Efficient Wireless Security Through Jamming, Coding and Routing
There is a rich recent literature on how to assist secure communication between a single transmitter and receiver at the physical layer of wireless networks through techniques such as cooperative jamming. In this paper, we consider how these single-hop physical layer security techniques can be extended to multi-hop wireless networks and show how to augment physical layer security techniques with higher layer network mechanisms such as coding and routing. Specifically, we consider the secure minimum energy routing problem, in which the objective is to compute a minimum energy path between two network nodes subject to constraints on the end-to-end communication secrecy and goodput over the path. This problem is formulated as a constrained optimization of transmission power and link selection, which is proved to be NP-hard. Nevertheless, we show that efficient algorithms exist to compute both exact and approximate solutions for the problem. In particular, we develop an exact solution of pseudo-polynomial complexity, as well as an -optimal approximation of polynomial complexity. Simulation results are also provided to show the utility of our algorithms and quantify their energy savings compared to a combination of (standard) security-agnostic minimum energy routing and physical layer security. In the simulated scenarios, we observe that, by jointly optimizing link selection at the network layer and cooperative jamming at the physical layer, our algorithms reduce the network energy consumption by half.
Protecting the secrecy of user messages has become a major concern in modern communication networks. Due to the propagation properties of the wireless medium, wireless networks can potentially make the problem more challenging by allowing an eavesdropper to have relatively easy access to the transmitted message if countermeasures are not employed. Our goal is to provide everlasting security in this wireless environment; that is, we will consider methods that will prevent an eavesdropper from ever decoding a transmitted message - even if the eavesdropper has the capability to record the signal and attempt decryption over many years (or decades). There are two different classes of security techniques of interest here: cryptographic approaches based on computational complexity, and information-theoretic approaches that attempt to obtain perfect secrecy. Both have advantages and disadvantages for the desired everlasting security in the wireless environment.
The traditional solution to providing security in a wireless environment is the cryptographic approach: assume that the eavesdropper will get the transmitted signal without distortion, but the desired recipient who shares a key with the transmitter is able to decode the message easily, while the eavesdropper lacking the key must solve a hard problem that is beyond her/his computational capabilities . Since the eavesdropper is assumed to get the transmitted signal without distortion, cryptography addresses the key challenge in the wireless environment of thwarting an eavesdropper very near the transmitter. However, such an approach faces the concern that the eavesdropper can store the signal, and, then, with later advances in computational capabilities or by breaking the encryption scheme, obtain the message. The desire for everlasting security then motivates adding countermeasures at the physical layer that inhibit even the recording of the encrypted message by the eavesdropper that combine with cryptography to facilitate a defense-in-depth approach .
In the information-theoretic approach to obtain perfect secrecy , the goal is to guarantee that the eavesdroppers can never extract information from the message, regardless of their computational capability. Wyner  and succeeding authors [5, 6] showed that perfect secrecy is possible if the channel conditions between the transmitter and receiver were favorable relative to the channel conditions between the transmitter and eavesdropper. In this so-called wiretap channel, perfect secrecy at a positive rate with no pre-shared key is possible . This clearly satisfies the requirement for everlasting secrecy, but it relies on favorable channel conditions that are difficult (if not impossible) to guarantee in a wireless environment. Hence, information-theoretic secrecy requires a network design which inhibits reception at the eavesdropper while supporting reception at the desired recipient.
Our work supports both a cryptographic (computational) approach or information-theoretic approach. Per above, it is advantageous in either case to seek or create conditions so as to inconvenience reception at eavesdropper(s) while facilitating communication of the legitimate system nodes. This has been actively considered in the literature on the physical layer of wireless networks over the last decade, with approaches based on both opportunism [7, 8] and active channel manipulation [9, 10] being employed. Most of these works have arisen in the information-theoretic community and considered small networks consisting of a source, destination, eavesdropper, and perhaps a relay node(s) [8, 9, 10, 11, 12, 13]. More recently, there has been the active consideration of large networks with the introduction of the secrecy graph to consider secure connectivity [14, 15, 16] and a number of approaches to throughput scaling versus security tradeoffs [17, 18, 19]. Hence, whereas there has been a significant consideration of small single- and two-hop networks and asymptotically large multi-hop networks, there has been almost no consideration of the practical multi-hop networks that lie between those two extremes. It is this large and important gap that this paper fills.
