Throughput Maximization in MultiHop Wireless Networks under Secrecy Constraint
Abstract
This paper analyzes the achievable throughput of multihop sensor networks for industrial applications under secrecy constraint. The evaluation scenario comprises sensors that measure some relevant information of the plant that is first processed by an aggregator node and then sent to the control unit. To reach the control unit, a message may travel through relay nodes, which form a multihop wireless link. At every hop, eavesdropper nodes attempt to acquire the messages transmitted through the legitimate link. The communication design problem posed here is how to maximize the multihop throughput from the aggregator to the control unit by finding the best combination of relay positions (i.e. hop length: short or long) and coding rates (i.e. high or low spectral efficiency) so that the secrecy constraint is satisfied. Using a stochasticgeometry formulation, we show that the optimal choice of coding rate is normally high and depends on the pathloss exponent only, while a greater number of shorter hops are preferable to smaller number of longer hops in any situation. For the investigated scenarios, we prove that the optimal throughput subject to the secrecy constraint achieves the unconstrained optimal performance – if a feasible solution exists.
Multihop wireless networks, stochastic geometry, machinetomachine communications, throughput, secrecy
I Introduction
Industrial environment imposes challenging conditions on radio propagation due to their commonplace reflective and absorbent surfaces, as well as electromagnetic interference from the machinery [1]. Recently, wireless solutions for industrial applications have gained considerable attention from both academia and industry, using the concept of machinetomachine communications [2, 3, 4, 5, 6]. Such idea enables seamless exchange of information between autonomous devices without any (direct) human intervention. Another advantage of wireless machinetomachine communications is its scalability, which reduces deployment and maintenance costs.
In industrial plants, exchange of information is often needed among the machinery, monitoring devices and control unit; thereby, reliability, low latency and security become major concerns in the communication system design [7]. In this context, multihop machinetomachine communications appear as a promising technology to tackle the industrial environment challenges. As pointed out in [3], multihop schemes are more suitable in such environments with additional interference.
In a typical plant, the design of a multihop link between the aggregator and the control unit can be simplified by setting two parameters: position of relay nodes and coding rate (spectral efficiency). The most straightforward design option would be to use longhops (less use of network resources) and to set high coding rates (i.e. more efficient messages in bits/s/Hz).
Industrial networks usually employ unlicensed frequency bands and consequently are exposed to stronger cochannel interference. If this is the case, using long hops in conjunction with high rates may not be the best choice as far as the former leads to lower signaltointerference ratio (SIR) while the latter leads to higher SIR thresholds needed to successfully decode a message [8].
In large industrial deployments, there are various sensors and machines continuously monitoring several processes. The resulting information that needs to be exchanged is frequently confidential, what requires the communication to be reliable, efficient, and secure at all levels of the network infrastructure [7, 9]. Due to the broadcast nature of the wireless medium, nonintended nodes – commonly named eavesdroppers – within the communication range of a given transmitter can overhear the socalled legitimate transmission and possibly extract private information [9]. To avoid that, cryptographic techniques are usually implemented in the higher layers of the communication protocols to ensure confidentiality [10].
Such techniques, however, depend on secret keys and rely on the limited computational power of eavesdroppers, as well as the reliability guaranteed by channel coding at the physicallayer design. These assumptions may not always hold since devices with high computational power are getting cheaper and widespread. Moreover, they become expensive and difficult to achieve as the network scales [9, 11]. In this context, physicallayer security comes as a promising alternative to complement cryptographic solutions, by adding not only security at the physicallayer with strategies that guarantee reliability, but also confidentiality regardless of eavesdroppers computational power [9, 11].
Another interesting solution when dealing with wireless communication over multiple hops is the wellknown cooperative relaying strategies [12, 13]. As pointed out in [12], such schemes are robust to fading and interference impairments due to the enhanced diversity. Additionally, as discussed in [14, 15], cooperative diversity schemes also enhance the performance of networks secured at the physicallayer.
