Physical Layer Security for Multiuser MIMO Communications

Wireless multi-user MIMO communications are used more and more often to exchange sensitive data. Because of the broadcast nature of the physical medium, unauthorized receivers located within the transmission range can observe the signals sent by the transmitter to a legitimate receiver and eavesdrop them. Therefore, security has become an extremely important issue to deal with. Multiuser MIMO communications are particularly sensitive to the problem of security, because each confidential message must be kept secret not only from external nodes, but also from all the users other than the intended one.


Introduction
Wireless multi-user MIMO communications are used more and more often to exchange sensitive data.Because of the broadcast nature of the physical medium, unauthorized receivers located within the transmission range can observe the signals sent by the transmitter to a legitimate receiver and eavesdrop them.Therefore, security has become an extremely important issue to deal with.Multiuser MIMO communications are particularly sensitive to the problem of security, because each confidential message must be kept secret not only from external nodes, but also from all the users other than the intended one.
Traditionally, wireless security is ensured by network-layer cryptography techniques.However, these techniques may not be suitable in the case of large dynamic wireless networks, since they raise issues like key distribution and management (for symmetric cryptosystems), and high computational complexity (for asymmetric cryptosystems).Moreover, these schemes are potentially vulnerable, since they rely on the limited resources of the eavesdropper and on the unproven assumption that certain encryption algorithms are hard to invert.Methods exploiting the randomness inherent in noisy channels, known as physical layer security, have been proposed to enhance the protection of transmitted data and achieve perfect secrecy [1,2].Physical-layer security allows secret communications over a wireless channel without requiring an encryption key, and it works by limiting the amount of information that can be extracted at the physical level by an unintended receiver.This is performed by designing appropriate coding and precoding schemes, and by exploiting the channel state information available at the network nodes [3].
Physical layer security for communications was proposed in the 1970's by Wyner [4], who studied a three-terminal network consisting of a transmitter, an intended user and an eavesdropper, known as the wiretap channel.For this network, the secrecy capacity was defined as the maximum rate at which a message can be transmitted reliably to the intended user while the rate of information leakage to the eavesdropper vanishes asymptotically with the code length.For the case when the eavesdropper's channel is a degraded version of the intended user's channel, Wyner showed that it is possible to have secret communication without using an encryption key.This can be achieved by a randomized coding scheme where the information is hidden in the additional noise seen by the eavesdropper.Each message is mapped to many codewords, thus inducing maximal equivocation at the eavesdropper.Csizar and Korner generalized Wyner's work by considering a nondegraded version of the wiretap channel [5].
Physical layer security was then applied to Gaussian channels [6], and it was observed that a secret transmission can be achieved only if the channel at the eavesdropper is noisier than the channel at the intended user.The presence of slow fading was shown to significantly change the situation, since it allows the transmitter to employ a variable-rate transmission, thus achieving secrecy even when the eavesdropper's channel is better than the intended receiver's channel on average [7].Also the use of multiple antennas can enhance the secrecy capability, because it enables the transmitter to beamform in a direction as orthogonal to the eavesdropper and as close to the intended user as possible [8][9][10].Even when the channel at the eavesdropper is unknown by the transmitter, artificial noise can be transmitted to degrade the eavesdropper's channel and thus reduce its signal-to-noise ratio, while being harmless to the intended receiver [11][12][13].
More recently, physical layer security has also been extended to multiuser MIMO channels.In this chapter, we will survey the research in the field of physical layer security for multiuser MIMO communications, especially focusing on the case when multiple malicious users are present in the network, and they can eavesdrop on each other.For these complex scenarios, we will present some suboptimal low-complexity transmission schemes, discuss their performance and quantify the sum-rate penalties imposed by the secrecy requirements and by the presence of multiple users.We will discuss the challenges that arise in networks with a large number of malicious receivers, we will identify potential ways to deal with these challenges, and present an outlook on future directions for research.