Consider a network where system nodes communicate with each other wirelessly, possibly over multiple hops, such as in wireless mesh networks and ad hoc networks. A set of eavesdroppers try to passively listen to communications among legitimate network nodes. To prevent the eavesdroppers from successfully capturing communications between legitimate nodes, mechanisms to thwart such are employed at the physical layer of the network. Two nodes that wish to communicate securely may need to do so over multiple hops in order to thwart eavesdroppers or simply because the nodes are not within the reach of each other. While we make no argument about the optimality or practicality of any specific physical layer security mechanism, for the sake of concreteness, we focus on cooperative jamming, which has received considerable attention [9, 10, 11, 12, 13, 20]. In cooperative jamming, whenever a node transmits a message, a number of cooperative nodes, called jammers, help the node conceal its message by transmitting a carefully chosen signal to raise the background noise level and degrade the eavesdropping channels. Because our general philosophy applies to any physical layer approach, the framework can be extended to include other forms of physical layer security. However, some of the attractive features of cooperative jamming that motivated us to study this technique include:
Opportunistic techniques [7, 8] that exploit the time-varying wireless channel may suffer from excessive delays depending on the rate of channel fluctuations. For applications that require security without an excessive delay, active channel manipulation such as cooperative jamming should be adopted. The price to be paid, in this case, is the increased interference due to jamming.
Node cooperation, while requiring a more complex physical layer, is incorporated in commercial wireless technologies such as LTE. Thus, we envision that cooperative jamming can be implemented in practice, as was demonstrated in a limited form (single jammer) in .
Anonymous wireless communication is a challenging problem. Cooperative jamming can potentially be utilized for wireless anonymous communication, as it creates confusion for wireless localization techniques .
In this general case, the main questions are: (1) how to choose the intermediate nodes that form a multi-hop path from the source node to the destination node, and (2) how to configure each hop at the physical layer with respect to the security and throughput constraints of the path. Specifically, the problem we consider in this paper is how to find a minimum cost path between a source and destination node in the network, while guaranteeing a pre-specified lower bound on the end-to-end secrecy and goodput of the path. The cost of a path can be defined in terms of various system parameters. In a wireless network, transmission power is a critical factor affecting the throughput and lifetime of the network. While increasing the transmission power results in increased link throughput, excessive power actually results in high levels of interference, hence reducing the network throughput due to inefficient spacial reuse. With cooperative jamming at the physical layer, transmission power is even more important due to the additional interference caused by jamming signals if they need to be employed. Thus, in this work, we consider the amount of end-to-end transmission power as the cost of a path with the objective of finding secure paths that consume the least amount of energy. In turn, such paths, by minimizing interference in the network, result in higher throughput. Note that solutions employing power only at the nodes transmitting the messages (and no cooperative jamming) are part of the space over which the optimization will be performed; thus, if it is more efficient to not employ cooperative jamming, such a solution will be revealed by our algorithms.
While it might seem that physical layer security techniques can be extended to multi-hop networks by implementing them on a hop-by-hop basis, in general, such extensions sacrifice performance or are not feasible. The eavesdropping probability on a link is a function of the power allocation on that link. A hop-by-hop implementation is unable to determine the optimal eavesdropping probability and consequently power allocation for each link in order to satisfy the end-to-end constraints (i.e., the chicken-egg problem). Moreover, a hop-by-hop approach overlaid on a shortest path routing algorithm might pay an enormous penalty to mitigate eavesdroppers on some links (e.g., by routing through a node with one or more links, that, because of system geometry, are very vulnerable to nearby eavesdroppers). A routing algorithm that is designed in conjunction with physical layer security can selectively employ links that are easier to secure when it is power-efficient to do so and, in such a way, minimize the impact of the security constraint on end-to-end throughput.
Our main contributions can be summarized as follows:
We formulate the secure minimum energy routing problem with end-to-end security and goodput constraints as a constrained optimization of transmission power at the physical layer and link selection at the network layer.
We prove that the secure minimum energy routing problem is NP-hard, and develop exact and -approximate solutions of, respectively, pseudo-polynomial and fully-polynomial time complexity for the problem.
We show how cooperative jamming can be used to establish a secure link between two nodes in the presence of multiple eavesdroppers or probabilistic information about potential eavesdropping locations by utilizing random linear coding at the network layer.
