I Introduction
Ia Background and Related Works
The ad hoc network represents a class of selforganizing network architecture, which consists of nodes communicating with each other over peertopeer wireless channels without centralized infrastructure [1]. Since ad hoc networks can be flexibly deployed and reconfigured at very low cost, they are highly promising for many critical applications, such as disaster relief, emergency rescue, daily information exchange, traffic offloading and coverage extension for 5G cellular networks [2, 3]. To facilitate the application and commercialization of ad hoc networks, protecting their transmission security is of great significance [4]. However, due to the broadcast nature of wireless channel and the lack of central administration, it is very challenging for the traditional cryptographicbased security techniques [5] to be applied in such a distributed ad hoc network.
As a complementary technique of cryptographicbased methods, physical layer security, an informationtheoretic approach which exploits the fundamental characteristics of wireless channel to achieve perfect secrecy, has been extensively studied over the past few decades. Based on the results of Shannon in [6], Wyner first indicated that perfect secrecy is achievable when the condition of main channel between transmitter and receiver is better than that of wiretap channel between transmitter and eavesdropper [7]. Following this line, many research activities have been devoted to the study of physical layer security under various channel models, such as the broadcast channel [8], Gaussian wiretap channel [9], twoway wiretap channel [10], multiaccess channel [11] and MIMO wiretap channel [12]. Meanwhile, diverse approaches for improving physical layer security have been proposed in the literature. The works of [13, 14, 15, 16, 17, 18, 19] demonstrated that the strategies of cooperative jamming and relay selection can be utilized to enhance physical layer security. The works of [20, 21] indicated that physical layer security can also be facilitated by applying coding schemes. Moreover, the combinations of physical layer security with other techniques such as power allocation, signal processing, and crosslayer optimization were explored in [22], [23] and [24], respectively.
Since physical layer security has the advantage of low computational complexity and can be easily implemented in a distributed manner, its application in ad hoc networks has attracted considerable academic attention recently [25, 26, 27, 28, 29, 30, 31, 32, 33]. For a largescale ad hoc network, Vasudevan et al. [25] investigated the asymptotic behaviors of securitycapacity tradeoff as the number of network nodes tends to infinity. The price in terms of performance degradation for ensuring physical layer security in ad hoc networks was explored under the largescale network scenario [26] and singlehop network scenario [27], respectively. Goeckel et al. [28] indicated that the artificial noise generated by cooperative relays can be utilized to achieve everlasting secrecy in a twohop ad hoc network. Koyluoglu et al. [29] studied the scaling behaviors of ad hoc networks under secrecy constraints. They demonstrated that under the path loss model, a secure rate of is achievable if the density of eavesdropper is below some threshold^{1}^{1}1 is the number of sourcedestination pairs and please kindly refer to [34] for the asymptotic notations.; while under the ergodic fading model, a constant secret rate can be achieved for sufficiently large . For a twohop relay ad hoc network, Zou et al. [30] explored the cooperativebased relay selection schemes to improve transmission security against eavesdropping attack. Xie and Ulukus [31]
considered the singlehop ad hoc network with four fundamental wireless channels, and studied its secure degrees of freedom as well as provided the corresponding achievable schemes. Duy
et al. [32] evaluated the secrecy performance of a twohop cooperative relay network under the impact of cochannel interference and proposed an optimal relay selection scheme to maximize the secrecy capacity. Karas et al. [33] derived the closedform expressions for SOP in a singlehop cellular system with the consideration of eavesdropper’s location uncertainty. For a detailed survey on physical layer security and its applications in ad hoc networks, please kindly refer to [35] and references therein.IB Motivation and Our Contributions
Although there have been extensive works for studying physical layer security in wireless networks, they mainly focus on either the singlehop and twohop network scenarios, or the asymptotic largescale network scenarios, while the research of physical layer security in multihop ad hoc networks which fills the significant gap between those two extremes is largely untouched and thus remains a technical challenge. By now, some initial results have been reported on the study of physical layer security in multihop ad hoc networks [36, 37, 38, 39]. Specifically, Saad et al. [36] proposed a treeformation game to choose secure paths in multihop ad hoc networks. Later, Ghaderi et al. [37] explored the minimum energy routing which can guarantee security for multihop ad hoc networks. More recently, Yao et al. [38] studied the physical layer securitybased routing in multihop ad hoc networks with decodeandforward relaying, and Lee [39] proposed an optimal power allocation strategy for maximizing the secrecy rate in a special multihop relay network with single sourcedestination pair.