Physical layer security in multiuser MIMO systems
One way to extend the concept of physical layer security to multiuser systems is by considering the multiuser wiretap channel, where a transmitter wants to have confidential communication with an arbitrary number of trusted users in the presence of an external eavesdropper.For this system set-up, the secrecy capacity region in the presence of an arbitrary number of legitimate receivers was characterized in [14], by using the relationship between the minimum-mean-square-error and the mutual information.The capacity achieving coding scheme was shown to be a variant of dirty-paper coding with Gaussian signals.
Since the transmitter cannot always predict the behavior of the users, the multiuser MIMO channel with malicious users is now regarded with large interest.This is also denoted as the broadcast channel with confidential messages (BCC).Consider a broadcast channel with two independent confidential messages sent to two receivers, where each receiver acts as an eavesdropper for the other one.In other words, the first message is intended for the first receiver but needs to be kept secret from the second receiver, and viceversa.This scenario was studied in [15] for the multiple-input single-output (MISO) Gaussian case and in [16] for general MIMO Gaussian case.In this case it was shown that both confidential messages can be simultaneously transmitted at their respective maximum secrecy rates, and the achievability was obtained using the dirty-paper coding.
Let us cosider now a larger multiuser network with more than two malicious users.For this network, it is required that the base station (BS) securely transmits each confidential message, ensuring that none of the other unintended users receive any information.Since in general the behavior of the users cannot be determined by the transmitter, a conservative worst-case scenario can be assumed for each user, where all the remaining users can cooperate to jointly eavesdrop.In this case, for each user, the alliance of the cooperating eavesdropper is equivalent to a single multi-antenna eavesdropper.
The MISO BCC with a generic number of malicious receivers was studied in [17,18], and it consists of a BS with M antennas that simultaneously transmit independent confidential messages to K spatially dispersed single-antenna users, which can cooperate and eavesdrop on each other.Although determining the secrecy capacity region for the generic MISO BCC is still an open problem, suboptimal transmission schemes have been proposed to achieve high secrecy sum-rates by controlling the amount of crosstalk between the users [19].These schemes are based on linear precoding, and unlike dirty-paper coding, their low complexity makes them suitable for practical implementation.In the following sections, we present some new results on the secrecy sum-rates achieved by multiuser MIMO linear precoding.

Physical layer security with multi-user MIMO linear precoding
Although suboptimal, linear precoding schemes are of particular interest because of their low-complexity implementations and because they can control the amount of crosstalk between the users to maintain a high sum-rate in the broadcast channel [20][21][22][23][24][25][26][27].In the MISO BCC, linear precoding can be employed to control the amount of interference and information leakage to the unintended receivers introduced by the transmission of each confidential message [17][18][19].
Let the transmitted signal be denoted by x, then the received signal is given by where column of H and it represents the channel between the BS and the k-th user, and n is complex Gaussian noise.In linear precoding, the transmitted vector x is derived from the vector containing the confidential messages u = [u 1 , . . . ,u K ] T through a deterministic linear transformation (precoding) [22][23][24][25].Let W = [w 1 , . . . ,w K ] be the M × K precoding matrix, where w k is the k-th column of W. Then the transmitted signal is

Achievable secrecy sum-rates with linear precoding
The secrecy sum-rates achievable by linear precoding were obtained in [18] by considering the worst-case scenario, where for each intended receiver k the remaining K − 1 users can form an alliance k, and cooperate to jointly eavesdrop on the message u k .By noting that each user k, along with its own eavesdropper k and the transmitter, forms an equivalent multi-input, single-output, multi-eavesdropper (MISOME) wiretap channel [10], an achievable secrecy sum-rate R s is given by where SINR k and SINR k are the signal-to-interference-plus-noise ratios for the message u k at the intended receiver k and the eavesdropper k, respectively, given by and and where ρ is the transmit SNR, and H k is the matrix obtained from H by removing the k-th row.
Particular attention was given to the Regularized Channel Inversion (RCI) precoder, because it achieves better performance than the plain Channel Inversion precoder, especially at low SNR [24,25].A linear precoder based on RCI was proposed for the MISO BCC in [19].The RCI precoding matrix is given by where γ is a long-term power normalization constant, given by For each message, the function of the regularization parameter ξ is to achieve a tradeoff between maximizing the signal power at the intended user and minimizing the interference and information leakage at the other unintended users.In [19], the regularization parameter is optimized to maximize the secrecy sum-rate.

