For developing the next generation of wireless communication system, massive multiple-input multiple-output (MIMO) is considered as a promising technology to achieve larger gains in energy efficiency and spectral efficiency, and it has attracted significant interest from industry and academia [1, 2, 3]. Massive MIMO transmission employs a large number of antennas at base station (BS) to serve a comparatively small number of users simultaneously. In Marzetta’s pioneering work , which considered non-cooperative massive MIMO systems with single-antenna users and unlimited numbers of BS antennas, it was proven that the effects of fast fading and uncorrelated receiver noise vanish with the growth of the number of BS antennas, and the residual interference, known as pilot contamination, is induced by the reuse of the same pilot signals among adjacent cells. Since the publication of , various aspects of massive MIMO systems have been studied in recent year [4, 5, 6, 7, 8, 9, 10, 11, 12].
Owing to the broadcast nature of the wireless medium, security is considered as a vital issue in wireless communication. Traditionally, key-based cryptographic techniques at the network layer were utilized to achieve communication security. However, these approaches are founded on certain assumptions for computational complexity, and are hence potentially vulnerable . Recently, as a complement to key-based cryptographic techniques, physical layer security has attracted remarkable research interest, where information-theoretic security is investigated. In Wyner’s pioneering work , the wiretap channel, which consists of a transmitter, a legitimate user and an eavesdropper, was considered. It was revealed that if the the eavesdropper’s channel is a degraded version of the legitimate user’s channel, the transmitter can reliably send private message to the legitimate user, while the private message cannot be decoded by the eavesdropper. Then, more research has investigated physical layer security of multi-antenna systems [15, 16, 17, 18, 19, 20, 21]. As shown in [22, 23, 24, 25], if the transmitter only has the knowledge of the imperfect channel state information (CSI) of the eavesdropper, the security of the data transmission can be enhanced by transmitting artificial noise (AN) to disturb the decoding process at the eavesdropper. Moreover, for MIMO wiretap channels, the problem to determine the optimal input covariance matrix which maximizes the ergodic secrecy rate was studied in [26, 27], where only statistical CSI of the legitimate user is required.
, where only imperfect CSI of the legitimate users is available at the BS. An achievable secrecy rate and outage probability with AN generation and matched filter precoder at the BS was derived in, assuming that the eavesdropper can perfectly cancel all interfering user signals. The work in  was further extended to the scenarios where the regular zero-forcing precoder and AN generation are employed at the BS in . K. Guo et al. proposed three secure transmission schemes for single-cell multi-user massive MIMO systems with distributed antennas in . Moreover, Y. Wu et al. studied secure transmission strategies for multi-cell massive MIMO systems, where a multi-antenna active eavesdropper can actively send the same pilot sequence as the users’ to induce pilot contamination at the BS . In [28, 29, 30, 31], results were obtained by the assumption that instantaneous CSI of the legitimate users is available at BS and the legitimate users are equipped with single-antenna.
The availability of instantaneous CSI at the transmitter (CSIT) plays an important role in most existing transmission schemes for physical layer security. Actually, in time-division duplex (TDD) communication systems, instantaneous CSIT is acquired via uplink training phase under the reciprocal channel assumption. However, for uplink/downlink RF hardware chains, this reciprocity is invalid at both BS and mobile transceivers . Furthermore, the length of pilot signal is essentially limited by the channel coherence time. As for frequency-division duplex (FDD) communication systems, where the reciprocity of instantaneous channel is no longer valid, the required number of independent pilot symbols for CSIT acquisition and the CSIT feedback overhead scale with the number of BS antennas . Consequently, these practical limitations pose severe challenges to acquire accurate instantaneous CSI of the legitimate channel at the BS in both TDD and FDD systems. Moreover, as mobility increases, the fluctuations of channel start to change more rapidly, and the round-trip delays of the CSI acquisition turn to be non-negligible with regard to the channel coherence time. For this case, transmitters may acquire outdated instantaneous CSI. Since the statistical channel parameters vary much more slowly than the instantaneous channel parameters, it is more reasonable to exploit the statistical CSIT for precoder design, when transmitters cannot easily acquire accurate instantaneous CSI. In addition, the uplink and downlink statistical CSIT are usually reciprocal in both TDD and FDD systems . Thus, the statistical CSIT can be acquired much more easily by utilizing this channel reciprocity, even if the terminals are equipped with multiple antennas.
