the
687
secrecy rate region. Two major differences determine the gap
between the two regions. First of all, for the collaborative eavesdropping model, collaboration among eavesdroppers is reflected
by the fact that a rate determined by the sum of the channel gains
of the eavesdroppers is subtracted from the rate to the legitimate
user in (9). For the noncollaborative eavesdropping model, a
rate determined by the channel gain of each individual user is
subtracted from the rate to the legitimate user. Second, for the
collaborative model, a positive secrecy rate is achievable for a
channel state only if one user has its channel gain larger than
the sum of the channel gains of all of the other users. This condition may not be satisfied by all channel states. Hence, there
may be some channel states at which no user can receive a positive secrecy rate. However, for the noncollaborative model, the
condition for a user to achieve a positive secrecy rate is that this
user’s channel gain is larger than that of all other users. This
condition is less stringent, and each channel state can satisfy this
condition for a certain user and hence contributes to this user’s
secrecy rate. Due to both of the above reasons, the secrecy rate
region for the noncollaborative eavesdropping model is larger
than that of the collaborative eavesdropping model. This justification suggests the following remark.
Remark 8: The regions given in (14) and (16) are larger than
the region given in (9). This is because the eavesdroppers are
less powerful in the noncollaborative eavesdropping model than
in the collaborative eavesdropping model.
Further improved secrecy rate regions can be derived if
the source node is not restricted to time-division schemes and
transmits multiple information flows at a time. In this case, the
state allocation function
represents a set of user indices
to which the source node transmits at the channel state , and
becomes more involved. The source node can apply stochastic
superposition coding [45] to transmit multiple information
flows simultaneously at one channel state. For each user, secure
coding is performed across multiple states.
In general, the above achievable schemes may not be optimal.
Hence, we also derive an outer bound on the secrecy capacity
region, which is given in the following theorem.
Theorem 6: For the noncollaborative eavesdropping model,
an outer bound on the secrecy capacity region of the fading
broadcast channel is given by
(17)
where
(18)
Proof: The bound in (17) for
and
follow steps similar to those in Appendix A by replacing
688
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO. 3, SEPTEMBER 2011
with
, respectively. The rest
(for other indices) follows the steps similar to those for the
above case.
It can be seen that the gap between the inner bound (i.e.,
the achievable secrecy rate region) given in (16) and the outer
bound given in (17) lies in the different sets over which the expectation of the secrecy rate is taken. For the inner bound, the
expectations of the secrecy rate for users are taken over disjoint
sets due to the time-division scheme. However, for the outer
bound, the set
over which the expectation is taken varies
with and is the set that maximizes the expected value. It is also
clear that the expectations in (17) for different users are taken
over overlapping sets. This does not appear in the achievable region (16), because the achievable scheme uses time division and
hence rates for different users cannot be contributed from overlapping state sets. For the case when
, the two bounds are
equal and provide the secrecy capacity region. This is also the
case when the collaborative and noncollaborative eavesdropping models are the same. In general, the inner and outer bounds
may not be very close, which also suggests there is potential to
improve the secrecy rate region in (16) and (14). Although the
non-time-division schemes discussed above provide a better secrecy rate region, their optimality remains an open issue.
B. Stability and Utility Maximization
As expected, if the secrecy rate region is too complicated, it
may not be useful for joint design with other networking layers
in practice. Hence, in this section, we study queue-length-based
algorithms based on the achievable secrecy rate region given in
(16).
Theorem 7: For the noncollaborative eavesdropping model,
if the arrival rate vector
satisfies
given in
(16), then the system is stochastically stable under the following
queue-based algorithm: for any given queue length vector
,
the secrecy rate vector
is chosen to be a solution to the
following optimization problem:
(19)
The corresponding power control policy that achieves the secrecy rate vector
in the preceding algorithm is the solution
to the following optimization problem:
(20)
We note that the optimal power control policy can be derived
by applying techniques developed in [46] for solving max–min
optimization problems.
We next consider the network utility maximization problem
defined in (12) to obtain the optimal rates for the source node to
generate messages for users.
