# On the Throughput of Secure Hybrid-ARQ Protocols for Gaussian Block-Fading Channels

**ABSTRACT** The focus of this paper is an information-theoretic study of retransmission protocols for reliable packet communication under a secrecy constraint. The hybrid automatic retransmission request (HARQ) protocol is revisited for a block-fading wire-tap channel, in which two legitimate users communicate over a block-fading channel in the presence of a passive eavesdropper who intercepts the transmissions through an independent block-fading channel. In this model, the transmitter obtains a 1-bit ACK/NACK feedback from the legitimate receiver via an error-free public channel. Both reliability and confidentiality of secure HARQ protocols are studied by the joint consideration of channel coding, secrecy coding, and retransmission protocols. In particular, the error and secrecy performance of repetition time diversity (RTD) and incremental redundancy (INR) protocols are investigated based on good Wyner code sequences, which ensure that the confidential message is decoded successfully by the legitimate receiver and is kept in total ignorance by the eavesdropper for a given set of channel realizations. This paper first illustrates that there exists a good rate-compatible Wyner code family which ensures a secure INR protocol. Next, two types of outage probabilities, connection outage and secrecy outage probabilities are defined in order to characterize the tradeoff between the reliability of the legitimate communication link and the confidentiality with respect to the eavesdropper's link. For a given connection/secrecy outage probability pair, an achievable throughput of secure HARQ protocols is derived for block-fading channels. Finally, both asymptotic analysis and numerical computations demonstrate the benefits of HARQ protocols to throughput and secrecy.

**0**Bookmarks

**·**

**95**Views

- [Show abstract] [Hide abstract]

**ABSTRACT:**We consider arbitrary Hybrid-Automatic-Repeat-Request (H-ARQ) wireless links over quasi-static Rayleigh fading chan-nels. In this paper, we translate the repeat-request advantage of the intended receiver over potential eavesdroppers to link security. In particular, with statistical-only knowledge of the channel and noise, we find for the first time in the litera-ture the optimal power allocation sequence over the H-ARQ rounds that maximizes the outage probability of eavesdrop-pers for any given target outage probability of the trusted re-ceiver. Simulation studies demonstrate orders of magnitude difference in outage probability between eavesdroppers and intended receiver. - SourceAvailable from: Poonam Jindal[Show abstract] [Hide abstract]

**ABSTRACT:**IEEE802.11 wireless networks have become one of the most widely used networks as users can connect and access the required information anytime and anywhere. Due to open nature of wireless medium, there are many security issues associated with them. In the present work an experimental analysis to study the impact of transmission power of access point on the performance of secure wireless network is analyzed in terms of throughput in roaming scenarios for IEEE802.11n WLAN standard. Three power levels high, medium and low have been considered for access point. Analysis has been done in terms of network through put. From the obtained numerical values, it is found that the security performance of transmission power IEEE802.11 LAN slightly changes on varying the transmit power from high level to medium level for both UDP and TCP traffic but on varying the power from medium to low level, the network throughput performance for UDP and TCP traffic is increased by 3% and 10% respectively.Proceedings of the 2014 Fourth International Conference on Advanced Computing & Communication Technologies; 02/2014 - SourceAvailable from: S. Tomasin[Show abstract] [Hide abstract]

**ABSTRACT:**Secure transmission between two agents, Alice and Bob, over block fading channels can be achieved similarly to conventional hybrid automatic repeat request (HARQ) by letting Alice transmit multiple blocks, each containing an encoded version of the secret message, until Bob informs Alice about successful decoding by a public error-free return channel. In existing literature each block is a differently punctured version of a single codeword generated with a Wyner code that uses a common randomness for all blocks. In this paper instead we propose a more general approach where multiple codewords are generated from independent randomnesses. The class of channels for which decodability and secrecy is ensured is characterized, with derivations for the existence of secret codes. We show in particular that the classes are not a trivial subset (or superset) of those of existing schemes, thus highlighting the novelty of the proposed solution. The result is further confirmed by deriving the average achievable secrecy throughput, thus taking into account both decoding and secrecy outage.01/2014;

Page 1

arXiv:0712.4135v1 [cs.IT] 26 Dec 2007

1

On the Throughput of Secure Hybrid-ARQ Protocols

for Gaussian Block-Fading Channels

Xiaojun Tang, Ruoheng Liu, Predrag Spasojevi´ c, and H. Vincent Poor

Abstract

The focus of this paper is an information-theoretic study of retransmission protocols for reliable

packet communication under a secrecy constraint. The hybrid automatic retransmission request (HARQ)

protocol is revisited for a block-fading wire-tap channel, in which two legitimate users communicate over

a block-fading channel in the presence of a passive eavesdropper who intercepts the transmissions through

an independent block-fading channel. In this model, the transmitter obtains a 1-bit ACK/NACK feedback

from the legitimate receiver via an error-free public channel. Both reliability and confidentiality of secure

