Secure Communications Over Wireless Broadcast Networks - INLAB

682

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 6, NO. 3, SEPTEMBER 2011

Secure Communications Over Wireless Broadcast Networks: Stability and Utility Maximization Yingbin Liang, Member, IEEE, H. Vincent Poor, Fellow, IEEE, and Lei Ying, Member, IEEE

Abstract—A wireless broadcast network model with secrecy constraints is investigated, in which a source node broadcasts confidential message flows to user nodes, with each message intended to be decoded accurately by one user and to be kept secret from all other users (who are thus considered to be eavesdroppers with regard to all other messages but their own). The source maintains a queue for each message flow if it is not served immediately. The channel from the source to the users is modeled as a fading broadcast channel, and the channel state information is assumed to be known to the source and the corresponding receivers. Two eavesdropping models are considered. For a collaborative eavesdropping model, in which the eavesdroppers exchange their outputs, the secrecy capacity region is obtained, within which each rate vector is achieved by using a time-division scheme and a source power control policy over channel states. A throughput optimal queue-length-based rate scheduling algorithm is further derived that stabilizes all arrival rate vectors contained in the secrecy capacity region. Moreover, the network utility function is maximized via joint design of rate control, rate scheduling, power control, and secure coding. More precisely, a source controls the message arrival rate according to its message queue, the rate scheduling selects a transmission rate based the queue length vector, and the rate vector is achieved by power control and secure coding. These components work jointly to solve the network utility maximization problem. For a noncollaborative eavesdropping model, in which eavesdroppers do not exchange their outputs, an achievable secrecy rate region is derived based on a time-division scheme, and the queue-length-based rate scheduling algorithm and the corresponding power control policy are obtained that stabilize all arrival rate vectors in this region. The network utility maximizing rate control vector is also obtained. Index Terms—Broadcast channel, power control, queue-lengthbased algorithm, rate control, rate scheduling, secrecy capacity region, stability, utility maximization.

Manuscript received September 27, 2010; revised May 18, 2011; accepted May 19, 2011. Date of publication May 31, 2011; date of current version August 17, 2011. The work of Y. Liang was supported by the National Science Foundation under Grant CCF-10-26566. The work of H. V. Poor was supported by the Air Force Office of Scientific Research under Grant FA9550-08-1-0480 and by the National Science Foundation under Grant CNS-09-05398. The work of L. Ying was supported by the National Science Foundation under Grant CNS- 08-31756 and Grant CNS-09-53165, and by the DTRA under Grant HDTRA1-08-1-0016 and Grant HDTRA1-09-1-0055. The associate editor coordinating the review of this manuscript and approving it for publication was Dr. Wade Trappe. Y. Liang is with the Department of Electrical Engineering and Computer Science, Syracuse University, Syracuse, NY 13244 USA (e-mail: yliang06@syr. edu). H. V. Poor is with the Department of Electrical Engineering, Princeton University, Princeton, NJ 08544 USA (e-mail: [email protected]). L. Ying is with the Department of Electrical and Computer Engineering, Iowa State University, Ames, IA 50011 USA (e-mail: [email protected]). Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org. Digital Object Identifier 10.1109/TIFS.2011.2158311

I. INTRODUCTION

W

IRELESS broadcast networks constitute one class of basic and important wireless networks, in which a source node simultaneously transmits a number of information flows (messages) to different destinations. However, broadcast communications make use of the open nature of the wireless medium, which presents a great challenge to achieve secure communication for individual users. This is because information for all users is contained in one transmitted signal, and hence information destined for one user may be obtained by nonintended users unless special coding is used. Physical layer security, which uses randomness of a physical communication channel to provide security for messages transmitted through the channel, opens a promising new direction toward solving wireless networking security problems. This approach was pioneered by Wyner in [1] and by Csiszár and Körner in [2], and more recently has been extensively explored in the literature (see [3] for a review of recent advances in physical layer security). Physical layer security adopts a precise quantitative measure of security level, i.e., the equivocation rate defined by Shannon [4], which equals the entropy rate of the source message conditioned on the channel output at the eavesdropper. This measure of the secrecy level allows security to be considered under the general Shannon framework of information theory [5], and hence provides an analytical basis with which to characterize the fundamental limits on communication rates given the security level constraints. This measure of security level also makes a unified security design across networking layers possible. The goal of such a design is to maximize network utility (i.e., to maximize overall users’ satisfaction of the service rate in a certain fair manner among users) under security, reliability, and stability constraints. This motivates a joint design of rate control at the transport layer, rate scheduling at the medium access control layer, and power control and secure coding at the physical layer. Without security constraints, the above issues have been separately studied for wireless broadcast networks in previous work. The physical layer issue of reliability requires that each information flow is received correctly at intended corresponding destinations, and optimal coding schemes to achieve reliability and the corresponding capacity region that includes all achievable rate vectors (rate allocation among users) have been studied in, e.g., [6]–[8]. Based on a queue-length-based scheduling algorithm that achieves the network throughput region [9], stability and utility maximization in wireless networks have been studied in, e.g., [10]–[15]. With security constraints, following the seminal work of [1], [2], physical layer secure coding schemes and the fundamental limits on the secrecy

1556-6013/$26.00 © 2011 IEEE

LIANG et al.: SECURE COMMUNICATIONS OVER WIRELESS BROADCAST NETWORKS

683

Fig. 2. Two time scales. Fig. 1. Fading broadcast network.