All in all, the existence of multiple hops, interferers and eavesdroppers further complicate the design of wireless communication systems in industrial applications. Fig. 1 exemplifies an industrial deployment, where several sensors communicate to an aggregator (black node), which by its turn communicates via relays with the control unit (blue node). For instance, an aggregator can act as a relay and help to convey the information to the control unit. The legitimate link is composed by an aggregator (black node), relays (green nodes) and the control unit (blue node). All other randomly distributed nodes in the network are assumed to be either interferers (white nodes) or (potential) eavesdroppers (red nodes).
We assume that sensors are scattered throughout the industrial facility to measure relevant information, which is processed by an aggregator node and then sent to the control unit. Note that the sensor measurements, their communication with the aggregetor and the information processing are all assumed to be perfect. To reach the control unit, the message may travel through relay nodes, forming a multihop, wireless link. At every hop, eavesdropper nodes attempt to acquire the messages transmitted through the legitimate link.
For instance, the aggregator could attempt a single transmission via long hops, which means that the channel is used less times and then there is a lower chance of the message being decoded by the eavesdropper. At the same time this increases the chance that an eavesdropper, which is closer to the transmitter than the desired receiver, intercepts and acquires the information being transmitted.
As we can observe, there are tradeoffs regarding possible eavesdropper locations, number of hops, transmit power and decoding capabilities, which are function of the interference level perceived at the receivers. To assess such tradeoffs, we introduce a tractable model based on to characterize the uncertainty related to interferers (jammers) and eavesdroppers positions and then proceed with a throughput optimization subject to a secrecy constraint. Then, the main contributions of this paper can be summarized as follows:

Analysis of the throughput of industrial communication networks under a secrecy constraint by employing a model that characterizes the uncertainty related to interferers’ and eavesdroppers’ positions.

Closedform solutions for the optimal multihop throughput considering or not the secrecy constraint as a function of network deployments parameters.

Identification of the operational regions proving that the optimal throughput subject to the secrecy constraint achieves the optimal performance if a feasible solution exists.
The remainder of this paper is organized as follows: Section II introduces the system model and the main metrics used to evaluate the performance of the network. Section III and Section IV evaluate the tradeoffs involved in the design and deployment of the network. Both sections offer comprehensive numerical results and discussions. Next, Section V contextualizes our results and current industrial standards. Finally, in Section VI conclusions and final remarks are drawn.
Ii System model
Let be the distance from the aggregator to the central unit, assuming that there exist inbetween relay nodes employing a decodeandforward strategy [12]. We consider that the relay nodes are deployed in the straight line defined by the aggregator and the central unit such that the distance between any two nodes is the same. The number of hops is then computed as . We assume that randomly scattered nodes attempt to jam the communication between the aggregator and the central unit. Then, if we assume that the jamming signals experienced by each receiver node along the multihop link are independent, the respective throughput , with respect to the multihop link, can be computed as [8]:
(1) 
where is the probability that the message is successfully decoded by the receiver and is the minimum required SIR for a successful reception. If we assume pointtopoint Gaussian codes and interferenceasnoise decoding rule [16], the spectral efficiency of , measured in bits/s/Hz, in the singlehop links is achievable if SIR.
If the network designer choose one long hop , the throughput is . If more hops are desired, then more network resources are required and the overall spectral efficiency decreases in relation to the number of hops (i.e. the same information is transmitted at the expense of more channel uses). Nevertheless, if more hops are added, is expected to increase. These contradictory effects are captured by (1).
We assume a field of jammers (malicious interferers) that is characterized by a 2dimension uniform Poisson point process with intensity , measured in transmitters per unit of area [17]. We assume that the channel has two components: one related to the distancedependent pathloss such that the received power decays with the distance and other related to fading. The received power at the node of interested can be computed as , where is the distance between the reference receiver and the node, is the channel gain between them, and the pathloss exponent [18].