Large-system results
The secrecy sum-rate achievable by the RCI precoder in the MISO BCC was obtained in [19] by large-system analysis, where both the number of receivers K and the number of transmit antennas M approach infinity, with their ratio β = K/M being held constant.Unless otherwise stated, the results presented in the following refer to the large-system regime.We note that these results are accurate even when applied to small systems with a finite number of users.
An expression for the secrecy sum-rate R • s in the large-system regime is given by [19] In [19], a closed form expression was also derived for the optimal regularization parameter ξ ⋆• , given by For the specific case β = 1, i.e.M = K, the value of ξ ⋆• reduces to [18] We note that the value of the regularization parameter ξ ⋆• that maximizes the secrecy sum-rate differs from the value ξ ⋆• ns = β/ρ that maximizes the sum-rate without secrecy requirements [28].
By substituting the optimal value of the regularization parameter (10) in (8), it is possible to obtain the optimal secrecy sum-rate R ⋆• s achievable by RCI precoding in the large-system regime.The secrecy sum-rate R ⋆• s is a function of K, β and ρ.When β = 1, the optimal secrecy sum-rate R Although the optimal value of the regularization parameter ξ ⋆• in (10) was derived in [19] in the large-system regime, using ξ ⋆• in a finite-size system does not cause a significant loss in the secrecy sum-rate compared to using a regularization parameter ξ fs (H) optimized for every channel realization.
Fig. 1 shows the complementary cumulative distribution function (CCDF) of the normalized secrecy sum-rate difference between using ξ ⋆• and ξ fs (H) as the regularization parameter of the RCI precoder for K = 4, 8, 16, 32 users, for β = 1 and at an SNR of 10dB.The difference is normalized by dividing by the secrecy sum-rate of the precoder that uses ξ fs (H).We observe that the average normalized secrecy sum-rate difference is less than 2.4 percent for all values of K.As a result, the large-system regularization parameter ξ ⋆• may be used instead of the finite-system regularization parameter with only a small loss of performance.Moreover, the value of ξ ⋆• does not need to be calculated for each channel realization.Fig. 2 compares the secrecy sum-rate R ⋆• s of the RCI precoder from the large-system analysis to the simulated ergodic secrecy sum-rate R s with a finite number of users, for different values of β.We observe that as M increases, the simulated rates approach the curves from large-system analysis.For β ≤ 1, R ⋆• s is always positive and monotonically increasing with the SNR ρ.However when β > 1, the secrecy sum-rate does not monotonically increase with ρ.There is an optimal value of the SNR beyond which the achievable secrecy sum-rate R ⋆• s starts decreasing, until it becomes zero for large SNR.When β ≥ 2 no positive secrecy sum-rate is achievable at all [19].The expression of the secrecy sum-rate R ⋆• s becomes simpler in the limit of large SNR.In fact, it can be approximated by We note from (13) that for high SNR, the behavior of the secrecy sum-rate significanly depends on the ratio β between the number of users K and the number of transmit antennas M. When K < M, the secrecy sum-rate scales linearly with the factor K. If K = M, the scaling factor reduces to K/2.When the number of users K exceeds the number of antennas M, then the secrecy sum-rate decreases with the SNR ρ, and there is a value of ρ beyond which the achievable secrecy sum-rate becomes zero.

Effect of the network load
Fig. 3 depicts the asymptotic secrecy sum-rate per transmit antenna as a function of β, for several values of the SNR.We denote by β opt the value of the ratio β that maximizes the secrecy sum-rate per transmit antenna R ⋆• s /M.It is possible to see from Fig. 3 that β opt is an increasing function of the SNR.The value of β opt falls between 0 and 1, and it tends to 1 in the limit of large SNR.
We denote by β max the maximum value of β allowed for non-zero secrecy sum-rates.The value of β max represents the maximum number of users per transmit antenna that can be served with non-zero secrecy sum-rate.Fig. 3 shows that β max is a decreasing function of the SNR.The value of β max can be found by solving the following cubic equation [19] (ρ + 1) The value of β max falls between 1 and 2. This means that if K ≥ 2M, i.e. if β ≥ 2, then the secrecy sum-rate is zero for all SNRs.In the limit of large SNR, equation ( 14) reduces to yielding to β max = 1.These results can be explained as follows.In the worst-case scenario, the alliance of cooperating eavesdroppers can cancel the interference, and its received SINR is the ratio between the signal leakage and the thermal noise.In the limit of large SNR, the thermal noise vanishes, and the only means for the transmitter to limit the eavesdropper's SINR is by reducing the signal leakage to zero by inverting the channel matrix.This can only be accomplished when the number of transmit antennas is larger than or equal to the number of users, hence only if β ≤ 1.When β > 1 this is not possible, and no positive secrecy sum-rate can be achieved.When β ≥ 2, the eavesdroppers are able to drive the secrecy sum-rate to zero irrespective of This is consistent with the results presented in [10] for a single-user system.