It is notable that security usually comes with a cost in terms of performance degradation [26, 27], thus the tradeoffs between security and other network performance should be carefully addressed for a practical multihop ad hoc network. In [40, 41] and our previous work [42], the issue of integrating security and quality of service (QoS) under some network scenarios was investigated. In [43, 44], the securityreliability tradeoff was explored in cooperative relay networks and cognitive radio systems, respectively, where the twohop network scenarios were considered and corresponding optimal relay selection schemes were proposed. While in this paper, for the first time, we explore the tradeoffs between transmission security and communication QoS in a multihop ad hoc network. We consider a general multihop ad hoc network with randomly distributed legitimate nodes, cooperative jammers and malicious eavesdroppers, and analyze the connection outage probability (COP) and secrecy outage probability (SOP) for a given path. Based on the outage probability analysis, we study the COP and SOP tradeoffs, and further propose the routing algorithms which can achieve the optimal performance with the guaranteed communication QoS and transmission security in the concerned ad hoc network.
The main contributions of this paper are summarized as follows:

For any given endtoend path in a general multihop ad hoc network where jammers and malicious eavesdroppers are randomly distributed following the independent Poisson point processes, we derive its COP and SOP in closedform, which serve as the performance metrics of communication QoS and transmission security, respectively.

We formulate the securityQoS tradeoffs of a given path as two constrained optimization problems and provide corresponding analysis to obtain the optimal solutions. Based on the results of a given path, we further propose the routing algorithms which can find the optimal path between any pair of source and destination nodes, and allocate transmission power for each node on the path to achieve the optimal performance.

We provide extensive simulation and numerical results to validate the efficiency of our theoretical analysis, and illustrate the securityQoS tradeoffs as well as the performance of proposed routing algorithms.
IC Paper Organization
The remainder of this paper is organized as follows. Section II introduces the preliminaries involved in this paper. The expressions of COP and SOP are derived in Section III. We explore the tradeoffs between COP and SOP in Section IV and propose the routing algorithms in Section V. Finally, Section VI presents the simulation and numerical results, and Section VII concludes this paper.
Ii Preliminaries
In this section, we introduce the network model, wireless channel model and performance metrics involved in this study.
Iia Network Model
Following the network model in [37], we consider a general multihop ad hoc network which consists of arbitrarily distributed legitimate nodes, cooperative jammers and malicious eavesdroppers. A hop path (route) in the network is formed by links from to , and a link connects two legitimate nodes and on path . We assume that each link is exposed to a set of eavesdroppers denoted by . The locations of eavesdroppers are unknown since they usually work in a passive way. In order to statistically evaluate the network performance, an independent homogeneous Poisson point process (PPP) [27, 37, 38] with density is applied to characterize the distributions of eavesdroppers’ locations. Furthermore, we assume that whenever a legitimate node transmits a message, a set of external nodes , called jammers, cooperate with the legitimate node by jamming the message at eavesdroppers. The locations of jammers also follow an independent homogeneous PPP with density and the transmission power of each jammer is the same, denoted by .
IiB Wireless Channel Model
We consider the decodeandforward (DF) relaying scheme and assume that the instantaneous wireless channel state between any pair of nodes is unavailable but can be statistically characterized by the largescale path loss along with the smallscale Rayleigh fading [30, 37, 45, 46]. We also apply the randomization strategy widely used in other works [17, 29, 37], with which each link transmits independent randomization signal such that eavesdroppers cannot use combining techniques to combine the received signals from multiple hops. In addition, we assume that the network is interferencelimited and thus the noise at the receiver is negligible [27]. The reason of adopting interferencelimited assumption is that the mathematical tractability of this assumption allows us to gain important insights into the securityQoS tradeoffs and routing protocol design in ad hoc networks, as shown in later context. More formally, regarding a transmission from node to node , let denote the transmission power of , and denote the normalized (unit power) symbol stream to be transmitted by and its jammer , respectively, and denote the received signal at . Then can be expressed as^{2}^{2}2We don’t consider mutual interference between legitimate links since it can be avoided by mature media access control techniques.:
(1) 
where and (resp. and ) are the distance and the fading coefficient of wireless channel between (resp. ) and , is the pathloss exponent (typically between 2 and 6), (resp.
) is exponentially distributed with
(resp. ). Similarly, for an eavesdropper , the signal received at is given by(2) 
where and (resp. and ) are the distance and the fading coefficient of wiretap link between (resp. ) and , (resp. ) is exponentially distributed with (resp. ).