communication rates have been studied for broadcast networks in [16]–[33], where reliability and secrecy are jointly studied. Although jointly considering secrecy, reliability, and stability for network utility maximization has the potential for significant impact in improving network performance and resource efficiency, this perspective has not been examined before. One reason is because the physical layer approach to achieve security, which quantifies the measure of secrecy and greatly facilitates this joint design, has attracted considerable attention only recently. This joint design is the goal of this paper. In this paper, we study a broadcast network (see Fig. 1), in which a source node transmits confidential message flows to user nodes, and each message flow is intended to be decoded accurately by one node while being kept secret from all other nodes. Nodes are thus considered to be eavesdroppers with regard to all other messages but their own. We consider two eavesdropping models. The first one is referred to as a collaborative eavesdropping model, in which the eavesdroppers can exchange their outputs to interpret the message. The second one is referred to as a noncollaborative eavesdropping model, in which eavesdroppers do not exchange their outputs. We assume that the source node maintains a queue for each message flow if it is not served immediately. Each queue needs to remain stochastically stable so that no queue length builds up to infinity. As the measure of users’ satisfaction about network transmission services, a utility function is associated with each user. As the measure of the overall performance, the sum of all users’ utility functions needs to be maximized given that transmission of all information flows over the network is secret, reliable, and stable. In this paper, stability means queue stability, i.e., the queues do not build up to infinity. We assume that the channel from the source to the users is a fading broadcast channel, in which the channel outputs at each user are corrupted by a multiplicative fading gain process in addition to an additive white Gaussian noise process. We assume that the channel state information (channel gain realization) is known to the source node and to the corresponding receiver. This assumption is justified in the broadcast scenario considered here, because all users receive information from the source node and hence it is reasonable for them to feed their channel states back to the source node to obtain better service rates from this node. There are two time scales (see Fig. 2): one is the symbol time level, at which the channel state varies across symbol times, and the other is the packet time level, which spans a large number of symbol times during which the channel state behaves ergodically. To achieve reliable and secure communication for users, we adopt the physical layer security approach [1], [2] to employ a stochastic encoder at the source node. The source node allocates

its power not only among message flows (i.e., among users) but also dynamically according to the channel state information to improve secrecy communication rates. Hence the source power control operates over the symbol time scale, and determines the service rate allocation among users at the packet time level. At the packet time level, to maintain the stability of all queues, the source node implements a rate schedule scheme that adapts its service rate allocation dynamically among users based on the queue lengths. Furthermore, rate control is performed also at the packet time level to maximize the network utility function. Our goal is to study how to jointly design rate control and rate scheduling at the packet time scale and power control and secure coding at the symbol time scale to achieve network utility maximization under reliability, security and stability constraints. For the collaborative eavesdropping model, we first obtain the secrecy capacity region, within which each rate vector can be achieved by a time-division scheme, i.e., at each channel state, the source transmits only to the user whose channel gain is better than the sum of the channel gains of all other users. It is clear that this user must have the best channel gain at this state. The power control among the channel states thus determines the rate allocation among users, i.e., rate allocation among components of a rate vector. We further show that all arrival rate vectors contained in this region can be stabilized by a throughput optimal queue-length-based scheduling scheme at the packet time level, where queue length determines the service rate allocation among users, and hence determines the corresponding power control to achieve this service rate vector at the symbol time level. Finally, we obtain a distributed rate control policy that maximizes the overall network utility maximization given that reliability, secrecy, and stability are achieved. This maximization is achieved by joint design of rate control, rate scheduling, power control, and secure coding. For the noncollaborative eavesdropping model, we study a time-division scheme, in which the source transmits to one user in each channel state. The secrecy rate region based on this scheme is derived. Although the time-division scheme is suboptimal, it is simple and important from a practical point of view. We also provide and discuss improved secure coding schemes based on non-time-division schemes. Based on a simple achievable secrecy rate region, a queue-length-based rate scheduling algorithm is derived that stabilizes the arrival rate vectors contained in this rate region. We also obtain the distributed rate control policy that achieves the overall network utility maximization. The rest of the paper is organized as follows. In Section II, we introduce the channel model of interest. In Sections III and IV, we present our results for the collaborative and noncollaborative eavesdropping models, respectively. In Section V, we conclude the paper with a few remarks.

684


II. CHANNEL MODEL We consider the -user fading broadcast network (see Fig. 1), in which a source node transmits confidential messages to user nodes. Each message is intended for one user and needs to be kept secret from all other nodes. Hence, with regard to one message, all users other than its intended receiver are considered to be eavesdroppers. We assume that the channel from the source node to the users is a fading broadcast channel, in which the channel outputs at each user are corrupted by a multiplicative fading gain process in addition to an additive white Gaussian noise process. The channel input–output relationship is given by

In this paper, we focus on the case of perfect secrecy, in which the eavesdroppers do not obtain any information about the messages. This happens if (3) . for The second model is referred to as the noncollaborative model, which assumes that the eavesdroppers do not exchange their outputs. For this model, the secrecy level of the confidential message at user is measured by the following equivocation rate: (4)

(1) where denotes the th user, and denotes the th symbol time instant. At the symbol time instant , is the channel input from the source, is the channel output at user , is the source-to-user channel gain coefficient, and is the noise term at user . We define , and assume is a stationary and ergodic vector proper complex random process. We assume that the channel state information (i.e., the realization of ) is known at both the source node and the corresponding receivers. Here, the fading coefficients across users are not necessarily independent, and nor are they necessarily identically distributed. It will be clear in Sections III and IV that as long as the channel state information is known, only the marginal channel distributions to individual users affect the performance of the network. The noise processes for are independent identically distributed (i.i.d.) proper complex Gaussian processes with zero means and unit variances. The input sequence is subject to the average power constraint , i.e.,