C. Sun et al. proposed a beam domain transmission for single-cell massive MIMO communications with only statistical CSIT . It was proven in  that beam domain transmission is optimal for a sum-rate upper bound maximization. However, the optimality of beam domain transmission for secure transmission with a multiple antenna eavesdropper was not provided in . More importantly, the influence of the eavesdropper to the optimal transmit power allocation has not been studied in the literature to date.
In this paper, we investigate the secure transmission for single-cell downlink massive MIMO systems with a multiple antenna eavesdropper and multiple antenna legitimate users. Statistical CSIT under the jointly correlated MIMO channel model is considered. In massive MIMO systems, we note that as the number of BS antennas increases, the eigenmatrices of the channel transmit covariance matrices turn to be asymptotically unique and independent of mobile terminals . For this case, a lower bound on the achievable ergodic secrecy sum-rate of the secure downlink transmission is derived. Numerical simulations validate that the derived bound is tight in normal signal-to-noise ratio (SNR) ranges for practical applications such as long-term evolution (LTE), WiFi, and WiMax. Based on this lower bound, the condition for eigenvectors of the optimal input covariance matrices which maximize the secrecy sum-rate lower bound is derived. It is proved that the beam domain transmission for single-cell downlink massive MIMO systems with statistical CSIT  is optimal for secure massive MIMO transmission in presence of a multiple antenna eavesdropper. As for the case of single-antenna legitimate users, we prove that allocating power to the beams where the beam gains of the eavesdropper are stronger than those of legitimate users will decrease the secrecy sum-rate lower bound. Then, we propose an efficient and fast iterative algorithm for power allocation in beam domain by using concave-convex procedure (CCCP)  and large dimension random matrix theory. Numerical simulations demonstrate the near-optimal performance of the proposed fast-convergent iterative algorithm.
: Lower-case bold-face letters indicate vectors and upper-case bold-face letters indicate matrices. The matrix conjugate-transpose, conjugate, and transpose operations are denoted by superscripts, and , respectively. and denote , and denote matrix trace, ensemble expectation, and determinant operations, respectively. We use and to represent the inverse of matrix and the th element of matrix , respectively. indicates a positive semidefinite Hermitian matrix . indicates a diagonal matrix, whose main diagonal consists of the elements of vector . stands for the Hadamard product, and represents .
Ii System Model
We consider secure downlink transmission in a single-cell massive MIMO system, cf. Fig. 1, consisting of an -antenna BS, legitimate users, each with antennas, and a passive eavesdropper with antennas. The BS transmits private and independent messages to each legitimate user. All messages are required to be confidential to the eavesdropper. We note that neither the BS nor the users are assumed to know which user is eavesdropped, hence, we assume that any user may be potentially targeted by the eavesdropper.
Let and denote the block fading channel matrices of the downlink channels from the BS to the th user and the eavesdropper, respectively. The received signals at the th user and at the eavesdropper are denoted by and , respectively, and can be written as
where denotes the signal vector transmitted to the th user which satisfies , , and . and are zero-mean circularly symmetric complex Gaussian noise with covariance matrices and
, respectively. Here, without loss of generality, we consider a unit noise variance and assume that the BS has the power constraint
where depends on the BS power budget.
where ,,, and are deterministic unitary matrices, and are random matrices with zero-mean independent entries. In massive MIMO systems, as , unitary matrices and
tend to be independent of mobile terminals and become a deterministic unitary matrix[9, 10], which is only dependent on the topology of BS antenna array. Specially, if the BS is equipped with the uniform linear array (ULA),
can be well approximated by the discrete Fourier transform (DFT) matrix. Therefore, the beam domain channel matrices  can be defined as
Also, the eigenmode channel coupling matrices  can be defined as
The transmit correlation matrices can be expressed as
where and are diagonal matrices with and .
Remark 1: The eigenmode channel coupling matrices of the legitimate users and of the eavesdropper are assumed to be perfectly known at the BS [26, 27, 31]. From this point of view, we notice that it is reasonable to assume that the BS has the knowledge of the statistical CSI of the system terminals in massive MIMO systems. Thus, this assumption can be applied to the scenario where the BS aims to transmit private messages to some users while treating an idle user of the system as the eavesdropper.