Theorem 8: Consider the following joint rate control, rate
scheduling, and power allocation algorithm: For any given
queue length vector
for user with a rate
, the source node generates messages
(21)
and the secrecy rate vector
is chosen to be a solution to the
following optimization problem:
(22)
For the noncollaborative eavesdropping model, we have
where is the optimal solution of the following network utility
maximization problem:
(23)
Proof: The proof is similar to the proof of Theorem 4 given
in Appendix D, and is hence omitted.
Remark 9: Based on an improved secrecy rate region given
in (14), the joint design for stability in Theorem 7 and utility
maximization in Theorem 8 also needs to incorporate state allocation at the physical layer, which determines the achievable
rate vectors jointly with power control.
V. CONCLUSIONS
In this paper, we have studied wireless broadcast networks,
for which we have obtained the secrecy capacity region for the
collaborative eavesdropping model and inner and outer bounds
on the secrecy capacity region for the noncollaborative eavesdropping model. We have also obtained a secrecy throughput
optimal scheduling scheme and a corresponding jointly optimal
power control policy for the collaborative eavesdropping model.
For the noncollaborative eavesdropping model, we have obtained results similar to the above based on an achievable secrecy rate region. For both models, we have further obtained
the rate control vector for the source node to generate messages
for users that achieve overall network utility maximization. To
the authors’ knowledge, this is the first work that addresses reliability, security (via a physical layer approach), and stability
jointly and studies utility network maximization under these
constraints for wireless broadcast networks. The approach in
this paper can be applied to analyze other wireless networks including multiple-access, interference, and relay networks. This
approach also allows the incorporation of public and common
message flows for users in the system as well.
APPENDIX A
PROOF OF THEOREM 1
,
Proof of Achievability: For a given fading state
the th message is transmitted to user . Since the eavesdroppers can exchange their outputs, they can be viewed as a super-
LIANG et al.: SECURE COMMUNICATIONS OVER WIRELESS BROADCAST NETWORKS
eavesdropper that has
receive antennas with each antenna
receiving the outputs of one eavesdropper. Now the channel
is equivalent to the wiretap channel [1] with the eavesdropper
having multiple antennas. Hence, based on the secrecy capacity
region for the MIMO wiretap channel given in [37]–[40], the
following secrecy rate is achievable in channel state :
689
where
denotes the vector sequence
. In
the preceding equation, (a) follows from the perfect secrecy condition, (b) follows from the definition of the equivocation rate
given in (2), (c) follows from Fano’s inequality such that
(26)
if
, and
follows because given
,
is independent of
.
and
For each , since varying the correlation between
does not affect the secrecy capacity, we obtain
where
(24)
Thus, the rate achievable for user is an average of the rate
over all channel states
, which provides the rate
given in (9).
Proof of the Converse: We note that although the converse
proof is based on the ideas for obtaining the secrecy capacity of
the parallel wiretap channel [47], [48] and the MIMO wiretap
channel in [37]–[40], the proof is not given by directly combining the two.
We first consider the parallel broadcast channel with subchannels indexed by
. Each subchannel is a broadcast channel with one input
and
outputs
for
. In fact, the parallel broadcast channel is equivalent to
a fading broadcast channel with the channel state taking finite
equi-probable states indexed by
. Each subchannel
of the parallel broadcast channel corresponds to one channel
state of the fading broadcast channel. Extending our proof to
the case when has a continuous state space is standard.
For the parallel broadcast channel, we consider a code
with average error probability , where
approaches zero as approaches infinity. We follow steps
similar to those in [47] and [48], and bound the rate
as
follows:
(27)
in the above equation denotes the minimization over
where
all possible correlation between
and
. We now apply
the converse proof in [37]–[40] to obtain
(28)
if subchannel corresponds to the fading state , and the power
is allocated to this subchannel. It is clear that only those
whose corresponding
contribute to the secrecy rate
in (25), and hence the average needs to be taken only over
in (27). Following the same steps as above, we can obtain
the bounds on the rates
. It is also clear that the sum
of the power allocated for obtaining
is less than the
power constraint , because the channel states contributing to
these rates constitute disjoint sets. This concludes the proof.