IiC Performance Metrics
Following the definitions in [27, 37], the performance metrics involved in this paper are defined as follows:
Connection Outage Probability: The event of connection outage refers to the case when the signaltointerference ratio (SIR) at the intended receiver is below a required threshold , such that the message cannot be correctly decoded by the receiver. The connection outage probability (COP) is defined as the probability that the event of connection outage happens.
Secrecy Outage Probability: The event of secrecy outage refers to the case when the SIR at one or more eavesdroppers is above a required threshold , such that the message can be decoded by the eavesdropper(s). The secrecy outage probability (SOP) is defined as the probability that the event of secrecy outage happens.
Notice that in Wyner’s encoding scheme [7, 27], the transmitter chooses two rates, the rate of transmitted codewords and the rate of the confidential messages . The rate difference reflects the cost of securing the messages against the eavesdroppers. If the legitimate channel capacity is less than , the connection outage happens. While if the wiretap channel capacity is higher than , the secrecy outage happens. According to Shannon’s Theorem, the channel capacity is determined by the corresponding SIR at the receiver. Thus, our performance metrics can be easily mapped to those based on Wyner’s encoding scheme [7, 14, 17], where the conversions between the SIR thresholds and the code rates are and , and the results in this paper also applies to the Wyner’s encoding scheme.
Remark 1
The performance metrics COP and SOP are equivalent to the metrics outage probability (OP) and intercept probability (IP) defined in [43, 44] by applying Shannon’s Theorem, respectively. Following the statement in [43, 44], COP and SOP are of high significance as COP represents the communication QoS of a network user, while SOP serves as a measure of the transmission security level.
Iii Outage Probabilities Analysis
In this section, we derive the exact expressions of COP and SOP for a given path, which will help us explore the performance tradeoffs in Section IV.
Iiia COP Analysis
Regarding the COP of a given path, we have the following lemma.
Lemma 1
For a concerned ad hoc network with the network model and wireless channel model as described in Section II, the COP of a hop path is given by
(3) 
where , is a gamma function, denote the transmission power of .
Proof:
We first derive the COP for a link on path , which is termed as . Based on the wireless channel model of Expression (1) and the definition of COP, can be determined as:
(4) 
which can be further rewritten as (5), shown at the top of the next page.
(5) 
Notice that for a homogeneous PPP, the corresponding probability generating functional (PGFL) is given by [47]
(6) 
where is the location of . By applying PGFL in (5), then can be expressed as:
(7) 
Due to the randomization strategy, each legitimate receiver can only decode the signal of each hop individually according to the link SIR. Therefore, based on the COP of a link , the COP of the hop path can be finally determined as:
(8)  
We can see from Formula (3) that is an increasing function of , and , while being a decreasing function of .
IiiB SOP Analysis
Regarding the SOP of a given path, we have the following lemma.
Lemma 2
For a concerned ad hoc network with the network model and wireless channel model as described in Section II, the SOP of a hop path is given by
(9) 
where .
Proof:
We first derive the SOP for a link on path , which is termed as . Based on the wireless channel model of Expression (2) and the definition of SOP, can be determined as (10), shown at the top of the next page.
(10) 
Applying the PGFL technique for the PPP , then Equation (10) can be reexpressed as (14), shown at the top of the next page,
(11)  
(12)  
(13)  
(14) 
where (12) follows from the Jensen’s inequality, and (13) follows from the same procedures which transform (4) into (7).
Due to the randomization strategy, each eavesdropper can only decode the signal of each hop individually according to the eavesdropping link SIR. Therefore, based on the SOP of a link , the SOP of the hop path can be finally determined as:
(15)  
We can see from Formula (9) that is an increasing function of and , while being a decreasing function of , and . It is notable that the statistical properties of the locations of eavesdroppers and jammers as well as the corresponding channel states have been carefully incorporated into the derivations of COP and SOP.
Remark 2
For a given ad hoc network, the network parameters , , , and are usually predetermined, the controllable parameter is the transmission power of each transmitter. It is worth noting that increasing will lead to a decrease in and an increase in , which agrees with the intuition that a larger transmission power can bring about a larger SIR at the intended receiver to gain a lower COP, at the same time it comes with the cost of a higher SOP since there is also a larger SIR at the eavesdroppers. This observation indicates that by adjusting the transmission power of each transmitter on path , we can achieve performance tradeoffs between COP and SOP.
Since the performance tradeoffs between COP and SOP exist, a problem of insight is how to optimize (minimize) one outage probability while ensuring that another outage probability is below some prespecified threshold. This problem is termed as the optimal performance tradeoffs and will be analyzed in the next section.