The cost of physical layer security in multi-user MIMO
Guaranteeing secrecy and serving multiple (and potentially malicious) users at the same time both come at a cost in terms of the per-user transmission rate.In this section, we discuss the cost of achieving physical layer security in multiuser MIMO communications.

Secrecy loss
The cost due to the secrecy requirements, which we denote by secrecy loss, can be obtained by comparing the secrecy sum-rate R ⋆• s achieved by the RCI precoder to the sum-rate R ⋆• achieved by an optimized RCI precoder without secrecy requirements.The gap between R ⋆• s and R ⋆• represents how much guaranteeing secrecy costs in terms of the achievable sum-rate.
The optimal sum-rate R ⋆• without secrecy requirements is obtained by using the precoder in (6), and it is given by [29]  with ξ ⋆• ns = β/ρ.It is easy to show that R ⋆• ≥ 0 for all values of β and ρ, with equality only for ρ = 0, and that R ⋆• tends to zero as β → ∞.Hence, there is no limit to the number of users per transmit antenna β that the system can accommodate with a non-zero sum-rate.However if we impose the secrecy requirements, the secrecy sum-rate R ⋆• s is zero for β ≥ β max , with β max given by (14).Therefore, introducing the secrecy requirements will limit to β max the number of users per transmit antenna that can be served with a non-zero sum-rate.
We now compare the secrecy sum-rate R ⋆• s to the sum-rate R ⋆• in the limit of large SNR.Again by using the regularization parameter ξ ⋆• ns = β/ρ we obtain the following large-SNR approximation for the secrecy sum-rate without secrecy requirements [19] By comparing ( 17) to ( 13), we can draw the following conclusions regarding the large-SNR regime.If the number of transmit antennas M is larger than the number of users K, then , and the secrecy requirements do not decrease the sum-rate of the network.Therefore, by using ξ ⋆• from (10) one can achieve secrecy while maintaining the same sum-rate, i.e. there is no secrecy loss.If M = K, then β = 1, the secrecy requirements only reduce the sum-rate by a constant value, and the scaling factor K/2 remains unchanged.Alternatively, one can achieve secrecy while maintaining the same sum-rate, by increasing the transmitted power by a factor 64/27 ≈ 3.75dB.If M < K, i.e. β > 1, then the secrecy requirements result in a value of R ⋆• s that decreases with the SNR, as opposed to a constant sum-rate R ⋆• without secrecy.Therefore if the SNR is too large, then the secrecy sum-rate becomes zero.

Multiuser Loss
The cost due the interference caused by the presence of multiple users in the system, which we denote by multiuser loss, is given by the gap between the per-user secrecy rate R ⋆• s /K and the secrecy capacity C s,SU of the single-user MISOME wiretap channel, where one user is served at a time and the remaining users can eavesdrop.
The value of C s,SU was obtained in [10], and for large SNR it can be approximated by We compare R ⋆• s /K to C s,SU in the large-SNR regime.We note that in C s,SU from [10] a single-user system is considered.Therefore, only one message is transmitted to one legitimate user, and the user does not experience any interference.By comparing (18) to R ⋆• s /K, we can conclude that for β ≤ 1, the RCI precoder achieves a per-user secrecy rate which has the same linear scaling factor as the secrecy capacity of a single-user system with no interference.When 1 < β < 2, the presence of interference results in a value of R ⋆• s that decreases with the SNR, as opposed to a constant value for C s,SU .When β ≥ 2, the secrecy rate is zero irrespective of the presence of interference.