APPENDIX B
PROOF OF THEOREM 2
given in (9) is the secrecy caWe first note that since
pacity region, it is clear that the network cannot be stabilized
if
. We next use the idea proposed in [9] to establish stability. We define the following Lyapunov function:
We also define
We further define and derive the drift of
(25)
as follows:
690
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO. 3, SEPTEMBER 2011
APPENDIX C
PROOF OF THEOREM 3
From (10), we obtain
(33)
(29)
where
packets in
Let
slot,
slot, and
for
are given in (9). The Lagrangian to
where
solve the preceding convex optimization problem is given by
denotes the unused service rate due to the lack of
queue .
denote the maximum number of arrivals in one time
denote the maximum rate achievable in one time
. Note that
if
, and hence
(34)
and
where is a Lagrange multiplier.
For
, the optimal
satisfies the following necessary and sufficient condition:
(30)
Now given that
that
, there exists
such
(31)
Thus, we have
with equality when
. The power control policy
(11) can then be obtained by simple algebra.
(35)
in
APPENDIX D
PROOF OF THEOREM 4
We define the following Lyapunov function:
Following the analysis in the proof of Theorem 2, we obtain that
there exists
such that
(32)
where (a) follows from (31), and (b) follows from the definition
of the queue-length-based algorithm that
for
is a solution to the optimization problem given in (10).
Therefore, we conclude that
if
. Since
is Markovian, the system is stochastically
stable according to the Foster–Lyapunov criterion [49].
(36)
is the optimal solution to the network utility
where
maximization problem (12).
LIANG et al.: SECURE COMMUNICATIONS OVER WIRELESS BROADCAST NETWORKS
Since
is a solution to the optimization problem given in
(10), we have
, and
(37)
Since
obtain
is a solution to the optimization problem (13), we
(38)
and
(39)
Summing up both sides for
to
, we obtain
(40)
which implies that
Letting both
and
go to infinity, we have
Furthermore,
holds at any time , so we conclude that
691
REFERENCES
[1] A. D. Wyner, “The wire-tap channel,” Bell Syst. Tech. J., vol. 54, no.
8, pp. 1355–1387, Oct. 1975.
[2] I. Csiszár and J. Körner, “Broadcast channels with confidential messages,” IEEE Trans. Inf. Theory, vol. IT-24, no. 3, pp. 339–348, May
1978.
[3] Y. Liang, H. V. Poor, and S. Shamai (Shitz), “Information theoretic security,” in Foundations and Trends in Communications and Information Theory. Hanover, MA: Now Publishers, 2008, vol. 5, nos. 4–5,
pp. 355–580.
[4] C. E. Shannon, “Communication theory of secrecy systems,” Bell Syst.
Tech. J., vol. 28, pp. 656–715, 1949.
[5] C. E. Shannon, “A mathematical theory of communication,” Bell Syst.
Tech. J., vol. 27, pp. 379–423 and 623–656, 1948.
[6] D. N. Tse, “Optimal power allocation over parallel Gaussian broadcast
channels,” in Proc. IEEE Int. Symp. Information Theory (ISIT), Ulm,
Germany, Jun. 1997, pp. 27–27.
[7] L. Li and A. J. Goldsmith, “Capacity and optimal resource allocation
for fading broadcast channels-Part I: Ergodic capacity,” IEEE Trans.
Inform. Theory, vol. 47, no. 3, pp. 1083–1102, Mar. 2001.
[8] L. Li and A. J. Goldsmith, “Capacity and optimal resource allocation
for fading broadcast channels-Part II: Outage capacity,” IEEE Trans.
Inf. Theory, vol. 47, no. 3, pp. 1103–1127, Mar. 2001.
[9] L. Tassiulas and A. Ephremides, “Stability properties of constrained
queueing systems and scheduling policies for maximum throughput in
multihop radio networks,” IEEE Trans. Automat. Contr., vol. 37, no.
12, pp. 1936–1948, Dec. 1992.
[10] E. M. Yeh and A. S. Cohen, “Throughput optimal power and rate control for multiaccess and broadcast communications,” in Proc. IEEE
Int. Symp. Information Theory (ISIT), Chicago, IL, Jun./Jul. 2004, pp.
112–112.
[11] A. Eryilmaz, R. Srikant, and J. Perkins, “Stable scheduling policies for
fading wireless channels,” IEEE/ACM Trans. Netw., vol. 13, no. 2, pp.
411–424, Apr. 2005.