HARQ protocols are studied by the joint consideration of channel coding, secrecy coding, and retrans-

mission protocols. In particular, the error and secrecy performance of repetition time diversity (RTD) and

incremental redundancy (INR) protocols are investigated based on good Wyner code sequences, which

ensure that the confidential message is decoded successfully by the legitimate receiver and is kept in

total ignorance by the eavesdropper for a given set of channel realizations. This paper first illustrates

that there exists a good rate-compatible Wyner code family which ensures a secure INR protocol. Next,

two types of outage probabilities, connection outage and secrecy outage probabilities are defined in

order to characterize the tradeoff between the reliability of the legitimate communication link and the

confidentiality with respect to the eavesdropper’s link. For a given connection/secrecy outage probability

pair, an achievable throughput of secure HARQ protocols is derived for block-fading channels. Finally,

both asymptotic analysis and numerical computations demonstrate the benefits of HARQ protocols to

throughput and secrecy.

This research was supported by the National Science Foundation under Grants ANI-03-38807, CNS-06-25637 and CCF-07-

28208. The material in this paper was presented in part at the IEEE International Symposium on Information Theory, Nice,

France, June 24 - 29, 2007.

X. Tang and P. Spasojevi´ c are with Wireless Information Network Laboratory (WINLAB), Department of Electrical and

Computer Engineering, Rutgers University, North Brunswick, NJ 08902, USA (e-mail: {xtang,spasojev}@winlab.rutgers.edu).

R. Liu and H. V. Poor are with Department of Electrical Engineering, Princeton University, Princeton, NJ 08544, USA (email:

{rliu,poor}@princeton.edu).

Page 2

2

Index Terms

Information-theoretic secrecy, HARQ, block-fading, rate compatible punctured codes, incremental

redundancy, time diversity.

I. INTRODUCTION

Reliable communication is essential in applications of wireless packet-oriented data networks. A class

of special coding schemes, the so-called hybrid automatic retransmission request (HARQ), combine

powerful channel coding with retransmission protocols to enhance the reliability of communication links.

Among currently available HARQ protocols, the most elementary form is the repetition-coding-based

HARQ which combines several noisy observations of the same packet by using a suitable diversity

technique at the receiver, such as maximal-ratio combining, equal-gain combining, or selection combining.

A more powerful HARQ scheme is the so-called incremental redundancy HARQ, which achieves higher

throughput efficiency by adapting its error correcting code redundancy to fluctuating channel conditions.

In an incremental redundancy scheme, the message is encoded at the transmitter by a “mother” code.

Initially, only a selected number of coded symbols are transmitted. The selected number of coded symbols

form a codeword of a punctured mother code. If a retransmission is requested, additional redundancy

symbols are sent under possibly different channel conditions. An information-theoretic analysis of the

throughput performance of HARQ protocols over block-fading Gaussian collision channels is found in

[1]. By assuming Gaussian random coding and typical-set decoding, the results of [1] are independent of

the particular coding/decoding technique and can be regarded as providing a limiting performance in the

information-theoretic sense. Another line of recent research on HARQ concerned with various mother

codes and their puncturing can be found in [2]–[8].

Confidentiality is a basic requirement for secure communication over wireless networks. We note that

the broadcast nature of the wireless medium gives rise to a number of security issues. In particular, wireless

transmission is very susceptible to eavesdropping since anyone within communication range can listen

to the traffic and possibly extract information. Traditionally, confidentiality has been provided by using

cryptographic methods, which rely heavily on secret keys. However, the distribution and maintenance of

secret keys are still open issues for large wireless networks. Fortunately, confidential communication is

possible without sharing a secret key between legitimate users. This was shown by Wyner in his seminal

paper [9]. In the discrete memoryless wire-tap channel model he proposed, the communication between

two legitimate users is eavesdropped upon via a degraded channel (the eavesdropper channel). The level

Page 3

3

of ignorance of the eavesdropper with respect to the confidential message is measured by the equivocation

rate. Perfect secrecy requires that the equivocation rate should be asymptotically equal to the message

entropy rate. Wyner showed that perfect secrecy can be achieved via a stochastic code, referred to as