A 1)

code consists of the following: message sets: for with each message uniformly distributed over the set , respectively; 2) one (stochastic) encoder at the source node that maps each message vector to a codeword ; and 3) decoders: each at one user node that maps a received sequence to a message for . In this paper, we study two eavesdropping models. The first model is referred to as the collaborative eavesdropping model, which assumes that all eavesdroppers collaborate and exchange their outputs to interpret a receiver’s message. As in [1], the secrecy level of the confidential message is measured by the following equivocation rate:

(2)

In the case of perfect secrecy, we have (5) , and . We note that for the definitions of collaborative and noncollaborative eavesdropping models have appeared in [34] and [35] for multiple access wiretap channels. A rate vector is achievable if there exists a sequence of codes such that as goes to infinity, the average probability of error goes to zero and asymptotic perfect secrecy is achieved for each message. The secrecy capacity region is defined to be the set that includes all achievable rate vectors such that perfect secrecy can be achieved. Since the source node has access to the channel state information, the source can dynamically change its transmission power as the channel state varies at the symbol time level. Each rate vector in the secrecy capacity region is a service rate allocation among users and is achieved by a corresponding power control policy at the source node. We assume that the source node maintains one queue for each message flow if it is not served immediately. We first consider the case in which the arrivals of the message flows are on the packet time scale, and are assumed to be random and independent of each other. We use to denote an arrival rate vector at packet time slot , with each component representing the arrival rate of one queue at packet time slot . The system is stochastically stable if no queue builds to infinity (see the formal definition in [9, Def. 3.1]). We use the vector to denote the queue length vector at packet time slot , with each component denoting the queue length for the th queue. We note that each packet time slot contains a large number of symbol time slots, during which the channel state changes in a stationary and ergodic manner. For each packet time slot, the rate scheduling at the source node is accomplished by choosing a secrecy rate vector as a service rate vector, which is achieved by a corresponding power control policy at the symbol time level. The stability region is defined to include all arrival rate vectors that can be stabilized by a rate scheduling algorithm. In the second case, we assume that associated with each user, a standard -fair utility function [36] is given by


where denotes the rate at which the source node generates the messages for user . The objective is to control arrival rate vectors for users properly so that the following network utility function is maximized, i.e.,

685

Theorem 1: For the collaborative eavesdropping model, the secrecy capacity region of the fading broadcast network is given by

(6) given that information flow to each user is securely and reliably received, and each queue is stabilized. This involves jointly designing rate control and a scheduling algorithm at the packet time scale and a power control policy and a secure coding scheme at the symbol time scale to achieve reliable and perfectly secure communication for all users, and at the same time to maintain the queues of all message flows stochastically stable.

III. COLLABORATIVE EAVESDROPPING MODEL A. Secrecy Capacity Region In this section, we consider the collaborative eavesdropping model, in which for a given message, all users (eavesdroppers) other than the intended destination can exchange their outputs to try to decode a given message. Since the eavesdroppers can exchange their outputs, they can be viewed as a super-eavesdropper that has receive antennas with each antenna receiving the outputs of one eavesdropper. Hence, the channel is equivalent to the wiretap channel [1] with the eavesdropper having multiple antennas, whose secrecy capacity (see Appendix A) can be obtained from that for the multiple-input multiple-output (MIMO) wiretap channel given in [37]–[40]. It is then clear that for each channel state, only a user whose channel gain is larger than the sum of the channel gains of all other users (eavesdroppers) can receive its message with perfect secrecy. Note that such a user may not exist. It is clear that this user must have the best channel state among all users. This suggests a time-division scheme with the source transmitting to at most one user in each channel state (or at the corresponding symbol time slot). For a given channel state , let denote the source power allocation for state . We use to denote the set that includes all power allocation functions (i.e., power control policies) that satisfy the power constraints, i.e., (7) Now let be the set of all channel states for which the channel gain of user is larger than the sum of the channel gains of all other users, i.e., (8) The following theorem states that a time-division scheme is optimal to achieve the secrecy capacity region.

(9) where the random vector has the same distribution as the marginal distribution of the random process at one symbol time instant. Proof: See Appendix A. We note that each rate in (9) decreases as the number of users increases, because the sum of channel gains of all other users in the second term in the bound for rate increases. This is intuitive because more eavesdroppers reduce the secrecy rate for each user. Remark 1: It is clear from (9) that no power is allocated to channel states that are not contained in any of the sets for , because no user can obtain perfect secrecy over these states. Remark 2: In Theorem 1, only ergodicity and stationarity are assumed for the fading process , which can be correlated across time and across components, and is not necessarily Gaussian. Remark 3: Each rate vector contained in the secrecy capacity region given in (9) is achieved by a certain power control policy over the symbol time slots. It also represents average service rates for users over a large number of fading states and hence at the packet time level. B. Stability and Utility Maximization The secrecy capacity region given in Theorem 1 includes all achievable secrecy rate vectors with each component representing the service rate for one user. It still remains to determine a rate scheduling algorithm to choose a service rate vector at each packet time slot to stabilize all queues and correspondingly to determine a power control policy over the symbol time slots to achieve this service rate vector. The rate scheduling algorithm and the power allocation policy are given in the following two theorems, respectively. Theorem 2: For the collaborative eavesdropping model, the information flows (i.e., the queues) are stable only if the arrival rate vector is in the secrecy capacity region given in (9), i.e., . Furthermore, given any arrival rate vector that satisfies (where denotes a -dimensional vector with all components equal to ), the system is stochastically stable under the following queue-length-based algorithm: for any given queue length vector , the secrecy rate vector

