I Introduction
Wireless communication technologies are the fastest growing segment of the telecommunications industry and their rapid developments have been promoting the evolution into the fifth generation (5G) communication [1]. However, due to the broadcast nature of wireless mediums, communication over wireless networks is susceptible to the interception attacks of unintended recipients (i.e., eavesdroppers). Therefore, guaranteeing the security of wireless communication networks is becoming an increasingly urgent demand [2].
Traditionally, data is secured by applying the keybased enciphering (cryptographic) techniques in the upper layers of the network protocol stack [3]. Although these cryptographic methods have shown their effectiveness in wired networks, the inherent difficulty of secret key distribution/management without centralized control and complex encryption algorithms may significantly limit their applications in decentralized wireless networks [4]. This motivates the introduction of physical layer (PHY) security technology recently as the complementary approach to further enhancing the secrecy in wireless communications [5]. The philosophy behind PHY security is to exploit the natural randomness of noise and the physical characteristics of wireless channels (like fading) to provide informationtheoretic security, which has been regarded as the strongest form of security irrespective of the computing capabilities of eavesdroppers [6, 7, 8]. Thus, PHY security techniques are highly promising to guarantee everlasting secure communication for wireless networks [9, 10, 11].
The seminal work [12] by Wyner introduced the wiretap channel model as a basic framework for the PHY security which was laid down by Shannon’s definition of perfect secrecy in [13]. Subsequently, many research activities have been devoted to the study of PHY security under other channel models, such as nondegrade channel [14], Gaussian channel [15], multiantenna channel [16] and relay channel [17]. Motivated by these early studies, diverse approaches for improving PHY security have been proposed in the literature, which mainly include channel precoding/beamforming [18, 19, 20], cooperative jamming [21, 22], channel coding [23, 24] and link/relay selection [25, 26, 27].
This paper focuses on the link/relay selection for securing the communication in wireless cooperative networks. The main advantage of link/relay selection is the implementation simplicity, as the sophisticated transmission techniques or explicit synchronization process is not required. Inspired by the pioneering work [25] which analyzes the fundamental benefits can be achieved by link/relay selection, extensive studies have been conducted to design efficient relay/link selection schemes under various network scenarios, such as maxminratio scheme [26], AFbORS and DFbORS schemes [27]. Recently, the adoption of bufferaided relaying has been proved that it can improve the cooperative communication performance in terms of throughput and diversity gains [28, 29]. Different from the conventional relaying scheduling, bufferaided relaying exploits the flexibility offered by the buffer and enables the data transmission to be executed under favorable channel conditions.
Following this line, some initial selection schemes with bufferaided relaying have been proposed for the secure communication in wireless cooperative networks [30, 31, 32, 33, 34]. Specifically, Chen et al. [30] put forward the maxratio (MR) selection scheme for halfduplex decodeandforward (DF) relaying networks. MR scheme activates the link with the largest channel gain ratio based on the knowledge of both legitimate and wiretap channel state information (CSI), such that it can achieve a better secrecy performance than the conventional maxminratio scheme [26]. Taking into account the transmission efficiency and security constraint, Huang et al. [31] designed a link selection scheme in a twohop DF relay network to achieve tradeoff between secrecy throughput and secrecy outage probability. The network scenario with multiple antennas and multiple eavesdroppers was further explored in [32], where a maximum likelihood (ML) criterionbased algorithm is proposed to select sets of relays for secure transmission. More recently, an artificial noise injection scheme and a hybrid half/fullduplex scheme were investigated in [33] and [34], respectively, to enhance the physical layer security in cooperative networks with bufferaided relaying.
