I-a Background and Related Works
The ad hoc network represents a class of self-organizing network architecture, which consists of nodes communicating with each other over peer-to-peer wireless channels without centralized infrastructure . Since ad hoc networks can be flexibly deployed and reconfigured at very low cost, they are highly promising for many critical applications, such as disaster relief, emergency rescue, daily information exchange, traffic off-loading and coverage extension for 5G cellular networks [2, 3]. To facilitate the application and commercialization of ad hoc networks, protecting their transmission security is of great significance . However, due to the broadcast nature of wireless channel and the lack of central administration, it is very challenging for the traditional cryptographic-based security techniques  to be applied in such a distributed ad hoc network.
As a complementary technique of cryptographic-based methods, physical layer security, an information-theoretic approach which exploits the fundamental characteristics of wireless channel to achieve perfect secrecy, has been extensively studied over the past few decades. Based on the results of Shannon in , Wyner first indicated that perfect secrecy is achievable when the condition of main channel between transmitter and receiver is better than that of wiretap channel between transmitter and eavesdropper . Following this line, many research activities have been devoted to the study of physical layer security under various channel models, such as the broadcast channel , Gaussian wiretap channel , two-way wiretap channel , multi-access channel  and MIMO wiretap channel . Meanwhile, diverse approaches for improving physical layer security have been proposed in the literature. The works of [13, 14, 15, 16, 17, 18, 19] demonstrated that the strategies of cooperative jamming and relay selection can be utilized to enhance physical layer security. The works of [20, 21] indicated that physical layer security can also be facilitated by applying coding schemes. Moreover, the combinations of physical layer security with other techniques such as power allocation, signal processing, and cross-layer optimization were explored in ,  and , respectively.
Since physical layer security has the advantage of low computational complexity and can be easily implemented in a distributed manner, its application in ad hoc networks has attracted considerable academic attention recently [25, 26, 27, 28, 29, 30, 31, 32, 33]. For a large-scale ad hoc network, Vasudevan et al.  investigated the asymptotic behaviors of security-capacity tradeoff as the number of network nodes tends to infinity. The price in terms of performance degradation for ensuring physical layer security in ad hoc networks was explored under the large-scale network scenario  and single-hop network scenario , respectively. Goeckel et al.  indicated that the artificial noise generated by cooperative relays can be utilized to achieve everlasting secrecy in a two-hop ad hoc network. Koyluoglu et al.  studied the scaling behaviors of ad hoc networks under secrecy constraints. They demonstrated that under the path loss model, a secure rate of is achievable if the density of eavesdropper is below some threshold111 is the number of source-destination pairs and please kindly refer to  for the asymptotic notations.; while under the ergodic fading model, a constant secret rate can be achieved for sufficiently large . For a two-hop relay ad hoc network, Zou et al.  explored the cooperative-based relay selection schemes to improve transmission security against eavesdropping attack. Xie and Ulukus 
considered the single-hop ad hoc network with four fundamental wireless channels, and studied its secure degrees of freedom as well as provided the corresponding achievable schemes. Duyet al.  evaluated the secrecy performance of a two-hop cooperative relay network under the impact of co-channel interference and proposed an optimal relay selection scheme to maximize the secrecy capacity. Karas et al.  derived the closed-form expressions for SOP in a single-hop cellular system with the consideration of eavesdropper’s location uncertainty. For a detailed survey on physical layer security and its applications in ad hoc networks, please kindly refer to  and references therein.
I-B Motivation and Our Contributions
Although there have been extensive works for studying physical layer security in wireless networks, they mainly focus on either the single-hop and two-hop network scenarios, or the asymptotic large-scale network scenarios, while the research of physical layer security in multi-hop ad hoc networks which fills the significant gap between those two extremes is largely untouched and thus remains a technical challenge. By now, some initial results have been reported on the study of physical layer security in multi-hop ad hoc networks [36, 37, 38, 39]. Specifically, Saad et al.  proposed a tree-formation game to choose secure paths in multi-hop ad hoc networks. Later, Ghaderi et al.  explored the minimum energy routing which can guarantee security for multi-hop ad hoc networks. More recently, Yao et al.  studied the physical layer security-based routing in multi-hop ad hoc networks with decode-and-forward relaying, and Lee  proposed an optimal power allocation strategy for maximizing the secrecy rate in a special multi-hop relay network with single source-destination pair.