We provide simulation results that demonstrate the significant energy savings of our algorithms compared to the combination of security-agnostic minimum energy routing and physical layer security.
The rest of the paper is organized as follows. Our system model is described in Section II. The optimal link and path cost are analyzed in Sections III and IV. Our routing algorithms are presented in Section V. Simulation results are discussed in Section VI. Section VII presents an overview of some related work, while Section VIII concludes the paper.
Ii System Model and Assumptions
Consider a wireless network with arbitrarily distributed nodes.
We assume that each node (legitimate or eavesdropper) is equipped
with a single omni-directional antenna.
A -hop route between a source and a destination in the
network is a sequence of links connecting the source to the
In the following subsections, we describe the models considered in this paper for the wireless channel, eavesdroppers, physical-layer security and end-to-end routing. For notational simplicity, we may drop the link index whenever there is no ambiguity.
Ii-a Wireless Channel Model
Consider the discrete-time equivalent model for a transmission from node to node . Let be the normalized (unit-power) symbol stream to be transmitted by , and let be the received signal at node . We assume that transmitter is able to control its power in arbitrarily small steps, up to some maximum power . Let denote the receiver noise at , where is assumed to be a complex Gaussian random variable with . The received signal at is expressed as
where is the complex channel gain between and . The channel gain is modeled as , where is the channel gain magnitude and is the uniform phase. We assume a non line-of-sight environment, implying that has a Rayleigh distribution, and that , where is the distance between nodes and , and is the path-loss exponent (typically between and ). This is the standard narrowband fading channel model employed in the physical layer literature [24, 25].
Ii-B Adversary Model
We limit our attention to passive eavesdroppers as in prior work [9, 10, 11, 12, 13, 20]. Although there are other forms of adversarial behavior, their consideration is beyond the scope of this paper.
While the literature on physical layer security often assumes not only eavesdropper locations but also either perfect (e.g., ) or imperfect (e.g., ) knowledge at the transmitters and jammers of the complex channel gains of the eavesdropping channels (i.e., availability of instantaneous eavesdropper channel state information (CSI)), we consider the more realistic scenario, in which CSI for eavesdropping channels is not available. In addition, our model requires only the knowledge of potential eavesdropping locations in the network, yet we show that it provides guaranteed security by employing coding in conjunction with cooperative jamming.
Specifically, we assume that each link is subject to
potential eavesdropping from a set of locations denoted by , where the probability of
eavesdropping from location is given by for . This is a considerably general model that can be used
to represent a wide range of eavesdropping scenarios
Ii-C Physical Layer Security Model
Consider a secure link formed between source and receiver with the help of jammers . For the moment, we assume that cooperative jamming is implemented at the physical layer to deal with a single eavesdropper located at a fixed position. Later, in Section III, we show how this physical layer primitive can be used to provide security against multiple eavesdroppers or unknown eavesdropping locations.
When node transmits a message, there are multiple ways in which cooperative jamming by system nodes can be exploited, ranging from relatively simple noncoherent techniques to sophisticated beamforming techniques . Since the implementation of beamforming in other contexts, with the same challenges of synchronization in the wireless environment, is advancing rapidly [28, 29], we assume that the jammers cooperatively beamform a common artificial noise signal to the receiver in such a way that their signals cancel out at the receiver . The noise signal is transmitted in the null space of the channel vector where, denotes the channel gain between jammer and destination and denotes the conjugate transpose of vector . Thus, the signal transmitted by the jammers can be expressed as , where is a vector chosen in the null space of . It follows that the total transmission power of the jammers is given by . Assuming that the source node transmits with power , the signals received at the destination and the eavesdropper are given by
where, represents the channel gain vector between the jammers and the eavesdropper, and and denote the complex Gaussian noise at the destination and eavesdropper, respectively, with .