This paper considers a more practical wireless cooperative system which composes one sourcedestination pair, one trusted relay with infinite buffer and one passive eavesdropper. Taking into account the fact that the eavesdropper intercepts data transmission in a passive way which can be hardly monitored, we adopt the assumption that the exact instantaneous/statistical CSI of the eavesdropping channel is unavailable, reflecting the more realistic scenario than those assumed in the aforementioned works. Moreover, in contrast to [31] where only the relaytodestination channel is wiretapped, we consider a more hazardous and more practical eavesdropping scenario that the eavesdropper overhears data transmission from both the sourcetorelay and relaytodestination links in order to intercept the confidential information with a higher probability. Therefore, to ensure the endtoend secure communication in wireless cooperative networks, novel link selection schemes should be redesigned, which motivates the conducting of this study. The main contributions of this paper are summarized as follows:

Depending on the availability of instantaneous channel state information at the source, two cases of transmission mechanisms, i.e., adaptiverate transmission and fixedrate transmission are considered. We design link selection policies to ensure the communication security for both cases. Particularly, according to the qualities of legitimate channels, the policies fully utilize the flexibility provided by bufferaided relaying to select sourcetorelay, relaytodestination, or no link transmission, which are different from the conventional onoff schemes.

For the proposed link selection policies, closedform expressions of endtoend secrecy outage probability (SOP), secrecy outage capacity (SOC) and exact secrecy throughput (EST) are derived, respectively. We further prove the condition that EST reaches its maximum, and explore how to minimize the SOP and maximize the SOC by optimizing the link selection parameters.

We conduct simulations to demonstrate the validity of theoretical performance evaluation, and provide extensive numerical results to illustrate the efficiency of the proposed link selection polices for the secure communication in wireless cooperative networks.
The remainder of this paper is outlined as follows. Section II introduces the system models and necessary definitions. Section III elaborates the design of link selection policies under the adaptiverate and fixedrate transmission mechanisms, respectively. The general problem formulations are presented in Section IV Section V conducts the performance evaluation and explores the performance optimization issues We provide simulation and numerical results in Section VI and finally concludes this paper in Section VII.
Ii System Models and Definitions
In this section, we introduce the system models and some definitions involved in this study.
Iia Network Model
As shown in Fig. 1, we consider a twohop wireless cooperative network which consists of a source (Alice), a destination (Bob), a relay (Relay) and a passive eavesdropper (Eve). We assume that there is no direct link from Alice to Bob so that the messages from Alice can be delivered to Bob only via Relay. Relay is equipped with infinite buffer to temporarily store the messages from Alice and operates in the halfduplex mode, thus it can not transmit and receive simultaneously. Moreover, we apply the randomizeandforward (RF) strategy [35], with which Relay decodes the original signal from Alice and store the message in its buffer, later it forwards the message to Bob by transmitting independent randomization signal. We assume that Alice and Relay transmit messages with fixed power and , respectively. Eve attempts to intercept signals from both Alice and Relay, but it cannot combine signals of the two hops with combining techniques such as MRC [36, 37] due to the RF strategy.
IiB Wireless Channel Model
We consider a timeslotted system where the time is divided into successive slots with equal duration. All wireless links are characterized by the quasistatic Rayleigh block fading such that the channel fading coefficient of each link remains constant during one time slot, but changes independently and randomly from one time slot to the next. We use to denote the fading coefficient from node to node at time slot , where and (here , , ,
are short for Alice, Relay, Bob and Eve, respectively). With the quasistatic Rayleigh block fading model, the channel gain of a link is independently and exponentially distributed with mean
, whereis the expectation operator. In addition, complex additive white Gaussian noise (AWGN) is imposed on each link and its variance at Relay, Bob and Eve are
, and , respectively. Therefore, the instantaneous signaltonoise ratio (SNR) of a link at time slot is determined as(1) 
is also exponentially distributed with the probability density function (p.d.f) given by
(2) 
where . Considering the fact that Eve is a passive eavesdropper, the instantaneous CSIs from Alice and Relay to Eve, i.e., and , are unavailable. Moreover, in this study we assume that Relay always knows the instantaneous CSI at Bob while Alice may or may not know the instantaneous CSI at Relay, as explained later.