It is notable that security usually comes with a cost in terms of performance degradation [26, 27], thus the tradeoffs between security and other network performance should be carefully addressed for a practical multi-hop ad hoc network. In [40, 41] and our previous work , the issue of integrating security and quality of service (QoS) under some network scenarios was investigated. In [43, 44], the security-reliability tradeoff was explored in cooperative relay networks and cognitive radio systems, respectively, where the two-hop network scenarios were considered and corresponding optimal relay selection schemes were proposed. While in this paper, for the first time, we explore the tradeoffs between transmission security and communication QoS in a multi-hop ad hoc network. We consider a general multi-hop ad hoc network with randomly distributed legitimate nodes, cooperative jammers and malicious eavesdroppers, and analyze the connection outage probability (COP) and secrecy outage probability (SOP) for a given path. Based on the outage probability analysis, we study the COP and SOP tradeoffs, and further propose the routing algorithms which can achieve the optimal performance with the guaranteed communication QoS and transmission security in the concerned ad hoc network.
The main contributions of this paper are summarized as follows:
For any given end-to-end path in a general multi-hop ad hoc network where jammers and malicious eavesdroppers are randomly distributed following the independent Poisson point processes, we derive its COP and SOP in closed-form, which serve as the performance metrics of communication QoS and transmission security, respectively.
We formulate the security-QoS tradeoffs of a given path as two constrained optimization problems and provide corresponding analysis to obtain the optimal solutions. Based on the results of a given path, we further propose the routing algorithms which can find the optimal path between any pair of source and destination nodes, and allocate transmission power for each node on the path to achieve the optimal performance.
We provide extensive simulation and numerical results to validate the efficiency of our theoretical analysis, and illustrate the security-QoS tradeoffs as well as the performance of proposed routing algorithms.
I-C Paper Organization
The remainder of this paper is organized as follows. Section II introduces the preliminaries involved in this paper. The expressions of COP and SOP are derived in Section III. We explore the tradeoffs between COP and SOP in Section IV and propose the routing algorithms in Section V. Finally, Section VI presents the simulation and numerical results, and Section VII concludes this paper.
In this section, we introduce the network model, wireless channel model and performance metrics involved in this study.
Ii-a Network Model
Following the network model in , we consider a general multi-hop ad hoc network which consists of arbitrarily distributed legitimate nodes, cooperative jammers and malicious eavesdroppers. A -hop path (route) in the network is formed by links from to , and a link connects two legitimate nodes and on path . We assume that each link is exposed to a set of eavesdroppers denoted by . The locations of eavesdroppers are unknown since they usually work in a passive way. In order to statistically evaluate the network performance, an independent homogeneous Poisson point process (PPP) [27, 37, 38] with density is applied to characterize the distributions of eavesdroppers’ locations. Furthermore, we assume that whenever a legitimate node transmits a message, a set of external nodes , called jammers, cooperate with the legitimate node by jamming the message at eavesdroppers. The locations of jammers also follow an independent homogeneous PPP with density and the transmission power of each jammer is the same, denoted by .
Ii-B Wireless Channel Model
We consider the decode-and-forward (DF) relaying scheme and assume that the instantaneous wireless channel state between any pair of nodes is unavailable but can be statistically characterized by the large-scale path loss along with the small-scale Rayleigh fading [30, 37, 45, 46]. We also apply the randomization strategy widely used in other works [17, 29, 37], with which each link transmits independent randomization signal such that eavesdroppers cannot use combining techniques to combine the received signals from multiple hops. In addition, we assume that the network is interference-limited and thus the noise at the receiver is negligible . The reason of adopting interference-limited assumption is that the mathematical tractability of this assumption allows us to gain important insights into the security-QoS tradeoffs and routing protocol design in ad hoc networks, as shown in later context. More formally, regarding a transmission from node to node , let denote the transmission power of , and denote the normalized (unit power) symbol stream to be transmitted by and its jammer , respectively, and denote the received signal at . Then can be expressed as222We don’t consider mutual interference between legitimate links since it can be avoided by mature media access control techniques.:
where and (resp. and ) are the distance and the fading coefficient of wireless channel between (resp. ) and , is the path-loss exponent (typically between 2 and 6), (resp.