686


is chosen to be a solution to the following optimization problem: (10) Proof: See Appendix B. Remark 4: Since the queue-length-based algorithm given in Theorem 2 stabilizes any arrival rate vector inside the secrecy capacity region, it is referred to the secrecy throughput optimal scheduling scheme. Theorem 3: For the collaborative eavesdropping model, the power control policy that achieves the secrecy rate vector for the queue-length-based algorithm given in Theorem 2 is given as follows. For a given queue length vector

if otherwise (11) where is chosen to satisfy the power constraint given in (7). Proof: See Appendix C. Remark 5: It can be seen from (11) that more power may be allocated to user to increase its service rate and stabilize its queue when its queue length increases. We now consider the following network utility maximization problem: (12) A solution to the above problem provides an optimal rate control vector for the source node to generate messages for users so that the overall network utility is maximized given that all information flows are securely and reliably received, and each queue is stabilized. Theorem 4: Consider the following joint rate control, rate scheduling, and power allocation algorithm: For any given queue length vector , the source node generates messages for user with a rate (13)

Remark 6: In the above theorem, is a tuning parameter that controls the trade-off between optimality of utility maximization and the queue length. As increases, the rate control vector determined by (13) approaches the optimal solution to the utility maximization problem. Remark 7: The rate depends only on the utility function of user and the queue length of user . If information flows are generated at separate source centers, the rate control algorithm given in (13) provides a distributed way to control packet generation at these source centers. IV. NONCOLLABORATIVE EAVESDROPPING MODEL A. Secrecy Rate Region In this section, we consider the noncollaborative eavesdropping model, in which users do not share their outputs. For a given message, the channel can be viewed as the wiretap channel with multiple eavesdroppers [41] or with one eavesdropper whose channel to the source node is a compound channel [42]. For this model, we first consider a time-division scheme, i.e., the source node transmits to only one user at one symbol time or equivalently in one channel state realization . We use to denote the index of the user to which the source node transmits in the state . Hence, , as a function, describes a particular time-division (i.e., state allocation) scheme. We also use to denote the set that includes all possible state-division schemes. For a given channel allocation scheme , we consider the set of states for transmitting to user , i.e.,

The channel states in this set may not necessarily satisfy the condition that user has the best channel state among all users. The channel corresponding to these states can be viewed as parallel channels to every user with each subchannel corresponding to one state realization . Since during these states, the source node transmits information only to user , this channel is a parallel compound wiretap channel [43] with user being the legitimate receiver and other users being eavesdroppers, and both the legitimate user and eavesdroppers having parallel Gaussian channels. For the compound parallel wiretap channel, an optimal secure coding scheme was proposed in [44] to code across all parallel channels. Applying this scheme, an achievable rate for user can be obtained and is given by

is chosen to be a solution to the and the secrecy rate vector following optimization problem:

For the collaborative eavesdropping model, we have

where is the optimal solution of the network utility maximization problem. Proof: See Appendix D.

where equals its argument if it is positive and equals zero otherwise. It is clear that the total power allocated for transmitting to user is given by

Similar to the above steps, we can obtain the achievable secrecy rates for other users, and hence these rates constitute a rate


vector achieved for a given power control scheme and a channel allocation scheme . An achievable secrecy rate region for the broadcast channel includes achievable secrecy rates obtained for any power control scheme and any possible state allocation scheme, which is given below. Theorem 5: For the noncollaborative eavesdropping model, an achievable secrecy rate region for the fading broadcast channel is given by

(14)

where the random vector has the same distribution as the marginal distribution of the random process at one symbol time instant. We further consider a simple state allocation function, in which the source node transmits to user if user ’s channel is the best among users. We define the set to include all such channel states, i.e., (15) Then we have the state allocation function if for . Based on this state allocation function, we have the following corollary. Corollary 1: For the noncollaborative eavesdropping model, an achievable secrecy rate region for the fading broadcast channel is given by

(16)

has the same distriwhere the random vector bution as the marginal distribution of the random process at one symbol time instant. Proof: For each channel state, the source transmits only to the user with the best channel state, and hence the channel is the wiretap channel with multiple eavesdroppers. The achievable secrecy rate follows directly from the proof in [42]. We note that similar to the collaborative eavesdropping model, each rate in (16) decreases as the number of users increases, because the number of rate terms that the “min” is taken over increases. We also note that the gap between the regions given in (16) and (9) suggests the impact of eavesdropper collaboration on the

687

secrecy rate region. Two major differences determine the gap between the two regions. First of all, for the collaborative eavesdropping model, collaboration among eavesdroppers is reflected by the fact that a rate determined by the sum of the channel gains of the eavesdroppers is subtracted from the rate to the legitimate user in (9). For the noncollaborative eavesdropping model, a rate determined by the channel gain of each individual user is subtracted from the rate to the legitimate user. Second, for the collaborative model, a positive secrecy rate is achievable for a channel state only if one user has its channel gain larger than the sum of the channel gains of all of the other users. This condition may not be satisfied by all channel states. Hence, there may be some channel states at which no user can receive a positive secrecy rate. However, for the noncollaborative model, the condition for a user to achieve a positive secrecy rate is that this user’s channel gain is larger than that of all other users. This condition is less stringent, and each channel state can satisfy this condition for a certain user and hence contributes to this user’s secrecy rate. Due to both of the above reasons, the secrecy rate region for the noncollaborative eavesdropping model is larger than that of the collaborative eavesdropping model. This justification suggests the following remark. Remark 8: The regions given in (14) and (16) are larger than the region given in (9). This is because the eavesdroppers are less powerful in the noncollaborative eavesdropping model than in the collaborative eavesdropping model. Further improved secrecy rate regions can be derived if the source node is not restricted to time-division schemes and transmits multiple information flows at a time. In this case, the state allocation function represents a set of user indices to which the source node transmits at the channel state , and becomes more involved. The source node can apply stochastic superposition coding [45] to transmit multiple information flows simultaneously at one channel state. For each user, secure coding is performed across multiple states. In general, the above achievable schemes may not be optimal. Hence, we also derive an outer bound on the secrecy capacity region, which is given in the following theorem. Theorem 6: For the noncollaborative eavesdropping model, an outer bound on the secrecy capacity region of the fading broadcast channel is given by