We consider the communication occurs in timeslot basis so that the slot length is the time required to transmit one packet [19]. If the nodes’ positions and the channel gains do not change during the packet transmission, the signaltointerference ratio (SIR) is computed as^{1}^{1}1We assume here interferencelimited networks. As pointed in [20], the inclusion of the noise power leads to a more complex analysis without providing any significant qualitative difference.
(2) 
To compute , we assume that the channel gains are independent and identically distributed exponential random variables (Rayleigh fading) and that the interferers’ positions change every time slot. In this way, each timeslot is a different realization of the point processes and the channel gains . From this assumptions, the success probability is [17]:
(3) 
where .
Let us now consider that there are eavesdroppers that are capable of decoding the transmitted messages if the SIR experienced by them are greater than the threshold .^{2}^{2}2This threshold may reflect how powerful are the eavesdroppers: a low indicates that the eavesdroppers are able to successfully decode messages even with low SIR, reflecting a powerful decoding scheme. Their spatial distribution are modeled as a 2dimensional uniform Poisson point process with intensity , measured in eavesdroppers per unit of area. The channel gains in relation to the transmitter are modeled as in the interferers’ process described above (quasistatic Rayleigh fading and distancedependent pathloss). As before, a different realization of the point process and channel gains are assumed at every different timeslot. In this scenario, due to the lack of any side information regarding the specific position and the channel gains, it is not possible to guarantee 100% of secrecy in the communication of the desired link.
Herein, we assume a secrecy constraint referring to the aggregator–control unit multihop link. In this case, the probability that the eavesdropper illegitimately acquires the message should be, statistically, lower than or equal to %. To compute such probability, we need to evaluate the outage probability in the eavesdropper^{3}^{3}3In fact this is an approximation since there will be closer eavesdroppers that experience a better channel. This, however, is a good approximation and holds in most of the cases for the spatial densities considered here.. The probability density function of distance between an arbitrary point to the closest point of a Poisson point process with intensity is given by [17]:
(4) 
Similarly to (3), the outage probability (i.e. the probability that the packet is not successfully decoded) at the eavesdropper can be computed as [17]:
(5) 
where is the expected value in regard to the distance given by (4).
We are now ready to state the optimization problem of interest as follows: what are the hop length and SIR threshold that jointly optimize the multihop throughput given by (1) while the secrecy constraint is satisfied? Mathematically, we have the following:
(6) 
where the constraint is the probability that the eavesdropper links are in outage at every hop of the multihop link with a probability greater than equal to .
Iii Unconstrained optimization
Let us start presenting the solution of the unconstrained optimization problem assuming that the number of hops can be a real number so that the hop length can assume any positive value for a given .
Proposition 1
The pair of the unconstrained version of the optimization problem given by (6) is:
(7)  
(8) 
where is the principal branch of the Lambert W function^{4}^{4}4We have used the function from the library SymPy [21]. [19], which is defined as such that and .
The optimal throughput is then:
(9) 
Proof:
The first step is to show that multihop throughput in (6) is a quasiconcave function in terms of both and . Then, the pair that leads to the optimal unconstrained throughput can be found as the joint solution of the following partial derivative equations and .
Fig. 2 exemplifies how the optimal throughput varies with the density of interferers for different multihop distances . One can see that the lower densities yields higher optimal throughputs, regardless of the multihop distance considered. Looking at the multihop distances, we find that the lower the distance , the higher the throughput .
Although those results are somehow expected, it is interesting to analyze the reasons behind this behavior, which will later help us to understand the solution of the constrained optimization. From (7), the optimal value of is independent of any other parameter of the system, but the pathloss exponent , which is not under the designer control. Therefore, is fixed if is fixed and the singlehop distance is the variable that changes with and/or , as indicated by (8).