IiC Transmission Mechanism
To guarantee the secrecy transmission, we employ the wellknown Wyner’s encoding scheme [12]. When a transmission is conducted, the transmitter (Alice or Relay) chooses two rates, one is the rate of transmitted codewords, another is the rate of confidential messages. The difference between the two rates, i.e., the rate redundancy, reflects the cost of the secrecy transmission against eavesdropping. Since we consider the practical scenario that the instantaneous/statistical CSI of the wiretap channel is unknown, the transmitter cannot determine the cost needed to prevent eavesdropping. As a result, in our transmission mechanism, Alice and Relay set a fix rate for the confidential messages, denoted as .
Regarding the transmission from Alice to Relay, we consider two cases, i.e., Alice knows and does not know the corresponding instantaneous CSI (the availability of instantaneous CSI at Alice is dependent on the link selection policy adopted, as explained in Section III). For the former case, Alice adaptively adjusts the codeword rate to be arbitrarily close to the channel capacity [38], termed as adaptiverate transmission. Thus, when AlicetoRelay link is selected in time slot , the transmission rate of codewords is determined as
(3) 
For the case that Alice does not know the instantaneous CSI, when AlicetoRelay link is selected, it sets a fix rate () to transmit the codewords, termed as fixedrate transmission.
Regarding the transmission from Relay to Bob, Relay always knows the corresponding instantaneous CSI based on the link selection policies as introduced later. Thus, when RelaytoBob link is selected in time slot , the transmission rate of codewords is determined as
(4) 
We use to denote the amount of confidential data (in bits) stored in the buffer of Relay at the end of time slot . Then, the evolution of data stored in Relay’s buffer at the next time slot can be characterized as^{1}^{1}1It should be noted that after decoding the signal from Alice, Relay only stores the useful data, i.e., the confidential messages, in its buffer.
(5) 
where .
Remark 1
As introduced in the next section, our link selection polices can guarantee that the rate of codewords is always no less than the rate of confidential messages . More specifically, when AlicetoRelay link is selected in time slot and the adaptiverate transmission is adopted, always satisfies; when RelaytoBob link is selected in time slot , always satisfies.
Iii Link Selection Policies
In this section, we first present the overall scheduling in a time slot, and then detail the link selection policies.
Iiia Overall Scheduling
Regarding the overall scheduling in a time slot, in order to ensure the transmission security and avoid channel outage [38]
, we first need to estimate the instantaneous CSIs of legitimate links. Then, link selection is made based on our new policies. Finally, the system conducts transmission operation or
remains idle according to the selection decision. Therefore, the overall scheduling consists of the following three stages and can be illustrated in Fig. 2.
(CSI Estimation)
Alice and Bob transmit the pilot sequences to Relay in turn. By assuming that the reciprocity property [39] of antenna holds, Relay can estimate the CSIs of AlicetoRelay and RelaytoBob links, respectively.

(Link Selection)
With the CSIs of two links, Relay acts as the ‘central node’ to make link selection decision based on some policies. According to whether Relay feed back the CSI to Alice, we consider the following two cases.

With CSI feedback: Relay makes link selection decision based on the policy described in Section IIIB. If AlicetoRelay link is selected, Relay sends the decision signal and feeds back the CSI to Alice.

Without CSI feedback: Relay makes link selection decision based on the policy described in Section IIIC. If AlicetoRelay link is selected, Relay sends the decision signal to Alice.


(Message Transmission)
Based on the link selection decision, Alice or Relay transmits the message with the transmission mechanism introduced in Section IIC, or the system remains idle.
Remark 2
It is worth noting that the overall scheduling incurs at most three handshakes before the real message transmission, thus it is lowcomplexity for the system operation.
IiiB Link Selection Policy with CSI Feedback
With the existing link selection policies such as [31], either AlicetoRelay or RelaytoBob link is selected for data transmission in all time slots. However, since the eavesdropper Eve intercepts messages from both links, once in a time slot the channel qualities of both legitimate links are worse than those of corresponding wiretap links, the transmission security cannot be ensured no matter which link is selected. Therefore, a new selection policy with such a consideration should be carefully designed.