(17)

where (18) Proof: The bound in (17) for and follow steps similar to those in Appendix A by replacing

688


with , respectively. The rest (for other indices) follows the steps similar to those for the above case. It can be seen that the gap between the inner bound (i.e., the achievable secrecy rate region) given in (16) and the outer bound given in (17) lies in the different sets over which the expectation of the secrecy rate is taken. For the inner bound, the expectations of the secrecy rate for users are taken over disjoint sets due to the time-division scheme. However, for the outer bound, the set over which the expectation is taken varies with and is the set that maximizes the expected value. It is also clear that the expectations in (17) for different users are taken over overlapping sets. This does not appear in the achievable region (16), because the achievable scheme uses time division and hence rates for different users cannot be contributed from overlapping state sets. For the case when , the two bounds are equal and provide the secrecy capacity region. This is also the case when the collaborative and noncollaborative eavesdropping models are the same. In general, the inner and outer bounds may not be very close, which also suggests there is potential to improve the secrecy rate region in (16) and (14). Although the non-time-division schemes discussed above provide a better secrecy rate region, their optimality remains an open issue. B. Stability and Utility Maximization As expected, if the secrecy rate region is too complicated, it may not be useful for joint design with other networking layers in practice. Hence, in this section, we study queue-length-based algorithms based on the achievable secrecy rate region given in (16). Theorem 7: For the noncollaborative eavesdropping model, if the arrival rate vector satisfies given in (16), then the system is stochastically stable under the following queue-based algorithm: for any given queue length vector , the secrecy rate vector is chosen to be a solution to the following optimization problem: (19) The corresponding power control policy that achieves the secrecy rate vector in the preceding algorithm is the solution to the following optimization problem:

(20) We note that the optimal power control policy can be derived by applying techniques developed in [46] for solving max–min optimization problems. We next consider the network utility maximization problem defined in (12) to obtain the optimal rates for the source node to generate messages for users. Theorem 8: Consider the following joint rate control, rate scheduling, and power allocation algorithm: For any given

queue length vector for user with a rate

, the source node generates messages

(21) and the secrecy rate vector is chosen to be a solution to the following optimization problem:

(22) For the noncollaborative eavesdropping model, we have

where is the optimal solution of the following network utility maximization problem: (23) Proof: The proof is similar to the proof of Theorem 4 given in Appendix D, and is hence omitted. Remark 9: Based on an improved secrecy rate region given in (14), the joint design for stability in Theorem 7 and utility maximization in Theorem 8 also needs to incorporate state allocation at the physical layer, which determines the achievable rate vectors jointly with power control. V. CONCLUSIONS In this paper, we have studied wireless broadcast networks, for which we have obtained the secrecy capacity region for the collaborative eavesdropping model and inner and outer bounds on the secrecy capacity region for the noncollaborative eavesdropping model. We have also obtained a secrecy throughput optimal scheduling scheme and a corresponding jointly optimal power control policy for the collaborative eavesdropping model. For the noncollaborative eavesdropping model, we have obtained results similar to the above based on an achievable secrecy rate region. For both models, we have further obtained the rate control vector for the source node to generate messages for users that achieve overall network utility maximization. To the authors’ knowledge, this is the first work that addresses reliability, security (via a physical layer approach), and stability jointly and studies utility network maximization under these constraints for wireless broadcast networks. The approach in this paper can be applied to analyze other wireless networks including multiple-access, interference, and relay networks. This approach also allows the incorporation of public and common message flows for users in the system as well. APPENDIX A PROOF OF THEOREM 1 , Proof of Achievability: For a given fading state the th message is transmitted to user . Since the eavesdroppers can exchange their outputs, they can be viewed as a super-


eavesdropper that has receive antennas with each antenna receiving the outputs of one eavesdropper. Now the channel is equivalent to the wiretap channel [1] with the eavesdropper having multiple antennas. Hence, based on the secrecy capacity region for the MIMO wiretap channel given in [37]–[40], the following secrecy rate is achievable in channel state :

689

where denotes the vector sequence . In the preceding equation, (a) follows from the perfect secrecy condition, (b) follows from the definition of the equivocation rate given in (2), (c) follows from Fano’s inequality such that (26) if , and follows because given , is independent of . and For each , since varying the correlation between does not affect the secrecy capacity, we obtain

where (24) Thus, the rate achievable for user is an average of the rate over all channel states , which provides the rate given in (9). Proof of the Converse: We note that although the converse proof is based on the ideas for obtaining the secrecy capacity of the parallel wiretap channel [47], [48] and the MIMO wiretap channel in [37]–[40], the proof is not given by directly combining the two. We first consider the parallel broadcast channel with subchannels indexed by . Each subchannel is a broadcast channel with one input and outputs for . In fact, the parallel broadcast channel is equivalent to a fading broadcast channel with the channel state taking finite equi-probable states indexed by . Each subchannel of the parallel broadcast channel corresponds to one channel state of the fading broadcast channel. Extending our proof to the case when has a continuous state space is standard. For the parallel broadcast channel, we consider a code with average error probability , where approaches zero as approaches infinity. We follow steps similar to those in [47] and [48], and bound the rate as follows:

(27) in the above equation denotes the minimization over where all possible correlation between and . We now apply the converse proof in [37]–[40] to obtain

(28) if subchannel corresponds to the fading state , and the power is allocated to this subchannel. It is clear that only those whose corresponding contribute to the secrecy rate in (25), and hence the average needs to be taken only over in (27). Following the same steps as above, we can obtain the bounds on the rates . It is also clear that the sum of the power allocated for obtaining is less than the power constraint , because the channel states contributing to these rates constitute disjoint sets. This concludes the proof. APPENDIX B PROOF OF THEOREM 2 given in (9) is the secrecy caWe first note that since pacity region, it is clear that the network cannot be stabilized if . We next use the idea proposed in [9] to establish stability. We define the following Lyapunov function:

We also define

We further define and derive the drift of

(25)

as follows:

690


APPENDIX C PROOF OF THEOREM 3 From (10), we obtain

(33) (29) where packets in Let slot, slot, and

for are given in (9). The Lagrangian to where solve the preceding convex optimization problem is given by

denotes the unused service rate due to the lack of queue . denote the maximum number of arrivals in one time denote the maximum rate achievable in one time . Note that if , and hence (34)

and

where is a Lagrange multiplier. For , the optimal satisfies the following necessary and sufficient condition: (30)

Now given that that

, there exists

such

(31) Thus, we have

with equality when . The power control policy (11) can then be obtained by simple algebra.

(35) in

APPENDIX D PROOF OF THEOREM 4 We define the following Lyapunov function:

Following the analysis in the proof of Theorem 2, we obtain that there exists such that

(32) where (a) follows from (31), and (b) follows from the definition of the queue-length-based algorithm that for is a solution to the optimization problem given in (10). Therefore, we conclude that if . Since is Markovian, the system is stochastically stable according to the Foster–Lyapunov criterion [49].

(36) is the optimal solution to the network utility where maximization problem (12).


Since is a solution to the optimization problem given in (10), we have , and

(37) Since obtain

is a solution to the optimization problem (13), we (38)

and (39) Summing up both sides for

to

, we obtain

(40) which implies that

Letting both

and

go to infinity, we have

Furthermore,

holds at any time , so we conclude that

691

REFERENCES [1] A. D. Wyner, “The wire-tap channel,” Bell Syst. Tech. J., vol. 54, no. 8, pp. 1355–1387, Oct. 1975. [2] I. Csiszár and J. Körner, “Broadcast channels with confidential messages,” IEEE Trans. Inf. Theory, vol. IT-24, no. 3, pp. 339–348, May 1978. [3] Y. Liang, H. V. Poor, and S. Shamai (Shitz), “Information theoretic security,” in Foundations and Trends in Communications and Information Theory. Hanover, MA: Now Publishers, 2008, vol. 5, nos. 4–5, pp. 355–580. [4] C. E. Shannon, “Communication theory of secrecy systems,” Bell Syst. Tech. J., vol. 28, pp. 656–715, 1949. [5] C. E. Shannon, “A mathematical theory of communication,” Bell Syst. Tech. J., vol. 27, pp. 379–423 and 623–656, 1948. [6] D. N. Tse, “Optimal power allocation over parallel Gaussian broadcast channels,” in Proc. IEEE Int. Symp. Information Theory (ISIT), Ulm, Germany, Jun. 1997, pp. 27–27. [7] L. Li and A. J. Goldsmith, “Capacity and optimal resource allocation for fading broadcast channels-Part I: Ergodic capacity,” IEEE Trans. Inform. Theory, vol. 47, no. 3, pp. 1083–1102, Mar. 2001. [8] L. Li and A. J. Goldsmith, “Capacity and optimal resource allocation for fading broadcast channels-Part II: Outage capacity,” IEEE Trans. Inf. Theory, vol. 47, no. 3, pp. 1103–1127, Mar. 2001. [9] L. Tassiulas and A. Ephremides, “Stability properties of constrained queueing systems and scheduling policies for maximum throughput in multihop radio networks,” IEEE Trans. Automat. Contr., vol. 37, no. 12, pp. 1936–1948, Dec. 1992. [10] E. M. Yeh and A. S. Cohen, “Throughput optimal power and rate control for multiaccess and broadcast communications,” in Proc. IEEE Int. Symp. Information Theory (ISIT), Chicago, IL, Jun./Jul. 2004, pp. 112–112. [11] A. Eryilmaz, R. Srikant, and J. Perkins, “Stable scheduling policies for fading wireless channels,” IEEE/ACM Trans. Netw., vol. 13, no. 2, pp. 411–424, Apr. 2005. [12] A. Eryilmaz and R. Srikant, “Fair resource allocation in wireless networks using queue-length-based scheduling and congestion control,” in Proc. IEEE INFOCOM, Miami, FL, Mar. 2005. [13] M. Neely, E. Modiano, and C. Li, “Fairness and optimal stochastic control for heterogeneous networks,” in Proc. IEEE INFOCOM, Miami, FL, Mar. 2005, vol. 3, pp. 1723–1734. [14] A. Stolyar, “Maximizing queueing network utility subject to stability: Greedy primal-dual algorithm,” Queueing Syst., vol. 50, no. 4, pp. 401–457, Aug. 2005. [15] A. Eryilmaz and R. Srikant, “Joint congestion control, routing and MAC for stability and fairness in wireless networks,” IEEE J. Sel. Areas Commun., vol. 24, no. 8, pp. 1514–1524, Aug. 2006. [16] M. Bloch, J. Barros, M. R. D. Rodrigues, and S. W. McLaughlin, “Wireless information-theoretic security,” IEEE Trans. Inf. Theory, vol. 54, no. 6, pp. 2515–2534, Jun. 2008. [17] E. Ekrem and S. Ulukus, “Degraded compound multi-receiver wiretap channels,” IEEE Trans. Inf. Theory, 2009, submitted for publication. [18] E. Ekrem and S. Ulukus, “The secrecy capacity region of the Gaussian MIMO multi-receiver wiretap channel,” IEEE Trans. Inf. Theory, vol. 57, no. 4, pp. 2083–2114, Apr. 2011. [19] E. Ekrem and S. Ulukus, “Secrecy capacity of a class of broadcast channels with an eavesdropper,” Special Issue on Wireless Physical Layer Security, EURASIP J. Wireless Commun. Netw., vol. 2009, pp. 29–29, 2009, Article ID 824235. [20] E. Ekrem and S. Ulukus, “Ergodic secrecy capacity region of the fading broadcast channel,” in Proc. IEEE Int. Conf. Commun. (ICC), Dresden, Germany, 2009. [21] E. Ekrem and S. Ulukus, “Capacity region of Gaussian MIMO broadcast channels with common and confidential messages,” IEEE Trans. Inf. Theory, 2010, submitted for publication. [22] P. Gopala, L. Lai, and H. E. Gamal, “On the secrecy capacity of fading channels,” IEEE Trans. Inf. Theory, vol. 54, no. 10, pp. 4687–4698, Oct. 2008. [23] A. Khisti, A. Tchamkerten, and G. Wornell, “Secure broadcasting,” Special Issue on Information Theoretic Security, IEEE Trans. Inf. Theory, vol. 54, no. 6, pp. 2453–2469, Jun. 2008. [24] Z. Li, W. Trappe, and R. D. Yates, “Secret communication via multi-antenna transmission,” in Proc. Conf. Information Sciences and Systems (CISS), Baltimore, MD, Mar. 2007. [25] H. D. Ly, T. Liu, and Y. Liang, “Multiple-input multiple-output Gaussian broadcast channels with common and confidential messages,” IEEE Trans. Inf.. Theory, vol. 56, no. 11, pp. 5477–5487, Nov. 2010. [26] Y. Liang, H. V. Poor, and S. Shamai (Shitz), “Physical layer security in broadcast networks,” Security Commun. Netw., vol. 2, no. 3, pp. 227–238, May/Jun. 2009.