) is exponentially distributed with(resp. ). Similarly, for an eavesdropper , the signal received at is given by
where and (resp. and ) are the distance and the fading coefficient of wiretap link between (resp. ) and , (resp. ) is exponentially distributed with (resp. ).
Ii-C Performance Metrics
Connection Outage Probability: The event of connection outage refers to the case when the signal-to-interference ratio (SIR) at the intended receiver is below a required threshold , such that the message cannot be correctly decoded by the receiver. The connection outage probability (COP) is defined as the probability that the event of connection outage happens.
Secrecy Outage Probability: The event of secrecy outage refers to the case when the SIR at one or more eavesdroppers is above a required threshold , such that the message can be decoded by the eavesdropper(s). The secrecy outage probability (SOP) is defined as the probability that the event of secrecy outage happens.
Notice that in Wyner’s encoding scheme [7, 27], the transmitter chooses two rates, the rate of transmitted codewords and the rate of the confidential messages . The rate difference reflects the cost of securing the messages against the eavesdroppers. If the legitimate channel capacity is less than , the connection outage happens. While if the wiretap channel capacity is higher than , the secrecy outage happens. According to Shannon’s Theorem, the channel capacity is determined by the corresponding SIR at the receiver. Thus, our performance metrics can be easily mapped to those based on Wyner’s encoding scheme [7, 14, 17], where the conversions between the SIR thresholds and the code rates are and , and the results in this paper also applies to the Wyner’s encoding scheme.
The performance metrics COP and SOP are equivalent to the metrics outage probability (OP) and intercept probability (IP) defined in [43, 44] by applying Shannon’s Theorem, respectively. Following the statement in [43, 44], COP and SOP are of high significance as COP represents the communication QoS of a network user, while SOP serves as a measure of the transmission security level.
Iii Outage Probabilities Analysis
In this section, we derive the exact expressions of COP and SOP for a given path, which will help us explore the performance tradeoffs in Section IV.
Iii-a COP Analysis
Regarding the COP of a given path, we have the following lemma.
For a concerned ad hoc network with the network model and wireless channel model as described in Section II, the COP of a -hop path is given by
where , is a gamma function, denote the transmission power of .
We first derive the COP for a link on path , which is termed as . Based on the wireless channel model of Expression (1) and the definition of COP, can be determined as:
which can be further rewritten as (5), shown at the top of the next page.
Notice that for a homogeneous PPP, the corresponding probability generating functional (PGFL) is given by 
where is the location of . By applying PGFL in (5), then can be expressed as:
Due to the randomization strategy, each legitimate receiver can only decode the signal of each hop individually according to the link SIR. Therefore, based on the COP of a link , the COP of the -hop path can be finally determined as:
We can see from Formula (3) that is an increasing function of , and , while being a decreasing function of .
Iii-B SOP Analysis
Regarding the SOP of a given path, we have the following lemma.
For a concerned ad hoc network with the network model and wireless channel model as described in Section II, the SOP of a -hop path is given by
We first derive the SOP for a link on path , which is termed as . Based on the wireless channel model of Expression (2) and the definition of SOP, can be determined as (10), shown at the top of the next page.
Due to the randomization strategy, each eavesdropper can only decode the signal of each hop individually according to the eavesdropping link SIR. Therefore, based on the SOP of a link , the SOP of the -hop path can be finally determined as:
We can see from Formula (9) that is an increasing function of and , while being a decreasing function of , and . It is notable that the statistical properties of the locations of eavesdroppers and jammers as well as the corresponding channel states have been carefully incorporated into the derivations of COP and SOP.
For a given ad hoc network, the network parameters , , , and are usually pre-determined, the controllable parameter is the transmission power of each transmitter. It is worth noting that increasing will lead to a decrease in and an increase in , which agrees with the intuition that a larger transmission power can bring about a larger SIR at the intended receiver to gain a lower COP, at the same time it comes with the cost of a higher SOP since there is also a larger SIR at the eavesdroppers. This observation indicates that by adjusting the transmission power of each transmitter on path , we can achieve performance tradeoffs between COP and SOP.