We let be an indicator variable to denote the link decision in time slot . indicates AlicetoRelay link is selected, indicates RelaytoBob link is selected, and indicates the system remains idle in this time slot. We also introduce two nonnegative parameters and which serve as the thresholds for the channel qualities of two legitimate links, respectively. Specifically, only if the condition (resp. ) satisfies, AlicetoRelay (resp. RelaytoBob) link can be selected for message transmission, if and , no link will be selected, which ensures a high channel quality of the selected link and thus provides a good security performance. Moreover, in order to guarantee that the rate of codewords of the selected link can cover the rate of confidential messages , we set and . Finally, when both the legitimate links are in high channel quality, i.e., and , the link with a better relative quality will be selected for message transmission, i.e., if and if . Therefore, our link selection policy with CSI feedback can be summarized as Algorithm 1.
IiiC Link Selection Policy without CSI Feedback
Regarding another case that Relay will not feed back the instantaneous CSI to Alice if AlicetoRelay link is selected due to the system complexity concern, instead of adaptively adjusting the codeword rate to be the channel capacity, Alice uses a fixed rate to transmit the codewords. Considering that may be larger than the channel capacity which will incur the channel outage if Alice conducts the transmission, in order to avoid the channel outage, Relay should not select AlicetoRelay link when it finds that (even if ). Therefore, our link selection policy without CSI feedback can be summarized as Algorithm 2.
In order to make a better understanding of our link selection policy, we illustrate in Fig. 3 the value of in different SNR regions. We can see from Fig. 3(a) that when we set the threshold , the value of in different SNR regions decided by the policy without CSI feedback is the same as that decided by the policy with CSI feedback. However, if we set the threshold , when , and , RelaytoBob link will also be selected to transmit message (i.e., ), as shown in the triangle area of Fig. 3(b).
Iv General Optimization Problem Formulation
In this section, we first derive the general expression for secrecy outage capacity, endtoend secrecy outage probability and exact secrecy throughput, then we formulate the general optimization problems about these performance metrics.
Iva Performance Metrics
IvA1 Secrecy Outage Probability
Differing form the tradition SOP [7] [40], a better expression for SOP [41] is defined as the conditional probability that capacity of the wiretap channels exceeds the rate redundancy under message successful transmission (i.e., , where ). Expediently, we use and as secrecy outage variables in two hops respectively, which are expressed as
(6)  
(7) 
Considering there exists two wiretap channels, the system SOP can be characterized as a combination of the individual SOP of each hop, and endtoend SOP is expressed as
(8) 
where and , which are derived in Section V.
IvA2 Secrecy Outage Capacity
The secrecy outage constraint throughput (SOCT) is defined as the largest achievable secrecy rate under endtoend SOP constraint at destination
(9) 
where when and otherwise. Furtherly, the SOCT can be generally rewritten as
(10) 
IvA3 Secrecy Throughput
The average rate securely and reliably delivered to the queue of Bob via Relay over multiple scheduling is defined as the endtoend secrecy throughput. A novel formulation (called successful transmission probability in [42]) to characterize the reliability and security levels of transmission in both two hops oh the bufferaided relaying system, which are defined as
(11) 
and
(12) 
Using the notation introduced above, the general expression for the average successful arriving rate in the buffer queue of Relay is derived as
(13) 
where is due to always satisfies when . Similarly, the average successful accepting rate (i.e., the secrecy throughput) securely successfully delivered to Bob can be generally expressed as
(14) 
where .
Note that is valid because of the bufferaided relaying protocol and when , the queue of buffer is said to be unstable or in the absorbing sate according to [40]. In our system, we have following lemma:
Lemma 1
When the secrecy throughput reached the maximum, the necessary condition for optimal link selection policy is that the buffer queue is always at the edge of nonabsorbing (i.e., ) and the link selection parameters , are optimal.
Proof:
Because the 1 only is an extension of theorem 1 in [40] in our network scene with Relay having three working states (i.e., accepting, transmitting and idle), we just provide a brief proof. We denote the set of indices with by and the set of by (where is the complementary set of set ). Assume that we have a link selection policy resulting in (i.e., the queue is in the absorbing state). The policy can always can be improved by moving the indices in to to to increase the secrecy throughput until (i.e., the queue is at the edge of nonabsorbing), which leads to an increase of at the expense of a decrease of . From the law of the conservation of flow, we know that both and will decrease if we move the indices and further once the point is reached. Therefore, When the buffer queue switches form absorbing state to nonabsorbing state, the secrecy throughput exactly reached the maximum value.