Iv Optimal Performance Tradeoffs
In this section, we formally define the optimal performance tradeoffs as the problems of securebased optimal COP (SOCOP) and QoSbased optimal SOP (QOSOP), and provide corresponding solutions, respectively.
Iva SOCOP: Securebased Optimal COP
We first analyze how to achieve optimal QoS performance (minimal COP) conditioned on that secure performance is ensured (SOP is below some prespecified threshold), which is termed as the problem SOCOP.
Let () denote the prespecified constraint on SOP of path , then the problem SOCOP can be formally defined as the following optimization issue:
(16)  
(17) 
Theorem 1
For a concerned multihop ad hoc network, where the densities of eavesdroppers and jammers are and , respectively, the required SIRs for an intended receiver correctly decoding the message and an eavesdropper successfully intercepting the message are and , respectively, the constraint on transmission security is , then the optimal solution (i.e., optimal transmission power) of problem SOCOP is determined as:
(18) 
and the optimal achievable COP with the guaranteed SOP is given by
(19) 
Proof:
Let , then in Formula (3) and in Formula (9) can be reexpressed as:
(20)  
(21) 
Substituting (21) into (17), we have
(22) 
Notice that in (20) is a decreasing function of while the objective in (16) is to minimize , so the inequality constraint (22) can be replaced by the equality constraint . Therefore, the problem SOCOP is equivalent to the following optimization issue^{3}^{3}3We can see from this optimization issue that except the transmission power of each link is variable, the distance is fixed and other quantities are known in a statistical perspective of view.:
(23)  
(24) 
To solve the above optimization issue, we apply the method of Lagrange multipliers [48]. Then, we obtain the following equations:
(25)  
where is the Lagrange multiplier, and we have
(26) 
Substituting (26) into (24), can be determined as:
(27) 
Substituting (27) into (26), we have
(28) 
Thus, the optimal transmission power of node is given by
and the minimum COP of path under the condition that is determined as:
IvB QOSOP: QoSbased Optimal SOP
We then analyze how to achieve optimal secure performance (minimal SOP) conditioned on that QoS performance is ensured (COP is below some prespecified threshold), which is termed as the problem QOSOP.
Let () denote the prespecified constraint on COP of path , then the problem QOSOP can be formally defined as the following optimization problem:
(29)  
(30) 
Theorem 2
For a given multihop ad hoc network, where the densities of eavesdroppers and jammers are and , respectively, the required SIRs for an intended receiver correctly decoding the message and an eavesdropper successfully intercepting the message are and , respectively, the constraint on communication QoS is , then the optimal solution (i.e., optimal transmission power) of problem QOSOP is determined as:
(31)  
and the optimal achievable SOP with the guaranteed COP is given by
(32) 
Proof:
Let , then and can be expressed as (20) and (21), respectively. Substituting (20) into (30) we have
(33) 
Notice that in (21) is an increasing function of while the objective in (29) is to minimize , so the inequality constraint (33) can be replaced by the equality constraint . Therefore, the problem QOSOP is equivalent to the following optimization issue:
(34)  
(35) 
Similar to the proof of Theorem 1, we also apply the method of Lagrange multipliers and obtain the following equations:
(36)  
where is the Lagrange multiplier. Then we have
(37) 
Substituting (37) into (35), can be determined as:
(38) 
Substituting (38) into (37), we have
(39) 
Thus, the optimal transmission power of node is given by
and the minimum SOP of path under the condition that is determined as:
We can see from Formula (31) that is an increasing function of , and , while being a decreasing function of . We can see from Formula (32) that is an increasing function of and , while being a decreasing function of and . Furthermore, our results indicate that the jammerrelated parameters and have impacts on and , while have no impact on and . This is in accordance with the intuition that jammers have opposite effects on COP and SOP, and for the performance tradeoffs the effects on two sides cancel each other out.
V Routing Algorithm
In Section III, we have derived the expressions of outage probabilities for a given path, and in Section IV, we have explored the optimal performance tradeoffs for a given path. Based on the obtained results, in this section, we further investigate the routing problem, i.e., for a pair of source and destination nodes with multiple optional endtoend paths, how to select the optimal path to achieve the minimum COP under the security constraint or the minimum SOP under the QoS constraint.