In this paper, we assume that the legitimate users and the eavesdropper have instantaneous CSI of their corresponding channel matrices. At each legitimate user, we treat the aggregate interference-plus-noise as Gaussian noise with covariance matrix
Here, we assume the covariance matrix is known at the th user. Besides, we make the pessimistic assumption that, at the the eavesdropper, signals of all legitimate users can be decoded and cancelled from the received signal except the signal transmitted to the user of interest. [28, 31]. Since each user in the system has the risk of being eavesdropped, an achievable ergodic secrecy sum-rate can be expressed as 
where denotes an achievable ergodic rate between the BS and the th user, and denotes the ergodic capacity between the BS and the eavesdropper, which seeks to decode the private messages intended for the th user.
Notice that, in practical system, it is difficult to acquire instantaneous () at the th user in massive MIMO systems. Thus, we make an assumption that each legitimate user treats as a Gaussian noise and the covariance matrix with expectation over is known at each user’s side. With this assumption, the matrix defined in (12) is the covariance matrix of . Therefore, the ergodic rate defined in (14) is reasonable for practice.
In general, the secrecy sum-rate given by (13) is a non-concave function with respect to . Hence, it is difficult to determine the optimal input covariance matrices maximizing the exact secrecy sum-rate. Therefore, we introduce a lower bound on the achievable ergodic secrecy sum-rate, which is given by
Then, we design the secure transmission strategies by optimizing the secrecy sum-rate lower bound. Our main objective is to design the input covariance matrices maximizing (16), which can be formulated as the following optimization problem
where is the optimal solution of the problem in (II). Because any negative term in the summation could increase to zero by setting the corresponding , the notation is ignored when solving the problem in (II).
Iii Optimal Secure Transmission
In this section, we first investigate the optimal transmission design based on the secrecy sum-rate lower bound in (16). Then, we consider a special case, where each legitimate user is equipped with single-antenna, and reveal the eavesdropper’s impact on the optimal transmit power allocation.
Iii-a Optimality of Beam Domain Transmission
Let , where is the eigenmatrix and
is a diagonal matrix of the corresponding eigenvalues. In practice,and represent the directions in which signals are transmitted and the transmit power allocated onto each direction, respectively. For the beam domain transmission proposed in , is set to be , . Next, we prove that this beam domain transmission structure is optimal for the secrecy sum-rate lower bound maximization problem in (II). We obtain the optimal input covariance matrix as follows.
The eigenmatrix of the optimal input covariance matrix of each legitimate user, maximizing the secrecy sum-rate lower bound as given by (16), is equal to that of the transmit correlation matrix of its own channel, i.e.,
See Appendix A.
Remark 2: From (19), the eigenmatrices of the input signals maximizing the secrecy sum-rate lower bound are given by the columns of . This implies that beam domain secure transmission is optimal for the lower bound maximization. In addition, for a special case of the downlink multiuser transmission without secrecy constraint where , Theorem 1 reduces to the optimality condition derived in  in terms of maximizing an upper bound of the sum-rate.
Inspired by the result in Theorem 1, we now focus on the beam domain secure transmission. The received signals at the th user and the eavesdropper can be rewritten as
where is the beam domain transmitted signals whose covariance matrix is , and the power constraint can be rewritten as .
With , , and , the secrecy sum-rate lower bound in (16) can be rewritten as
Theorem 1 provides an optimal transmit direction to maximize the secrecy sum-rate lower bound based on the statistical CSI. Next, we discuss the optimal transmit power allocation for maximizing the lower bound.
Iii-B Property of Optimal Power Allocation
Now we focus on the design of eigenvalues, i.e., the transmit power on each beam. The power allocation problem can be formulated as
where is the solution of the above optimization problem. The original problem in (II) is equivalent to the power allocation problem in (III-B). For obtaining insight for transmit signal design, a lemma is introduced as follows.
For a positive random variable
For a positive random variable, it holds that
where , , and . The equality holds if and only if with probability one for every .
See Appendix B.