Since the performance tradeoffs between COP and SOP exist, a problem of insight is how to optimize (minimize) one outage probability while ensuring that another outage probability is below some pre-specified threshold. This problem is termed as the optimal performance tradeoffs and will be analyzed in the next section.
Iv Optimal Performance Tradeoffs
In this section, we formally define the optimal performance tradeoffs as the problems of secure-based optimal COP (SO-COP) and QoS-based optimal SOP (QO-SOP), and provide corresponding solutions, respectively.
Iv-a SO-COP: Secure-based Optimal COP
We first analyze how to achieve optimal QoS performance (minimal COP) conditioned on that secure performance is ensured (SOP is below some pre-specified threshold), which is termed as the problem SO-COP.
Let () denote the pre-specified constraint on SOP of path , then the problem SO-COP can be formally defined as the following optimization issue:
For a concerned multi-hop ad hoc network, where the densities of eavesdroppers and jammers are and , respectively, the required SIRs for an intended receiver correctly decoding the message and an eavesdropper successfully intercepting the message are and , respectively, the constraint on transmission security is , then the optimal solution (i.e., optimal transmission power) of problem SO-COP is determined as:
and the optimal achievable COP with the guaranteed SOP is given by
Notice that in (20) is a decreasing function of while the objective in (16) is to minimize , so the inequality constraint (22) can be replaced by the equality constraint . Therefore, the problem SO-COP is equivalent to the following optimization issue333We can see from this optimization issue that except the transmission power of each link is variable, the distance is fixed and other quantities are known in a statistical perspective of view.:
To solve the above optimization issue, we apply the method of Lagrange multipliers . Then, we obtain the following equations:
where is the Lagrange multiplier, and we have
Thus, the optimal transmission power of node is given by
and the minimum COP of path under the condition that is determined as:
Iv-B QO-SOP: QoS-based Optimal SOP
We then analyze how to achieve optimal secure performance (minimal SOP) conditioned on that QoS performance is ensured (COP is below some pre-specified threshold), which is termed as the problem QO-SOP.
Let () denote the pre-specified constraint on COP of path , then the problem QO-SOP can be formally defined as the following optimization problem:
For a given multi-hop ad hoc network, where the densities of eavesdroppers and jammers are and , respectively, the required SIRs for an intended receiver correctly decoding the message and an eavesdropper successfully intercepting the message are and , respectively, the constraint on communication QoS is , then the optimal solution (i.e., optimal transmission power) of problem QO-SOP is determined as:
and the optimal achievable SOP with the guaranteed COP is given by
Notice that in (21) is an increasing function of while the objective in (29) is to minimize , so the inequality constraint (33) can be replaced by the equality constraint . Therefore, the problem QO-SOP is equivalent to the following optimization issue:
Similar to the proof of Theorem 1, we also apply the method of Lagrange multipliers and obtain the following equations:
where is the Lagrange multiplier. Then we have
Thus, the optimal transmission power of node is given by
and the minimum SOP of path under the condition that is determined as:
We can see from Formula (31) that is an increasing function of , and , while being a decreasing function of . We can see from Formula (32) that is an increasing function of and , while being a decreasing function of and . Furthermore, our results indicate that the jammer-related parameters and have impacts on and , while have no impact on and . This is in accordance with the intuition that jammers have opposite effects on COP and SOP, and for the performance tradeoffs the effects on two sides cancel each other out.
V Routing Algorithm
In Section III, we have derived the expressions of outage probabilities for a given path, and in Section IV, we have explored the optimal performance tradeoffs for a given path. Based on the obtained results, in this section, we further investigate the routing problem, i.e., for a pair of source and destination nodes with multiple optional end-to-end paths, how to select the optimal path to achieve the minimum COP under the security constraint or the minimum SOP under the QoS constraint.