Power allocation
In some cases, the rate loss generated by the secrecy requirements and by the interference due to the presence of multiple users can be compensated by a power allocation scheme.In [18], an iterative power allocation algorithm was proposed to obtain the maximum secrecy sum-rate for a fixed regularization parameter ξ.The algorithm was also extended to maximize the secrecy sum-rate by jointly optimizing the regularization parameter ξ and the power allocation vector.However, in many cases there is a negligible performance difference between the joint and the separate optimization.As a result, a low-complexity, near-optimal RCI precoder may be implemented by using ξ ⋆• from (10) and optimizing the power vector separately [18].
The RCI precoder with optimal power allocation (RCI-PA) outperforms the RCI precoder with equal power (RCI-EP), and the gain does not vanish at high SNR.The RCI-PA precoder thus reduces the rate loss due to secrecy requirements and interference, and in some cases it achieves a per-user rate which is as high as the rate achieved by the optimal RCI-EP precoder without secrecy requirements, and as high as the secrecy capacity of a single-user system [18].

Numerical results
Fig. 4 compares the simulated ergodic sum-rates R s and R of the RCI precoder with and without secrecy requirements, respectively.These were obtained by using the regularization parameters ξ ⋆• and ξ ⋆• ns , respectively.For β < 1, the difference between R and R s becomes negligible at large SNR, and secrecy can be achieved without additional costs.For β = 1, the two curves tend to have same slope at large SNR, but there is a residual gap between them.Therefore, secrecy can be achieved at a lower sum-rate.We note that in order to achieve secrecy without decreasing the sum-rate, the required additional power is less than 4dB at all SNRs.For β > 1, the sum-rate tends to saturate for large SNR, whereas the secrecy sum-rate starts decreasing.If the SNR is too large, then the secrecy requirements force the sum-rate to zero.Fig. 4 also shows the simulated secrecy capacity C s,SU of the MISOME wiretap channel.For β ≤ 1, the RCI precoder achieves a per-user secrecy rate which has the same linear scaling factor as C s,SU .When 1 < β < 2, C s,SU saturates at high SNR, while the secrecy sum-rate decreases.All these numerical results confirm the ones obtained from the large-system analysis.Secrecy sum-rate Fig. 5 shows the simulated per-user secrecy rate of the RCI-PA precoder from [18], with optimal power allocation.This is compared to the RCI-EP precoder.Fig. 5 also shows that the power allocation scheme reduces the sum-rate loss due to the secrecy requirements.For ρ ≥ 15dB, RCI with power allocation achieves a per-user secrecy rate which is even higher than the per-user rate achieved by the optimal RCI-EP without secrecy requirements.Furthermore, Fig. 5 shows the simulated secrecy capacity C s,SU of a MISOME channel with the same per-message transmit power.Although C s,SU is obtained in a single-user and interference-free system [10], at high SNR, RCI with power allocation achieves a per-user secrecy rate as large as C s,SU .Per-user secrecy rate vs. ρ for β = 1 and K = 4 users: with equal power allocation (solid) and with optimal power allocation (dashed).The rate of the optimal RCI precoder without secrecy requirements (squares) and the secrecy capacity of the MISOME channel (circles) are also plotted.

Current research on multiuser MIMO physical layer security
Before concluding this chapter, we briefly discuss current research topics on physical layer security for multiuser MIMO communications, and we mention possible extensions of the results presented.

Power reduction strategy
Since for β > 1 the RCI precoder performs poorly in the high-SNR regime, a linear precoder based on RCI and power reduction could significantly increase the high-SNR secrecy sum-rate.In fact, we can observe from Fig. 2 that when β > 1 there is an optimal value of the SNR beyond which the achievable secrecy sum-rate R ⋆• s starts decreasing.A power reduction strategy would prevent the secrecy sum-rate from decreasing at high SNR by reducing the transmit power, and therefore reducing the SNR to the value that maximizes the secrecy sum-rate.For 1 < β < 2 and large SNR, the RCI precoder with power reduction would thus achieve a constant nonnegative secrecy sum-rate.However, this strategy would not be effective for β ≥ 2, since in this case the secrecy sum-rate is zero irrespective of the SNR.