Equation (9) shows that the optimal throughput is inversely proportional to and . It is worth noting that for small values of and/or , tends to infinity. This is a byproduct of our assumptions and clearly does not represent actual scenarios. Although, we understand this limitation, we still believe that the simplicity of our results can provide clear, and reasonable, guidelines on the network design.
When the same is considered, the optimal throughput is determined only by : if a packet needs to travel longer sourcedestination distances, the singlehops should be surprisingly smaller to support the optimal coding rate . This happens because the smaller the singlehop distance, the higher the experienced by the receiver nodes. In this case, having more shorter hops is statistically more advantageous than having less longer hops. A similar analysis is also valid when assessing the case when the same multihop distance is assumed and the intensity is varying.
Although the results showing that longer distances and higher intensity of interferer nodes degrade the throughput are expected, the design choices that optimize the multihop throughput are rather surprising. In the next section, we will see how the secrecy constraint will affect the optimal system design.
Iv Constrained optimization
Let us now focus on the optimization problem subject to the secrecy constraint stated in (6). We first recall that the network designer does not have any control on the eavesdropper parameters so that and are input variables (i.e. external factors).
Lemma 1
The secrecy constraint given by (6) can be rewritten as
(10) 
where the new constraint is given by:
(11) 
Proof:
We start by manipulating the secrecy constraint from (6) as follows:
(12) 
We now use the fact that the singlehop must have a length lower than or equal to the multihop and that the distances are strictly positive to conclude this proof. \qed
Proposition 2
Proof:
Let us start by considering the second part of the secrecy constraint given by Lemma 1, namely . If , then , the secrecy constraint is then violated and the problem has no feasible solution.
Corollary 1
The solution of the constrained optimization problem stated in (6) does not exist if and then .
Proof:
This proof follows from the first part of the proof of Proposition 2, when implies that the problem has no feasible solution. \qed
Remark 1
In the scenarios under investigation, the inequality holds due to the combination of the system parameters and target variables.
From this remark and the analytic results previously stated, the solution of optimization problem with secrecy constraint only depends on the relation between and the multihop distance for the cases studied here. More specifically, Corollary 1 tells us that the optimal solution exists if the secrecy constraint is achievable for the network density of interferers , density of eavesdroppers and their SIR threshold considered.
Fig. 3 (presented in the next page) shows the distance constraint as a function of the eavesdroppers’ SIR threshold for different combination of densities and . One can see that lower SIR thresholds cause the unfeasibility of the optimal solution. As expected, if the eavesdroppers are able to decode messages with low SIR, then their chance of correctly decode the information of the legitimate link grows, regardless of the densities and .
The effects of and are the following. The higher the density of eavesdroppers , the stricter is the distance constraint . This is due to the fact that big values of lead to greater probabilities that a eavesdropper node is closer to the legitimate link. This, in turn, requires a more stringent to satisfy the secrecy constraint .
The increase of the density of interferers , on the other hand, helps the secrecy of the legitimate link. This is in line with the general literature on physical layer security (e.g. [22]) since higher leads to probabilistically lower SIR. This will then result in more outages in the eavesdropper links, making the distance constraint less stringent.
Fig. 4 shows an example of the optimal constrained multihop throughput^{5}^{5}5To solve the constrained optimization, we have used the numerical function from the library SciPy [23]., in relation to the unconstrained case. The optimal multihop throughput is plotted as a function of for , and . One can verify that the constrained optimization can achieve the unconstrained performance if the solution of the problem is within its feasibility region, which can be analytically determined as predicted in Corollary 1.
V Implementation and deployment aspects
As previously mentioned, the scenario under analysis is a simplified, abstract, version of an actual industrial communication network. In any case, we would like to reinforce the value of our results, which are simple enough to characterize important tradeoffs on the system design. In the proposed model, we do not assume any information about interferers and (malicious) eavesdroppers, which might be a more practical consideration. For example, the design of a physicallayer secured network assumes some information about eavesdroppers as in [9, 11]. Therein, each transmitter attempts to convey its message in a reliable and confidential way, once they are aware that nonintended receivers may be overhearing their transmission. In the case of interference, there are wellestablished approaches that uses the channel and/or location information to increase the system throughput.