[12] A. Eryilmaz and R. Srikant, “Fair resource allocation in wireless networks using queue-length-based scheduling and congestion control,”
in Proc. IEEE INFOCOM, Miami, FL, Mar. 2005.
[13] M. Neely, E. Modiano, and C. Li, “Fairness and optimal stochastic control for heterogeneous networks,” in Proc. IEEE INFOCOM, Miami,
FL, Mar. 2005, vol. 3, pp. 1723–1734.
[14] A. Stolyar, “Maximizing queueing network utility subject to stability:
Greedy primal-dual algorithm,” Queueing Syst., vol. 50, no. 4, pp.
401–457, Aug. 2005.
[15] A. Eryilmaz and R. Srikant, “Joint congestion control, routing and
MAC for stability and fairness in wireless networks,” IEEE J. Sel.
Areas Commun., vol. 24, no. 8, pp. 1514–1524, Aug. 2006.
[16] M. Bloch, J. Barros, M. R. D. Rodrigues, and S. W. McLaughlin,
“Wireless information-theoretic security,” IEEE Trans. Inf. Theory,
vol. 54, no. 6, pp. 2515–2534, Jun. 2008.
[17] E. Ekrem and S. Ulukus, “Degraded compound multi-receiver wiretap
channels,” IEEE Trans. Inf. Theory, 2009, submitted for publication.
[18] E. Ekrem and S. Ulukus, “The secrecy capacity region of the Gaussian
MIMO multi-receiver wiretap channel,” IEEE Trans. Inf. Theory, vol.
57, no. 4, pp. 2083–2114, Apr. 2011.
[19] E. Ekrem and S. Ulukus, “Secrecy capacity of a class of broadcast channels with an eavesdropper,” Special Issue on Wireless Physical Layer
Security, EURASIP J. Wireless Commun. Netw., vol. 2009, pp. 29–29,
2009, Article ID 824235.
[20] E. Ekrem and S. Ulukus, “Ergodic secrecy capacity region of the fading
broadcast channel,” in Proc. IEEE Int. Conf. Commun. (ICC), Dresden,
Germany, 2009.
[21] E. Ekrem and S. Ulukus, “Capacity region of Gaussian MIMO broadcast channels with common and confidential messages,” IEEE Trans.
Inf. Theory, 2010, submitted for publication.
[22] P. Gopala, L. Lai, and H. E. Gamal, “On the secrecy capacity of fading
channels,” IEEE Trans. Inf. Theory, vol. 54, no. 10, pp. 4687–4698,
Oct. 2008.
[23] A. Khisti, A. Tchamkerten, and G. Wornell, “Secure broadcasting,”
Special Issue on Information Theoretic Security, IEEE Trans. Inf.
Theory, vol. 54, no. 6, pp. 2453–2469, Jun. 2008.
[24] Z. Li, W. Trappe, and R. D. Yates, “Secret communication via multi-antenna transmission,” in Proc. Conf. Information Sciences and Systems
(CISS), Baltimore, MD, Mar. 2007.
[25] H. D. Ly, T. Liu, and Y. Liang, “Multiple-input multiple-output
Gaussian broadcast channels with common and confidential messages,” IEEE Trans. Inf.. Theory, vol. 56, no. 11, pp. 5477–5487, Nov.
2010.
[26] Y. Liang, H. V. Poor, and S. Shamai (Shitz), “Physical layer security
in broadcast networks,” Security Commun. Netw., vol. 2, no. 3, pp.
227–238, May/Jun. 2009.
692
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO. 3, SEPTEMBER 2011
[27] Y. Liang, H. V. Poor, and S. Shamai (Shitz), “Secure communication
over fading channels,” Special Issue on Information Theoretic Security,
IEEE Trans. Inf. Theory, vol. 54, no. 6, pp. 2470–2492, Jun. 2008.
[28] M. Kobayashi, Y. Liang, S. Shamai (Shitz), and M. Debbah, “On the
compound MIMO broadcast channels with confidential messages,” in
Proc. IEEE Int. Symp. Information Theory (ISIT), Seoul, Korea, Jun./
Jul. 2009.
[29] R. Liu, I. Maric, P. Spasojevic, and R. Yates, “Discrete memoryless interference and broadcast channels with confidential messages: Secrecy
rate regions,” Special Issue on Information Theoretic Security, IEEE
Trans. Inf. Theory, vol. 54, no. 6, pp. 2493–2507, Jun. 2008.