Secrecy sum-rates in the presence of channel estimation error
In Sections 3 and 4, we discussed the secrecy rate performance of multi-user MIMO linear precoding for the case when perfect channel state information (CSI) is available at the transmitter.However, a more realistic scenario is the one where only an estimation of the channel is available at the transmitter.The relation between the true channel H and the estimated channel Ĥ is usually modeled as H = Ĥ + E (19) where the matrix E represents the channel estimation error, and it is independent from Ĥ.The knowledge of Ĥ is used by the transmitter to obtain the RCI precoding matrix.The entries of Ĥ and E are i.i.d.complex Gaussian random variables with zero mean and variances 1 − τ 2 and τ 2 , respectively.The value of τ ∈ [0, 1] depends on the quality and technique used for channel estimation.When τ = 0 the CSI is perfectly known, whereas τ = 1 corresponds to the case when no CSI is available at all.Future research could analyze the performance of linear precoding in the presence of imperfect CSI, deriving the achievable secrecy sum-rate as a function of the channel estimation error variance τ 2 .This would allow to study how the CSI estimation error must scale with the SNR, in order to maintain a given high-SNR rate gap to the case with perfect CSI, so that the multiplexing gain is not affected.More specifically, the case of frequency division duplex (FDD) systems could be studied.Assuming that users quantize their channel directions by using B bits and employing random vector quantization (RVQ), and that they feed the quantization index back to the transmitter [30,31], it would be interesting to determine how many feedback bits are required by each user in order to maintain a constant gap to the case with perfect CSI.

Conclusions
Throughout this chapter, we presented an up-to-date summary of the research in the field of physical layer security for multiuser MIMO communications.Unlike classical cryptography, physical layer security does not require key distribution and management, it does not rely on the limited computational power of the eavesdroppers, and it does not employ complex encryption algorithms.For these reasons, it is suitable for large dynamic wireless networks, and it has been proposed to enhance the protection of confidential messages transmitted over wireless channels.In this chapter, we especially focused on the problem of secret communication in a multiuser MIMO system.We considered the general case where a multiantenna base station transmits independent confidential messages to a generic number of users.We assumed that the users can potentially act maliciously and eavesdrop on each other.For this system set-up, we presented some transmission schemes based on linear precoding.We discussed the performance of these schemes as well as the cost of simultaneously guaranteeing secrecy to multiple users.
It has been recently shown that, in the large SNR regime, a linear precoding scheme based on regularized channel inversion can achieve secrecy without reducing the sum-rate at no additional cost when the number of transmit antennas M is larger than the number of users K.If K = M, secrecy can be achieved with a small rate loss or, alternatively, without reducing the sum-rate at a cost of less than 4dB in terms of the power transmitted.However, the secrecy requirements limit the maximum number of users that can be served with a non-zero rate.When K > M, there is an optimal value of the SNR beyond which the achievable rate starts decreasing, and at large SNR the secrecy sum-rate achievable by RCI precoding is poor.The base station could prevent the secrecy sum-rate from decreasing by reducing the transmit power, and therefore the SNR, to the value that maximizes the secrecy sum-rate.This would result in a constant nonnegative high-SNR secrecy sum-rate.However, this strategy would not be effective if K ≥ 2M.

Figure 2 .
Figure 2. Comparison between the secrecy sum-rate with RCI precoding in the large-system regime (8) and the simulated ergodic secrecy sum-rate for finite M. Three sets of curves are shown, each one corresponds to a different value of β.

Figure 3 .
Figure 3. Asymptotic secrecy sum-rate per transmit antenna with RCI as a function of β.Circles denote β opt , squares denote β max .

Figure 4 .
Figure 4. Comparison between the simulated ergodic per-user secrecy rate with RCI (solid) and the two upper bounds: (i) per-user rate without secrecy requirements (dashed) and (ii) MISOME secrecy capacity (dotted), for K = 12 users.Three values of β are considered: 0.8, 1, and 1.2, corresponding to M = 15, 12 and 10 antennas.

Figure 5 .
Figure5.Per-user secrecy rate vs. ρ for β = 1 and K = 4 users: with equal power allocation (solid) and with optimal power allocation (dashed).The rate of the optimal RCI precoder without secrecy requirements (squares) and the secrecy capacity of the MISOME channel (circles) are also plotted.