In what follows, we briefly discuss some of the major standardization efforts, which could benefit from our results. For instance, ZigBee (IEEE 802.15.4) and Bluethooth (Low Energy) network standards serve not only for industrial applications, but also for home automation for instance [7, 24]. Both standards are lowpower and have limited communication range (few tens of meters in indoor environment), and thus could take advantage of our guidelines: a large number of hops in short range communication is preferable over long hops. Another possible alternative for wireless industrial is WirelessHART [24], which has already embedded functionalities that allow information relaying.
It is worthy noting that our discussions so far are based on industrial environments; however, our results also extend to modern (smart) power grids due to the similarities of the communication environment. For instance, smart grids also present a distinct profile of interference due to the highly reflective materials and electromagnetic interference from the machinery, especially at distribution side. Besides, communication links suffer additional interference from concurrent transmissions from neighboring devices and aggregations as discussed in [25]. This initial assessment is then extended in order to include not only reliability analysis but also security and privacy in [26]. This evinces the potential applications and relevance of our results.
Vi Conclusions and Final Remarks
This paper analyzes the throughput of industrial multihop machinetomachine networks under a secrecy constraint. The scenario under analysis consists in an aggregator node, which collects and processes the sensor measurements, and a control unit that needs the proceeded information. This communication is wireless and may occur over multiple hops, and the communication engineer is expected to find the optimal position of the relay nodes and the coding rates used in the singlehop links so as to maximize the throughput in [bits/s/Hz] while respecting a given secrecy constraint.
By employing our stochasticgeometricbased model to characterize the uncertainties involved in the eavesdroppers’ and interferers’ positions, we first showed that the optimal choice without any secrecy constraint of coding rate (spectral efficiency) depends only on the pathloss exponent and normally assumes high value. To sustain such high rate, a great number of shorter hops are then preferable to a small number of longer hops. When the secrecy constraint is assumed, we proceeded with the throughput optimization and proved that the unconstrained performance can be achieved with the same optimal relay positions and coding rates only if a feasible solution exists. Otherwise, there is no solution for the problem that satisfies the minimum level of secrecy required.
As a next step, we expect to evaluate our guidelines in actual industrial environments by following the insights provided herein. To do so, we aim at designing a feasible experimental deployment that utilizes established standards for industrial wireless systems. It is also important to point out that, although this analysis has been presented focusing on industrial deployments, our framework can be also extended to different kind of smart applications such as homes, cities, energy grids or highways.
References
 [1] P. Stenumgaard et al., “Challenges and conditions for wireless machinetomachine communications in industrial environments,” IEEE Commun. Mag., vol. 51, no. 6, pp. 187–192, June 2013.
 [2] I. Stojmenovic, “Machinetomachine communications with innetwork data aggregation, processing, and actuation for largescale cyberphysical systems,” IEEE Internet Things J., vol. 1, no. 2, pp. 122–128, Apr. 2014.
 [3] H. Goh et al., “Development of bluewave: A wireless protocol for industrial automation,” IEEE Trans. Ind. Informat., vol. 2, no. 4, pp. 221–230, Nov 2006.
 [4] A. Rajandekar and B. Sikdar, “A survey of MAC layer issues and protocols for machinetomachine communications,” IEEE Internet Things J., vol. Early Access, no. 99, pp. 1–1, 2015.
 [5] A. Osseiran et al., “Scenarios for 5G mobile and wireless communications: The vision of the METIS project,” IEEE Commun. Mag., vol. 52, no. 5, pp. 26–35, May 2014.
 [6] F. Boccardi et al., “Five disruptive technology directions for 5G,” IEEE Commun. Mag., vol. 52, no. 2, pp. 74–80, February 2014.