Wyner secrecy code. Csisz´ ar and K¨ orner generalized this result and determined the secrecy capacity

region of the broadcast channel with confidential messages in [10]. Recent research investigates multi-

user communication with confidential messages, e.g., multiple access channels with confidential messages

[11], [12], multiple access wire-tap channels [13], and interference channels with confidential messages

[14]. The effect of fading on secure communication has been studied in [15]–[18]. More specifically,

assuming that all communicating parties have perfect channel state information (CSI) prior to the message

transmission, [15] has studied the delay limited secrecy capacity of wireless channels, while [16]–[18]

have studied the secrecy capacity of an ergodic fading channel. [18] has also considered the ergodic

scenario in which the transmitter has no CSI about the eavesdropper channel.

In this paper, we investigate secure packet communication based on HARQ protocols. The challenge

of this problem is twofold: first, the encoder at the transmitter needs to provide sufficient redundancy for

the legitimate receiver to decode its message successfully; on the other hand, too much redundancy may

help adversarial eavesdropping. As an example, retransmission is an effective way to enhance reliability,

but nevertheless it may also compromise confidentiality. This motivates the joint consideration of channel

coding, secrecy coding, and retransmission protocols.

We consider a frequency-flat block-fading Gaussian wire-tap channel. In this model, a transmitter sends

confidential messages to a legitimate receiver via a block-fading channel in the presence of a passive

eavesdropper who intercepts the transmission through an independent block-fading channel. We assume

that the transmitter has no perfect CSI, but receives a 1-bit ACK/NACK feedback from the legitimate

receiver via a reliable public channel. Under this setting, we study the secure HARQ protocols from an

information theoretic point of view. In particular, the error and secrecy performance of repetition time

diversity (RTD) and incremental redundancy (INR) protocols are investigated based on good Wyner code

sequences, which ensure that the confidential message is decoded successfully by the legitimate receiver

and is kept completely secret from the eavesdropper for a given set of channel realizations of both the

main and the eavesdropper channels. Next, we show that there exists a good rate-compatible Wyner

code family which suits the secure INR protocol. Due to the absence of CSI, the transmitter cannot

adapt its code and power level to channel conditions. Instead, for a given mother code, we consider the

outage performance of secure HARQ protocols. Specifically, we define two types of outage: connection

outage and secrecy outage. The outage probabilities (i.e., the probabilities of connection and secrecy

Page 4

4

outage) are used to characterize the tradeoff between the reliability of the legitimate communication link

and the confidentiality with respect to the eavesdropper’s link. We evaluate the achievable throughput of

HARQ protocols under the constraints on these two outage probabilities. Finally, we compare the secrecy

throughput of two HARQ protocols through both numerical computations and an asymptotic analysis,

and illustrate the benefit of HARQ schemes to information secrecy.

Generally speaking, when the coding parameters (main channel code rate and secrecy information rate

for ensuring reliability and secrecy, respectively) can be freely chosen, INR can achieve a significantly

larger throughput than RTD, which concurs with the results not involving secrecy where it has been

shown that mutual-information accumulation (INR) is a more effective approach than SNR-accumulation

(RTD) [1]. However, when one is forced to ensure small connection outage for the main channel even

when it is bad, one is forced to reduce the main channel code rate. The INR scheme, having a larger

coding gain (to both the intended receiver and the eavesdropper), needs to sacrifice a larger portion of

the main channel code rate in order to satisfy the secrecy requirement. Hence, when the main channel

code rate is bounded due to the connection outage constraint, the achievable secrecy throughput of INR

may be smaller than that of RTD. This result deviates from that not involving secrecy.

The remainder of this paper is organized as follows. We describe the system model and preliminaries in

Section II. In Section III, we prove the existence of good Wyner codes for parallel channel communication

and define outage events, while these results are applied to INR and RTD protocols in Section IV. We

derive the secrecy throughput of two protocols over block fading channels in Section V, and present an

asymptotic analysis in Section VI. We illustrate and compare the various results and protocols numerically

in Section VII. Finally, we give conclusions and some interesting directions for future research in

Section VIII, The proofs of the results are provided in appendices.