[30] R. Liu and H. V. Poor, “Secrecy capacity region of a multi-antenna
Gaussian broadcast channel with confidential messages,” IEEE Trans.
Inf. Theory, vol. 55, no. 3, pp. 1235–1249, Mar. 2009.
[31] R. Liu, T. Liu, H. V. Poor, and S. Shamai (Shitz), “MIMO Gaussian
broadcast channels with confidential and common messages,” in Proc.
IEEE Int. Symp. Information Theory (ISIT), Austin, TX, Jun. 2010.
[32] R. Liu, T. Liu, H. V. Poor, and S. Shamai (Shitz), “Multiple-input multiple-output Gaussian broadcast channels with confidential messages,”
IEEE Trans. Inf. Theory, vol. 56, no. 9, pp. 4215–4227, Sep. 2010.
[33] J. Xu, Y. Cao, and B. Chen, “Capacity bounds for broadcast channels
with confidential messages,” IEEE Trans. Inf. Theory, vol. 55, no. 10,
pp. 4529–4542, Oct. 2009.
[34] E. Tekin and A. Yener, “The Gaussian multiple access wire-tap
channel,” IEEE Trans. Inf. Theory, vol. 54, no. 12, pp. 5747–5755,
Dec. 2008.
[35] E. Tekin and A. Yener, “The general Gaussian multiple access and
two-way wire-tap channels: achievable rates and cooperative jamming,” Special Issue on Information Theoretic Security, IEEE Trans.
Inf. Theory, vol. 54, no. 6, pp. 2735–2751, Jun. 2008.
[36] J. Mo and J. Walrand, “Fair end-to-end window-based congestion control,” in Proc. SPIE Int. Symp., Boston, MA, 1998.
[37] A. Khisti and G. W. Wornell, “Secure transmission with multiple antennas-I: The MISOME wiretap channel,” IEEE Trans. Inf. Theory,
vol. 56, no. 7, pp. 3088–3104, Jul. 2010.
[38] A. Khisti and G. W. Wornell, “Secure transmission with multiple antennas-II: The MIMOME wiretap channel,” IEEE Trans. Inf. Theory,
vol. 56, no. 11, pp. 5515–5532, Nov. 2010.
[39] F. Oggier and B. Hassibi, “The secrecy capacity of the MIMO wire-tap
channel,” in Proc. 45th Annu. Allerton Conf. Communication, Control
and Computing, Monticello, IL, Sep. 2007.
[40] T. Liu and S. Shamai (Shitz), “A note on the secrecy capacity of the
multi-antenna wire-tap channel,” IEEE Trans. Inf. Theory, vol. 55, no.
6, pp. 2547–2553, Jun. 2009.
[41] P. Wang, G. Yu, and Z. Zhang, “On the secrecy capacity of fading wireless channel with multiple eavesdroppers,” in Proc. IEEE Int. Symp.
Information Theory (ISIT), Nice, France, Jun. 2007.
[42] Y. Liang, G. Kramer, H. V. Poor, and S. Shamai (Shitz), “Compound
wire-tap channels,” in Proc. 45th Annu. Allerton Conf. Communication, Control and Computing, Monticello, IL, Sep. 2007.
[43] Y. Liang, G. Kramer, H. V. Poor, and S. Shamai (Shitz), “Compound
wire-tap channels,” Special Issue on Wireless Physical Layer Security,
EURASIP J. Wireless Commun. Netw., vol. 2009, p. 12, 2009, Article
ID 142374.
[44] T. Liu, V. Prabhakaran, and S. Vishwanath, “The secrecy capacity of a
class of parallel Gaussian compound wiretap channels,” in Proc. IEEE
Int. Symp. Information Theory (ISIT), Toronto, ON, Canada, Jul. 2008.
[45] P. P. Bergmans, “Random coding theorem for broadcast channels with
degraded components,” IEEE Trans. Inf. Theory, vol. IT-19, no. 2, pp.
197–207, Mar. 1973.
[46] Y. Liang, V. V. Veeravalli, and H. V. Poor, “Resource allocation for
wireless fading relay channels: Max-min solution,” Special Issue on
Models, Theory and Codes for Relaying and Cooperation in Communication Networks, IEEE Trans. Inf. Theory, vol. 53, no. 10, pp.