692


[27] Y. Liang, H. V. Poor, and S. Shamai (Shitz), “Secure communication over fading channels,” Special Issue on Information Theoretic Security, IEEE Trans. Inf. Theory, vol. 54, no. 6, pp. 2470–2492, Jun. 2008. [28] M. Kobayashi, Y. Liang, S. Shamai (Shitz), and M. Debbah, “On the compound MIMO broadcast channels with confidential messages,” in Proc. IEEE Int. Symp. Information Theory (ISIT), Seoul, Korea, Jun./ Jul. 2009. [29] R. Liu, I. Maric, P. Spasojevic, and R. Yates, “Discrete memoryless interference and broadcast channels with confidential messages: Secrecy rate regions,” Special Issue on Information Theoretic Security, IEEE Trans. Inf. Theory, vol. 54, no. 6, pp. 2493–2507, Jun. 2008. [30] R. Liu and H. V. Poor, “Secrecy capacity region of a multi-antenna Gaussian broadcast channel with confidential messages,” IEEE Trans. Inf. Theory, vol. 55, no. 3, pp. 1235–1249, Mar. 2009. [31] R. Liu, T. Liu, H. V. Poor, and S. Shamai (Shitz), “MIMO Gaussian broadcast channels with confidential and common messages,” in Proc. IEEE Int. Symp. Information Theory (ISIT), Austin, TX, Jun. 2010. [32] R. Liu, T. Liu, H. V. Poor, and S. Shamai (Shitz), “Multiple-input multiple-output Gaussian broadcast channels with confidential messages,” IEEE Trans. Inf. Theory, vol. 56, no. 9, pp. 4215–4227, Sep. 2010. [33] J. Xu, Y. Cao, and B. Chen, “Capacity bounds for broadcast channels with confidential messages,” IEEE Trans. Inf. Theory, vol. 55, no. 10, pp. 4529–4542, Oct. 2009. [34] E. Tekin and A. Yener, “The Gaussian multiple access wire-tap channel,” IEEE Trans. Inf. Theory, vol. 54, no. 12, pp. 5747–5755, Dec. 2008. [35] E. Tekin and A. Yener, “The general Gaussian multiple access and two-way wire-tap channels: achievable rates and cooperative jamming,” Special Issue on Information Theoretic Security, IEEE Trans. Inf. Theory, vol. 54, no. 6, pp. 2735–2751, Jun. 2008. [36] J. Mo and J. Walrand, “Fair end-to-end window-based congestion control,” in Proc. SPIE Int. Symp., Boston, MA, 1998. [37] A. Khisti and G. W. Wornell, “Secure transmission with multiple antennas-I: The MISOME wiretap channel,” IEEE Trans. Inf. Theory, vol. 56, no. 7, pp. 3088–3104, Jul. 2010. [38] A. Khisti and G. W. Wornell, “Secure transmission with multiple antennas-II: The MIMOME wiretap channel,” IEEE Trans. Inf. Theory, vol. 56, no. 11, pp. 5515–5532, Nov. 2010. [39] F. Oggier and B. Hassibi, “The secrecy capacity of the MIMO wire-tap channel,” in Proc. 45th Annu. Allerton Conf. Communication, Control and Computing, Monticello, IL, Sep. 2007. [40] T. Liu and S. Shamai (Shitz), “A note on the secrecy capacity of the multi-antenna wire-tap channel,” IEEE Trans. Inf. Theory, vol. 55, no. 6, pp. 2547–2553, Jun. 2009. [41] P. Wang, G. Yu, and Z. Zhang, “On the secrecy capacity of fading wireless channel with multiple eavesdroppers,” in Proc. IEEE Int. Symp. Information Theory (ISIT), Nice, France, Jun. 2007. [42] Y. Liang, G. Kramer, H. V. Poor, and S. Shamai (Shitz), “Compound wire-tap channels,” in Proc. 45th Annu. Allerton Conf. Communication, Control and Computing, Monticello, IL, Sep. 2007. [43] Y. Liang, G. Kramer, H. V. Poor, and S. Shamai (Shitz), “Compound wire-tap channels,” Special Issue on Wireless Physical Layer Security, EURASIP J. Wireless Commun. Netw., vol. 2009, p. 12, 2009, Article ID 142374. [44] T. Liu, V. Prabhakaran, and S. Vishwanath, “The secrecy capacity of a class of parallel Gaussian compound wiretap channels,” in Proc. IEEE Int. Symp. Information Theory (ISIT), Toronto, ON, Canada, Jul. 2008. [45] P. P. Bergmans, “Random coding theorem for broadcast channels with degraded components,” IEEE Trans. Inf. Theory, vol. IT-19, no. 2, pp. 197–207, Mar. 1973. [46] Y. Liang, V. V. Veeravalli, and H. V. Poor, “Resource allocation for wireless fading relay channels: Max-min solution,” Special Issue on Models, Theory and Codes for Relaying and Cooperation in Communication Networks, IEEE Trans. Inf. Theory, vol. 53, no. 10, pp. 3432–3453, Oct. 2007. [47] Z. Li, R. Yates, and W. Trappe, “Secrecy capacity of independent parallel channels,” in Proc. 44th Annu. Allerton Conf. Communication, Control and Computing, Monticello, IL, Sep. 2006. [48] Y. Liang and H. V. Poor, “Secure communication over fading channels,” in Proc. 44th Annu. Allerton Conf. Communication, Control and Computing, Monticello, IL, Sep. 2006. [49] S. Asmussen, Applied Probability and Queues. New York: SpringerVerlag, 2003.