Although the jammers try to prevent the eavesdropper from successfully receiving the message, there is still some probability that the eavesdropper actually obtains the message due to the fact that the channel to the eavesdropper is unknown in our model, i.e., and are unknown. Recalling that the signal-to-interference-plus-noise ratio () at the destination is controlled via power control, let denote the minimum required at the eavesdropper in order to violate the security constraints of the protocol (e.g. for the cryptographic case, the above which the eavesdropper can record a meaningful version of the transmitted signal; in the information-theoretic case, the above which, for a given wire-tap code, the equivocation does not equal the entropy of the message.) Let denote the at the eavesdropper. We have
where means expectation with respect to channel gain vector . Using the results on quadratic forms [31, Eq. 14] to calculate the expectation, it is obtained that ( is the identity matrix of size )
where the final expression is derived from Sylvester’s determinant theorem:
for and being and matrices, respectively, and the fact that (see (31)).
In the remainder of the paper, we use (4) in equality form to compute the eavesdropping probability for a given jamming power . While this results in a (slightly) conservative power allocation, it is sufficient to satisfy the security requirement of each link.
Ii-D Routing Model
Consider a -hop route between a legitimate source and destination in the network. Let denote the set of all possible routes between the source and destination. Let denote the cost of route , where the cost of a route is defined as the summation of the costs of the links forming the route. With slight abuse of the notation, we use to denote the cost of link as well. The secure routing problem is then defined as follows.
SMER: Secure Minimum Energy Routing Problem
Consider a wireless network and a set of eavesdroppers distributed in the network. Given a source and destination, find a minimum energy path between the source and destination subject to constraints and on the end-to-end successful eavesdropping probability and goodput on the path respectively.
Let and denote, respectively, the goodput of path and link . Then can be expressed as
Since goodput of a link is an increasing function of the transmission power of the transmitter of that link, a necessary condition for minimizing power over the path is given by , for all , i.e., all links should just achieve the minimum goodput . Thus, our power allocation scheme (see Section III) establishes links that achieve exactly the minimum required goodput . Consequently, the constraint on the end-to-end goodput is satisfied by any path in the network, and hence does not need to be explicitly considered when solving SMER. As such, SMER can be formally described by the following optimization problem:
for some pre-specified (). The constraint on the route eavesdropping probability in the above optimization problem can be expressed in terms of the eavesdropping probability on individual links that form the route , as , where () denotes the successful eavesdropping probability on link . We use the following result to convert the above inequality constraint to an equality constraint in the routing problem (5).
The cost of route is a monotonically increasing function of .
Consider a path between the source and destination nodes. Define the end-to-end secrecy of path , denoted by , as follows:
First, we show that the link cost is a monotonically increasing function of the the link secrecy for every link . Let and denote the source and jamming powers allocated to the link , respectively. In Section III, we show that: (i) is a constant for a given link independent of the link secrecy, and (ii) is a function of the link secrecy and is given by
where is some constant independent of . Thus, for a fixed link , the link cost depends on only through the jamming power . Taking the derivative on the link cost with respect to results in the following relation:
indicating that the link cost is an increasing function of the link secrecy .
Let and denote the optimal cost of the path computed by solving the optimization problem (14), with equality and inequality constraints, respectively. Furthermore, let and denote the corresponding end-to-end path secrecies. We present a proof of the lemma based on contradiction by assuming that the optimal path cost with the inequality constraint is less than that with the equality constraint. That is, we assume that
Next, by manipulating the link secrecy allocation vector , we construct a new link secrecy allocation vector that satisfies the equality constraint, while having a cost smaller than . To this end, consider some arbitrary link , and replace by a new as follows
Since , it follows that . Consequently, the new cost of the link with link secrecy is less than , which in turn indicates that the new path cost with secrecy allocation vector is less than . Therefore, we have
The proof follows by noting that this contradicts the assumption that is the minimum cost of path with the equality constraint.
Thus, to minimize the cost of the optimal route, the inequality constraint can be substituted by the equality constraint . On each link , it is desirable to keep the successful eavesdropping probability close to . In this case, the product can be approximated by the expression . By substituting the approximate linearized constraint in the routing problem, the following optimization problem is obtained
In the rest of the paper, we focus on this optimization problem. We first show that the problem is, in general, NP-hard and then develop exact and approximate algorithms to solve it.
Iii Secure Link Cost
The link cost is composed of two components: (1) the source power, and (2) the jammers’ power. Let denote the cost of link under the constraint of eavesdropping probability . Then, is given by:
where and denote, respectively, the average source and jammers power on link . In the following subsections, we will compute the optimal values of and subject to a given .