3432–3453, Oct. 2007.
[47] Z. Li, R. Yates, and W. Trappe, “Secrecy capacity of independent parallel channels,” in Proc. 44th Annu. Allerton Conf. Communication,
Control and Computing, Monticello, IL, Sep. 2006.
[48] Y. Liang and H. V. Poor, “Secure communication over fading channels,” in Proc. 44th Annu. Allerton Conf. Communication, Control and
Computing, Monticello, IL, Sep. 2006.
[49] S. Asmussen, Applied Probability and Queues. New York: SpringerVerlag, 2003.
Yingbin Liang (S’00–M’05) received the Ph.D. degree in electrical engineering from the University of
Illinois at Urbana-Champaign in 2005.
From 2005 to 2007, she was working as a postdoctoral research associate at Princeton University.
From 2008 to 2009, she was an assistant professor
at the Department of Electrical Engineering, University of Hawaii. Since December 2009, she has been
an assistant professor at the Department of Electrical
Engineering and Computer Science, Syracuse University, Syracuse, NY. Her research interests include
communications, wireless networks, information theory, and machine learning.
Dr. Liang was a Vodafone Fellow at the University of Illinois at UrbanaChampaign during 2003–2005, and received the Vodafone-U.S. Foundation Fellows Initiative Research Merit Award in 2005. She also received the M.E. Van
Valkenburg Graduate Research Award from the ECE department, University of
Illinois at Urbana-Champaign, in 2005. In 2009, she received the National Science Foundation CAREER Award, and the State of Hawaii Governor Innovation
Award.
H. Vincent Poor (S’72–M’77–SM’82–F’87) received the Ph.D. degree in electrical engineering and
computer science from Princeton University in 1977.
From 1977 to 1990, he was on the faculty of
the University of Illinois at Urbana-Champaign.
Since 1990, he has been on the faculty at Princeton
University, Princeton, NJ, where he is the Dean of
Engineering and Applied Science, and the Michael
Henry Strater University Professor of Electrical
Engineering. His research interests are in the areas
of stochastic analysis, statistical signal processing
and information theory, and their applications in wireless networks and
related fields. Among his publications in these areas are Quickest Detection
(Cambridge Univ. Press, 2009), coauthored with Olympia Hadjiliadis, and
Information Theoretic Security (Now Publishers, 2009), coauthored with
Yingbin Liang and Shlomo Shamai.
Dr. Poor is a member of the National Academy of Engineering and the National Academy of Sciences, a Fellow of the American Academy of Arts and
Sciences, and an International Fellow of the Royal Academy of Engineering (U.
K.). He is also a Fellow of the Institute of Mathematical Statistics, the Optical
Society of America, and other organizations. In 1990, he served as President of
the IEEE Information Theory Society, and in 2004–2007 as the Editor-in-Chief
of the IEEE TRANSACTIONS ON INFORMATION THEORY. He received a Guggenheim Fellowship in 2002 and the IEEE Education Medal in 2005. Recent recognition of his work includes the 2009 Edwin Howard Armstrong Achievement
Award of the IEEE Communications Society, the 2010 IET Ambrose Fleming
Medal for Achievement in Communications, the 2011 IEEE Eric E. Sumner
Award, and an honorary doctorate from the University of Edinburgh, awarded
in June 2011.
Lei Ying (M’08) received the B.E. degree from Tsinghua University, Beijing, in 2001, and the M.S. and
Ph.D. degrees in electrical engineering from the University of Illinois at Urbana-Champaign in 2003 and
2007, respectively.
During Fall 2007, he worked as a Postdoctoral
fellow in the University of Texas at Austin. He is
currently an Assistant Professor at the Department
of Electrical and Computer Engineering at Iowa
State University, Ames, IA. His research interest
is broadly in the area of information networks,
including wireless networks, mobile ad hoc networks, P2P networks, and social
networks.
Dr. Ying received a Young Investigator Award from the Defense Threat Reduction Agency (DTRA) in 2009, NSF CAREER Award in 2010, and is named
Litton Assistant Professor at the Department of Electrical and Computer Engineering at Iowa State University for 2010–2012.