 [7] V. Gungor and G. Hancke, “Industrial wireless sensor networks: Challenges, design principles, and technical approaches,” IEEE Trans. Ind. Electron., vol. 56, no. 10, pp. 4258–4265, Oct 2009.
 [8] P. H. J. Nardelli et al., “Efficiency of wireless networks under different hopping strategies,” IEEE Trans. Wireless Commun., vol. 11, no. 1, pp. 15–20, Jan. 2012.
 [9] Y. Shiu et al., “Physical layer security in wireless networks: A tutorial,” IEEE Wireless Commun., vol. 18, no. 2, pp. 66–74, 2011.
 [10] C. Kaufman et al., Network security: Private communication in a public world, 2nd ed. Prentice Hall, 2002.
 [11] A. Mukherjee et al., “Principles of physical layer security in multiuser wireless networks: A survey,” Commun. Surveys Tuts., vol. 16, no. 3, pp. 1550–1573, Third 2014.
 [12] F. GomezCuba et al., “A survey on cooperative diversity for wireless networks,” Commun. Surveys Tuts., vol. 14, no. 3, pp. 822–835, Third 2012.
 [13] F. Mansourkiaie and M. Ahmed, “Cooperative routing in wireless networks: A comprehensive survey,” Commun. Surveys Tuts., vol. PP, no. 99, pp. 1–1, 2015.
 [14] Y. Zou et al, “Improving physicallayer security in wireless communications using diversity techniques,” IEEE Network, vol. 29, no. 1, pp. 42–48, Jan 2015.
 [15] H. Alves et al., “On the performance of secure fullduplex relaying under composite fading channels,” IEEE Signal Process. Lett., vol. 22, no. 7, pp. 867–870, Jul. 2015.
 [16] F. Baccelli et al., “Interference networks with pointtopoint codes,” IEEE Trans. Inf. Theory, vol. 57, no. 5, pp. 2582–2596, May 2011.
 [17] M. Haenggi, Stochastic geometry for wireless networks. Cambridge University Press, 2012.
 [18] H. Inaltekin et al., “On unbounded pathloss models: Effects of singularity on wireless network performance,” IEEE J. Sel. Areas Commun., vol. 27, no. 7, pp. 1078–1092, Sep. 2009.
 [19] P. H. J. Nardelli et al., “Throughput optimization in wireless networks under stability and packet loss constraints,” IEEE Trans. Mobile Comput., vol. 13, no. 8, pp. 1883–1895, Aug. 2014.
 [20] S. Weber et al., “An overview of the transmission capacity of wireless networks,” IEEE Trans. Commun., vol. 58, no. 12, pp. 3593–3604, Dec. 2010.
 [21] [Online]. Available: http://docs.sympy.org/0.7.1/modules/mpmath/functions/powers.html
 [22] H. Alves et al., “On the secrecy of interferencelimited networks under composite fading channels,” IEEE Signal Process. Lett., vol. 22, no. 9, pp. 1306–1310, Sep. 2015.
 [23] [Online]. Available: http://docs.scipy.org/doc/scipy/reference/generated/scipy.optimize.fmin_l_bfgs_b.html
 [24] K. Al Agha et al., “Which wireless technology for industrial wireless sensor networks? The development of OCARI technology,” IEEE Trans. Ind. Electron., vol. 56, no. 10, pp. 4266–4278, Oct 2009.
 [25] P. H. J. Nardelli et al., “Maximizing the link throughput between smart meters and aggregators as secondary users under power and outage constraints,” Adhoc Networks, vol. PP, no. 99, pp. 1–20, 2015. [Online]. Available: http://arxiv.org/abs/1506.04830v2
 [26] H. A. et al., “Enhanced transmit antenna selection scheme for secure throughput maximization without CSI at the transmitter and its applications on smart grids,” IEEE Trans. Inf. Forensics and Security, Nov 2015, submitted. Arxiv ID: 1511.06518.