V-a Routing Algorithm for SO-COP
We first consider the routing algorithm for SO-COP. Based on Formula (19), the routing problem of finding the optimal path which achieves the minimum COP under the security constraint can be expressed as:
where denotes the set of all potential paths connecting the pair of source and destination nodes. Then (40) is equivalent to
Expression (41) indicates that the routing problem for SO-COP is equivalent to finding the shortest path connecting the pair of source and destination nodes. It means that we can assign the link weights to each potential link and then find the path with the minimum total link weights. This problem can be directly solved by Bellman-Ford algorithm or Dijkstra’s algorithm , which returns the shortest paths from a source vertex to all other vertexes in a weighted graph. The computational complexity of Bellman-Ford algorithm is , while for Dijkstra’s algorithm, it is ,
is the number of network nodes. However, Dijkstra’s algorithm requires all link states in the whole network, while Bellman-Ford algorithm only needs the distance vectors between neighboring nodes such that it can be easily realized in a distributed ad hoc network based on the distance vector approach.
The distributed Bellman-Ford algorithm (i.e., the distance vector approach) does not take security-QoS tradeoffs into consideration. Thus, after finding the shortest path , the routing algorithm for SO-COP should conduct the transmission power allocation for each node on path (except the destination) based on Formula (18), which is another key procedure to achieve the optimal COP with a guaranteed SOP. It is notable that the computational complexity of proposed algorithm is dominated by the shortest path finding procedure, thus it has the same level of computational complexity as Bellman-Ford algorithm, i.e., . It is polynomial and much lower than that of the exhaustive search whose complexity is . The details of routing algorithm for SO-COP are summarized in Algorithm 1.
V-B Routing Algorithm for QO-SOP
We then consider the routing algorithm for QO-SOP. Based on Formula (32), the routing problem of finding the optimal path which achieves the minimum SOP under the QoS constraint can be expressed as:
Then (42) is equivalent to
Expression (43) indicates that the routing problem for QO-SOP is also equivalent to finding the shortest path connecting the pair of source and destination nodes. Thus, we also apply the distributed Bellman-Ford algorithm to find the shortest path , and then allocate the transmission power of each node on path (except the destination) based on Formula (31). The details of routing algorithm for QO-SOP are summarized in Algorithm 2.
Regarding the implementation of the proposed routing algorithms for SO-COP and QO-SOP in a practical ad hoc network, our proposals could be incorporated in some existing distance vector routing protocols, either the proactive ones like M-DART  or the reactive ones like AODV . The main difference between the two types of routings is that proactive routings establish and maintain routes proactively (periodically), while reactive routings construct and update routes only when needed (in an on-demand manner). Therefore, they should be applied based on network features, such as node mobility, delay requirement, etc. For example, for an ad hoc network with slow mobility and requires low delay, it is more appropriate for us to incorporate our proposals in proactive distance vector routing protocols, where the distributed Bellman-Ford algorithm can be applied to find the shortest path, and the dynamic addressing techniques in  can be utilized to reduce routing overhead. For an ad hoc network with fast mobility and can tolerate large delay, the reactive protocols could be more efficient for the implementation of our proposals. To deal with the fast topology changes caused by node mobility, route is established (i.e., finding the shortest path and allocating transmission power) in an on-demand manner. AODV is a variant of Bellman-Ford distance vector routing protocol, in which our proposals could be incorporated to achieve optimal security-QoS tradeoffs.
Vi Numerical Results and Discussions
In this section, we first present the Monte Carlo  simulation results to validate our theoretical analysis for the outage probabilities in a concerned multi-hop ad hoc network, and then apply our theoretical results to illustrate the performance tradeoffs and the corresponding routing algorithms.
Vi-a Simulation Settings
We simulate a multi-hop ad hoc network in a square area. The jammers (resp. eavesdroppers) are distributed at random positions which follow the homogeneous PPP with density (resp. ). Regarding the basic network parameters, we set , , and . In each Monte Carlo simulation for COP and SOP, we consider the example of a fixed path with five links, where the transmission power and the distance of each link are set to be the same, respectively. The duration of each task of Monte Carlo simulation is set to rounds, and the simulated outage probability is given by
where denotes the number of times that the event of outage occurs in each simulation.
Vi-B Validation for COP and SOP
We first summarize in Fig. 1 the theoretical and simulation results of COP performance, where we set and