Va Routing Algorithm for SOCOP
We first consider the routing algorithm for SOCOP. Based on Formula (19), the routing problem of finding the optimal path which achieves the minimum COP under the security constraint can be expressed as:
(40) 
where denotes the set of all potential paths connecting the pair of source and destination nodes. Then (40) is equivalent to
(41) 
Expression (41) indicates that the routing problem for SOCOP is equivalent to finding the shortest path connecting the pair of source and destination nodes. It means that we can assign the link weights to each potential link and then find the path with the minimum total link weights. This problem can be directly solved by BellmanFord algorithm or Dijkstra’s algorithm [49], which returns the shortest paths from a source vertex to all other vertexes in a weighted graph. The computational complexity of BellmanFord algorithm is , while for Dijkstra’s algorithm, it is ,
is the number of network nodes. However, Dijkstra’s algorithm requires all link states in the whole network, while BellmanFord algorithm only needs the distance vectors between neighboring nodes such that it can be easily realized in a distributed ad hoc network based on the distance vector approach
[49].The distributed BellmanFord algorithm (i.e., the distance vector approach) does not take securityQoS tradeoffs into consideration. Thus, after finding the shortest path , the routing algorithm for SOCOP should conduct the transmission power allocation for each node on path (except the destination) based on Formula (18), which is another key procedure to achieve the optimal COP with a guaranteed SOP. It is notable that the computational complexity of proposed algorithm is dominated by the shortest path finding procedure, thus it has the same level of computational complexity as BellmanFord algorithm, i.e., . It is polynomial and much lower than that of the exhaustive search whose complexity is . The details of routing algorithm for SOCOP are summarized in Algorithm 1.
VB Routing Algorithm for QOSOP
We then consider the routing algorithm for QOSOP. Based on Formula (32), the routing problem of finding the optimal path which achieves the minimum SOP under the QoS constraint can be expressed as:
(42) 
Then (42) is equivalent to
(43) 
Expression (43) indicates that the routing problem for QOSOP is also equivalent to finding the shortest path connecting the pair of source and destination nodes. Thus, we also apply the distributed BellmanFord algorithm to find the shortest path , and then allocate the transmission power of each node on path (except the destination) based on Formula (31). The details of routing algorithm for QOSOP are summarized in Algorithm 2.
Regarding the implementation of the proposed routing algorithms for SOCOP and QOSOP in a practical ad hoc network, our proposals could be incorporated in some existing distance vector routing protocols, either the proactive ones like MDART [50] or the reactive ones like AODV [51]. The main difference between the two types of routings is that proactive routings establish and maintain routes proactively (periodically), while reactive routings construct and update routes only when needed (in an ondemand manner). Therefore, they should be applied based on network features, such as node mobility, delay requirement, etc. For example, for an ad hoc network with slow mobility and requires low delay, it is more appropriate for us to incorporate our proposals in proactive distance vector routing protocols, where the distributed BellmanFord algorithm can be applied to find the shortest path, and the dynamic addressing techniques in [50] can be utilized to reduce routing overhead. For an ad hoc network with fast mobility and can tolerate large delay, the reactive protocols could be more efficient for the implementation of our proposals. To deal with the fast topology changes caused by node mobility, route is established (i.e., finding the shortest path and allocating transmission power) in an ondemand manner. AODV is a variant of BellmanFord distance vector routing protocol, in which our proposals could be incorporated to achieve optimal securityQoS tradeoffs.
Vi Numerical Results and Discussions
In this section, we first present the Monte Carlo [52] simulation results to validate our theoretical analysis for the outage probabilities in a concerned multihop ad hoc network, and then apply our theoretical results to illustrate the performance tradeoffs and the corresponding routing algorithms.
Via Simulation Settings
We simulate a multihop ad hoc network in a square area. The jammers (resp. eavesdroppers) are distributed at random positions which follow the homogeneous PPP with density (resp. ). Regarding the basic network parameters, we set , , and . In each Monte Carlo simulation for COP and SOP, we consider the example of a fixed path with five links, where the transmission power and the distance of each link are set to be the same, respectively. The duration of each task of Monte Carlo simulation is set to rounds, and the simulated outage probability is given by
(44) 
where denotes the number of times that the event of outage occurs in each simulation.
ViB Validation for COP and SOP
We first summarize in Fig. 1 the theoretical and simulation results of COP performance, where we set and for . The theoretical curves are plotted according to Formula (3) while the simulated results are obtained based on Formula (44). We can see from Fig. 1 that the simulation results match nicely with the theoretical ones for all the cases, which indicates that our theoretical analysis is highly efficient in the evaluation of endtoend COP of multihop ad hoc networks. Another observation of Fig. 1 is that as the jammer’s density and/or the transmission distance increase, COP increases and thus the communication QoS is degraded.