Lemma 2
When the link selection policy is optimal, the event can be negligible and the maximum exact secrecy throughput can be generally written as
(15) 
Proof:
We denote the set of indices with by and the set of by . we also denote the cardinalities of and as and , respectively. Thus, if the queue is absorbing, always holds, which means . As a result, the secrecy outage capacity is
IvB General Optimal Formulation
Now we are ready to formulate the general optimal problem. We respectively derive the optimal link selection policy (i.e., optimal and ) and optimal secrecy rate that the encoders use for encoding to maximize secrecy outage capacity under a desired certain outage probability, and minimize SOP under the desired certain secrecy outage capacity.
The general problem for maximizing the secrecy outage capacity can be formulated as
Because the high probability that Relay keeps idle (i.e., ) leads to the higher delay, constraint C1 is required. In C2, denotes the desired SOP of the system. Note that C1 and C2 represent two QoS metrics for information security and delay in cooperative communication, respectively.
Then the optimal problem to minimum the endtoend SOP which represents transmission security performance of the system under secrecy outage capacity constraints, is generally formulated as following
where is the desired minimum secrecy outage capacity.
Based on Lemma 1 and Lemma 2, we formulate the optimal problem about exact secrecy throughput as follow
where constraint C2 ensures that the link selection policy is optimal to make the exact secrecy throughput reach maximum value.
(27) 
(28) 
(29) 
(30) 
V Performance Analysis and Optimization
In this section, we first derive the closedform expressions for above introduced performance parameters. Based on these closedform expressions, we reformulate the detail optimal problem P1 and P2 under adaptiverate and fixedrate transmission models, respectively.
Va Performance Analysis For Adaptiverate Transmission Model
According the link selection scheme (9), the transmission probability at time slot when Alice is selected to transmit message can be given by
(16) 
By symmetry, we can obtain the transmission probability for Relay
(17) 
So the probability that Relay is idle due to security consideration can be presented as
(18) 
Remark 2: According to the link selection scheme (9), the condition is required to avoid the decoding outage, i.e., .
Then we derive the E2E secrecy outage probability. Based on IV, the SOP in the first hop can be expressed as
(19) 
Similarly, the SOP in the second hop is
(20) 
substituting the p.d.f.s of ,, and , the detailed expression of and can be derived as (27)(28), which are shown at the bottom of this page, respectively. Thus the E2E SOP can be obtained based on (14).
Now we are ready to reformulate the optimal problems about secrecy capacity and SOP. We denote the secrecy outage capacity maximization and SOP minimization as PA1 and PA2 in adaptiverate transmission model, respectively.
Problem PA1 is formulated as
and for Problem PA2, we have
It is notable that (27) and (28) include the transcendental function and it’s hard to analyze the monotonicity of , thus the closedform solutions in PA1 and PA2 are generally not possible. Inspired by the Zoutendijk Method [43], we apply the algorithm 3 to solve the optimal problems. before introducing the algorithm 3, we introduce the the following lemma:
Lemma 3
Suppose the feasible point in problem VA has obtained after th iteration, finding the strictly feasible descent direction
at the point is equivalent to the solution the following linear program problem:
(21) 
where , , and is the first derivative of function with respect to .
Proof V.1
According to [44][45], is the decline direction of ^{2}^{2}2the equivalent problem of maximizing is the one of minimizing .Thus this paper focuses on the the feasible decline direction of . if and only if at the point . Furthermore, if holds at , is called the strictly feasible direction. Thus we call as the strictly feasible descent direction, if there exists such that
(22) 
The Algorithm 3 is as follows:
Because of the nonnegative, ergodic and stationary process, we have the following proposition.
Proposition 1: When Alice transmits message to Relay with adaptive rate, the average accept rate
Comments
There are no comments yet.