Yingbin Liang (S’00–M’05) received the Ph.D. degree in electrical engineering from the University of Illinois at Urbana-Champaign in 2005. From 2005 to 2007, she was working as a postdoctoral research associate at Princeton University. From 2008 to 2009, she was an assistant professor at the Department of Electrical Engineering, University of Hawaii. Since December 2009, she has been an assistant professor at the Department of Electrical Engineering and Computer Science, Syracuse University, Syracuse, NY. Her research interests include communications, wireless networks, information theory, and machine learning. Dr. Liang was a Vodafone Fellow at the University of Illinois at UrbanaChampaign during 2003–2005, and received the Vodafone-U.S. Foundation Fellows Initiative Research Merit Award in 2005. She also received the M.E. Van Valkenburg Graduate Research Award from the ECE department, University of Illinois at Urbana-Champaign, in 2005. In 2009, she received the National Science Foundation CAREER Award, and the State of Hawaii Governor Innovation Award.

H. Vincent Poor (S’72–M’77–SM’82–F’87) received the Ph.D. degree in electrical engineering and computer science from Princeton University in 1977. From 1977 to 1990, he was on the faculty of the University of Illinois at Urbana-Champaign. Since 1990, he has been on the faculty at Princeton University, Princeton, NJ, where he is the Dean of Engineering and Applied Science, and the Michael Henry Strater University Professor of Electrical Engineering. His research interests are in the areas of stochastic analysis, statistical signal processing and information theory, and their applications in wireless networks and related fields. Among his publications in these areas are Quickest Detection (Cambridge Univ. Press, 2009), coauthored with Olympia Hadjiliadis, and Information Theoretic Security (Now Publishers, 2009), coauthored with Yingbin Liang and Shlomo Shamai. Dr. Poor is a member of the National Academy of Engineering and the National Academy of Sciences, a Fellow of the American Academy of Arts and Sciences, and an International Fellow of the Royal Academy of Engineering (U. K.). He is also a Fellow of the Institute of Mathematical Statistics, the Optical Society of America, and other organizations. In 1990, he served as President of the IEEE Information Theory Society, and in 2004–2007 as the Editor-in-Chief of the IEEE TRANSACTIONS ON INFORMATION THEORY. He received a Guggenheim Fellowship in 2002 and the IEEE Education Medal in 2005. Recent recognition of his work includes the 2009 Edwin Howard Armstrong Achievement Award of the IEEE Communications Society, the 2010 IET Ambrose Fleming Medal for Achievement in Communications, the 2011 IEEE Eric E. Sumner Award, and an honorary doctorate from the University of Edinburgh, awarded in June 2011.

Lei Ying (M’08) received the B.E. degree from Tsinghua University, Beijing, in 2001, and the M.S. and Ph.D. degrees in electrical engineering from the University of Illinois at Urbana-Champaign in 2003 and 2007, respectively. During Fall 2007, he worked as a Postdoctoral fellow in the University of Texas at Austin. He is currently an Assistant Professor at the Department of Electrical and Computer Engineering at Iowa State University, Ames, IA. His research interest is broadly in the area of information networks, including wireless networks, mobile ad hoc networks, P2P networks, and social networks. Dr. Ying received a Young Investigator Award from the Defense Threat Reduction Agency (DTRA) in 2009, NSF CAREER Award in 2010, and is named Litton Assistant Professor at the Department of Electrical and Computer Engineering at Iowa State University for 2010–2012.