Unlike the power allocation problem without secrecy constraint in , for secure massive MIMO transmission, the eavesdropper has impact on the optimal transmit power allocation. In particular, for secure transmission among single-antenna users, we can obtain the following theorem with the help of Lemma 1.
When each legitimate user is equipped with single-antenna (), the solution of power allocation problem in (III-B) holds
See Appendix C.
Theorem 2 reveals that the optimal transmitted beam sets of different single-antenna users should not contain the beams where the beam gains of the eavesdropper is stronger than that of legitimate user. In other words, for the optimal power allocation, power only should be allocated among the beams where legitimate users have stronger beam gains than those of the eavesdropper in order to maximize the secrecy sum-rate lower bound.
In general, the optimal power allocation in (III-B) does not have closed-form expression. In the next section, we will provide an efficient algorithm to solve this problem.
Iv Iterative Algorithm for Power Allocation
In this section, an efficient and fast iterative algorithm for power allocation in (III-B) is developed. First, we transform the original non-convex problem in (III-B) to a series of convex programs by CCCP algorithm, which can be used to find the local optimum of the problem in (III-B). Next, in order to reduce the computation complexity, the deterministic equivalent of the secrecy sum-rate lower bound is utilized to develop an efficient power allocation algorithm.
Obtaining the optimal power allocation in (III-B) is difficult because of the difference of convex (d.c.) objective functions. To tackle this problem, we introduce CCCP algorithm to solve this power allocation problem. Define
where and . Here, (a) follows from the fact that . Then, we exploit the CCCP algorithm, which transforms the problem in (III-B) into a series of convex programs as follows,
For the problem in (IV), we note that the CCCP algorithm is a majorize-minimize algorithm. In CCCP algorithm, the concave part is linearized around the solution of current iteration such that the objective function is concave on . Subsequently, the non-convex optimization problem in (III-B) is tackled as a series of concave problem in (IV). However, without closed-form expression, evaluating can be computationally cumbersome. To evade Monte-Carlo averaging over the legitimate user channels, we calculate the deterministic equivalent instead of by large dimension random matrix theory. Following the approach of , the closed-form expression of the deterministic equivalent of (26) can be calculated as
where and are given by
and are obtain by the iterative equations
Moreover, and are diagonal matrices, whose diagonal entries are given by
Thus, the deterministic equivalent of the secrecy sum-rate lower bound can be expressed as
Note that the deterministic equivalent depends on the correlation matrices and , which can be calculated effectively. From [38, 39], we can find that the deterministic equivalent is strictly concave on . Thus, we turn to consider the following series of convex programs instead of (IV),
Remark 3: The sequence generated by (IV) has proven to be convergent and approximately optimal in . We note that the CCCP algorithm is an effective way to solve the d.c. problem, where the solution of (IV) is a local optimum of the d.c. problem in (III-B). Meanwhile, with the purpose of computation complexity reduction, we calculate the deterministic equivalent of . As will be shown in Section V, the results of deterministic equivalent are nearly identical to those of the Monte-Carlo simulation. Although the solution of problem in (IV) is an approximate solution of problem in (IV), calculating deterministic equivalent can significantly reduce the computation complexity by avoiding Monte-Carlo averaging over the channels.
Define diagonal matrices and sets as
where , , and . Here, and are the th row of and , respectively. Based on (30)-(33), we can define and by , while letting the th diagonal entries of and be and , respectively. Utilizing a similar procedure in , we can obtain the theorem as follows.
The th element of satisfies (41), which is given at the top of the next page.
In (41), the auxiliary variable is given by
and is chosen to satisfy the KKT conditions and .
See Appendix D.
Remark 4: The solution (41) has the similar structure to the classical water-filling solution. The distinction lies in multiple terminals which causes a summation in the equation. Thus, generally, it is difficult to obtain the solution (41) and numerical approaches are required. For the case of (single-user), if the power constraint is considered, the solution is given by , where is chosen to satisfy the constraint .
For the sake of convenience, we define
Then, to acquire the solution of the iterative problem in (3), a deterministic equivalent based iterative algorithm is summarized as Algorithm 1, and specifically, to obtain in each iteration in Algorithm 1, the iterative water-filling algorithm (IWFA) is utilized, which is described in Algorithm 2.