Iii-a Source Transmission Power
Assume that the (complex) fading channel coefficient is known at the source of the given link . Because we are trying to maintain a fixed rate (and, hence, a fixed received power), the source will attempt to invert the channel using power control. However, for a Rayleigh frequency-nonselective fading channel, as assumed here, the expected required power for such an inversion goes to infinity, and, hence truncated channel inversion is employed [25, Pg. 112]. In truncated channel inversion, the source maintains the required link quality except for extremely bad fades, where the link goes into outage. When a link is in a bad fade, the source will need to wait until the link improves before transmitting the packet and delay will be incurred. To limit the delay, we maintain a given outage probability per link. Then, for a given packet, we need to transmit at rate to maintain the desired goodput . Associated with that rate is the SINR threshold required for successful reception at the link destination .
Let denote the average transmission power of , and let denote the power used for a given packet as a function of the power in the fading channel between and . Per above, below some threshold , the source will wait for a better channel. From the Rayleigh fading model employed, is exponential with parameter ; hence, and truncated channel inversion yields:
Then, the average power employed on the link is given by:
where is a constant that depends on the parameter . Hence, for a fixed network parameter (which also determines ), the average power consumed on a given link to achieve the secure goodput is proportional to .
Iii-B Jammers’ Transmission Power
Our physical layer security primitive described in
Section II can provide security only against a single
eavesdropper at a fixed location. To achieve security in the presence
of multiple eavesdroppers or uncertainty about the location of
eavesdroppers, we utilize random linear coding
Consider link between transmitter and receiver with the associated set of potential eavesdropping locations . Transmitter performs coding over messages accumulated in its buffer for transmission to . To generate a coded message, selects a random subset of the messages in its buffer and adds them together (module-). To recover the original messages, the receiver needs to collect linearly independent coded messages. In order to transmit only linearly independent coded messages, keeps track of the coded messages it has transmitted so far. Let denote the -th coded message that is being transmitted to . To securely transmit , employs the cooperative jamming primitive of Section II assuming that there is an eavesdropper in location . Since each coded message is hidden from at least one eavesdropping location, it is guaranteed that an eavesdropper located at location , for all , will not be able to obtain any information about the original messages.
In the following subsections, we compute the optimal jamming power per link. The derivation for the case of multiple eavesdroppers relies on the jamming power computed for the single eavesdropper case.
Because slow frequency non-selective fading is assumed and the channel to the eavesdropper is unknown, there is some probability that the eavesdropper will obtain the message by achieving a received SINR greater than a threshold . Let denote the probability the eavesdropper achieves SINR greater than threshold for a given source to destination channel (recall that the source power will fluctuate as fluctuates, and this will impact the interception probability at the eavesdropper). Because we want to avoid placing limitations on the capabilities of the eavesdropper, assume that the eavesdropper receiver is noiseless. Let and denote the average and instantaneous transmission power allocated to jammers in , respectively. Then, using (4), it is obtained that
Now, to maintain a given , it is sufficient to maintain across all . Under this condition, recognizing that both and are proportional to , we have:
and, taking expectations yields
Recall that our objective is to compute the minimum jamming power for the link. Let denote the successful eavesdropping probability on link conditioned on having an eavesdropper at location . The unconditional eavesdropping probability on link is then given by the approximate relation , where is the probability of having an eavesdropper at location . Since jamming power depends on the location of the eavesdroppers, by optimally allocating jamming power to each potential eavesdropping location, we can minimize the total jamming power across all eavesdropping locations for a given link.
The minimum jamming power for link over all eavesdropping locations is given by the solution of the following optimization problem:
where is the jamming power conditioned on the eavesdropping location , i.e., the jamming power during the transmission of the coded message . Define as follows
After substituting for using (20), we obtain the following optimization problem:
The optimization variables in this optimization problem are the jamming powers . The Lagrangian for the link cost optimization problem is expressed as follows
Using the Lagrange multipliers technique, it is obtained that
Using (24), we have
By substituting in (25), it follows that
It is then obtained that
For a given link and eavesdropping probability , we can use (30) to compute the optimal jamming power allocation for each coded message . Consequently, the average jamming power per message on link is given by:
While we considered the case of non-colluding eavesdroppers here, our model can be extended to handle colluding eavesdroppers by requiring that at least of the coded messages be protected against all eavesdroppers. Let denote the set of colluding eavesdroppers. Assume that on link , messages are coded together for transmission, i.e., is the length of the coding block. Then, the probability that a coded message is captured by all eavesdroppers is given by . Thus, the probability that at least one message out of the coded messages is not received by all eavesdroppers is given by
To satisfy the link eavesdropping constraint , the following relation should be satisfied
This constraint can be used in the optimization problem (23) to compute the optimal link cost for the case of colluding eavesdroppers.
An interesting observation is that
That is, by increasing the length of the coding block, the link cost can be significantly reduced. The cost to be paid is in terms of increased transmission delay.
Rather than looking at individual links in isolation and then performing hop-by-hop coding, we can perform coding on an end-to-end basis only at the source node. Then by repeatedly finding paths that are secure against single eavesdropping per link, the source can securely communicate with the destination through multiple paths. This approach is appropriate if there are only a few potential eavesdropping locations in the network. If the maximum number of eavesdropping locations per link is , then the running time of this approach is times that of the routing algorithm with single eavesdropping location per link.
Iv Secure Path Cost
In this section, using the link cost formulation of the previous section, we formulate the optimal cost of a given path subject to an end-to-end eavesdropping probability . The problem essentially is to divide across the links forming so that the path cost is minimized.
Iv-a Optimal Path Cost
Consider a given path . We find the optimal cost of path by solving the optimization problem (14). Consider link , where . Define and as follows:
Using the results obtained in the previous subsection, the following relation holds:
By substituting the above expressions in the optimal routing formulation described in (14), the following optimization problem is obtained for minimizing the cost of route :
The optimization variables in this optimization problem are jamming powers . The Lagrangian for the routing optimization problem is expressed as follows
Using the Lagrange multipliers technique, it is obtained that
Using (37), we have
By substituting in (38), it follows that
After substitution in (39), the following relation for the optimal eavesdropping probability on link is obtained
For a given route and end-to-end eavesdropping probability , we can use (42) to divide between links . Having computed , the optimal power allocated to jammers on link is given by the following expression:
Using the above expression for , the cost of link is expressed as
Consequently, the cost of secure route is given by:
To this end, for a given route between the source and destination, the optimal cost of subject to the end-to-end eavesdropping constraint is given by (45). The optimal cost is achieved by allocating and to each link using (17) and (43), respectively. Such a power allocation scheme would result in minimum cost, while guaranteeing that the eavesdropping constraint would be satisfied. Thus, SMER is reduced to finding a path, among all possible paths between the source and destination, that minimizes the optimal path cost (45). The following proposition formally states this result.
SMER with end-to-end eavesdropping and goodput constraint and , respectively, is equivalent to finding a path that minimizes the optimal path cost as given by (45).
Iv-B Optimal Path Cost Structure
Define and as follows:
Then the optimal path cost (45) can be expressed as
V Secure Minimum Energy Routing
In this section, we investigate the secure minimum energy routing problem, where the cost of a path is given by (45). We begin by establishing that it is NP-hard. Then, by exploiting the structure of the optimal solution, we employ dynamic programming to obtain a pseudo-polynomial time algorithm that provides an exact solution. This means that the problem is weakly NP-hard , thus fully polynomial time approximate schemes are possible. Accordingly, we conclude the section by presenting a fully polynomial time -approximation algorithm for the problem, which takes an approximation parameter and after running for time polynomial in the size of the network and in , it returns a path whose cost is at most times more than the optimal value.
V-a Computational Complexity
We first show that our routing problem is NP-hard via a reduction from the partition problem.
Problem SMER is NP-hard.
We describe a polynomial time reduction of the Partition problem  to SMER. Given a set of integers , with , the Partition problem is to decide whether there is a subset of such that .
Given an instance of the Partition problem, with , we construct the following network. The set of nodes is identical to . For to , we interconnect node to node with two links, as follows: an “upper” link , to which we assign and , and a “lower” link , to which we assign and .
The answer to the Partition problem is affirmative iff the solution to SMER in the constructed network, i.e., the minimum value of of a path between nodes and , equals .
A path between nodes and consists of a (possibly empty) set of “upper” links and a (possibly empty) set of “lower” links . Let and be, correspondingly, the sets of indices of the links in and in , i.e., iff and iff . Clearly, . The cost of the path, per , is given by:
Consider first the case