II. SYSTEM MODEL AND PRELIMINARIES

A. System Model

As shown in Fig. 1, we consider a model in which a transmitter sends confidential messages to a

destination via a source-destination channel (the main channel) in the presence of a passive eavesdropper

which listens to the transmission through a source-eavesdropper channel (the eavesdropper channel). Both

the main channel and the eavesdropper channel experience M-block fading, in which the channel gain

is constant within a block while varying independently from block to block [19], [20]. We assume that

each block is associated with a time slot of duration T and bandwidth W; that is, the transmitter can

Page 5

5

Main Channel

Eavesdropper Channel

ENC DEC

Wˆ

W

⊗

g

⊕

u

⊗

h

⊕

v

),|(gZWH

m

m

Y

m

Z

ACK/NACK (public)

m

X

Fig. 1. System model: hybrid ARQ protocols for the block-fading channel in the presence of a passive eavesdropper

send N = ⌊2WT⌋ real symbols in each slot. Additionally, we assume that the number of channel uses

within each slot (i.e., N) is large enough to allow for invoking random coding arguments.1

At the transmitter, a confidential message w ∈ W is encoded into a codeword xMN, which is then

divided into M blocks [xN

1,xN

2,...,xN

M], each of length N. The codeword xMNoccupies M slots; that

is, for i = 1,...,M, the i-th block xN

iis sent in slot i and received by the legitimate receiver through the

channel gain hiand by the eavesdropper through the channel gain gi. A discrete time baseband-equivalent

block-fading wire-tap channel model can be expressed as follows:

y(t) =

?

hix(t) + v(t)

and

z(t) =√gix(t) + u(t)

for t = 1,...,MN, i = ⌈t/N⌉,

(1)

where x(t) denotes the input signal, y(t) and z(t) denote the output signals at the legitimate receiver

and the eavesdropper, respectively, at time t (t = 1,...,MN), {v(t)} and {u(t)} are independent and

identically distributed (i.i.d.) N(0,1) random variable sequences, and hiand gi, for i = 1,...,M, denote

the normalized (real) channel gains of the main channel and the eavesdropper channel, respectively.

Furthermore, we assume that the signal x(t) has constant average energy per symbol

E[|x(t)|2] ≤¯P.

(2)

1For example, in a 64 kb/s down-link reference data channel for universal mobile telecommunications system (UMTS) data-

transmission modes, each slot can contain up to N ≈ 10000 dimensions [21].

Page 6

6

Let h = [h1,...,hM] and g = [g1,...,gM] denote vectors whose elements are the main channel gains

and the eavesdropper channel gains, respectively. We refer to (h,g) as a channel pair and assume that

the legitimate receiver knows its channel h, while the eavesdropper knows its channel g.

B. Wyner Codes

In this subsection, we consider a single-block transmission, i.e., M = 1 and introduce Wyner codes

[9], which are the basis of our secure HARQ protocols.

Let C(R0,Rs,N) denote a Wyner code of size 2NR0to convey a confidential message set W =

{1,2,...,2NRs}, where R0≥ Rsand N is the codeword length. The basic idea of Wyner codes is to

use a stochastic encoder to increase the secrecy level [9], [10]. Hence, there are two rate parameters

associated with the Wyner code: the main channel code rate R0and the secrecy information rate Rs.2

The Wyner code C(R0,Rs,N) is constructed based on random binning [9] as follows. We generate

2NR0codewords xN(w,v), where w = 1,2,...,2NRs, and v = 1,2,...,2N(R0−Rs), by choosing the

N2NR0symbols xi(w,v) independently at random according to the input distribution p(x). A Wyner

code ensemble C(R0,Rs,N) is the set of all possible Wyner codes of length N, each corresponding to

a specific generation and a specific labeling.

The stochastic encoder of C(R0,Rs,N) is described by a matrix of conditional probabilities so that,

given w ∈ W, we randomly and uniformly select v from {1,2,...,2N(R0−Rs)} and transmit xN=

xN(w,v). We assume that the legitimate receiver employs a typical-set decoder. Given yN, the legitimate

receiver tries to find a pair ( ˜ w, ˜ v) so that xN( ˜ w, ˜ v) and yNare jointly typical [22], i.e.,

{xN( ˜ w,˜ v),yN} ∈ TN

ǫ(PXY).

If there is no such jointly typical pair, then the decoder claims failure.

Assume that signals yNand zNare received at the legitimate receiver and the eavesdropper, respec-

tively, via a channel pair (h,g). The average error probability is defined as

Pe(h) =

?

w∈W

Pr?φ?YN(w)??= w|h,w sent?Pr(w),

(3)

where φ?YN(w)?is the output of the decoder at the legitimate receiver and Pr(w) is the prior probability

that message w ∈ W is sent.

2We call R0− Rs the secrecy gap as the rate sacrificed to ensure the secrecy requirement.

Page 7

7

The secrecy level, i.e., the degree to which the eavesdropper is confused, is measured by the equivo-

cation rate at the eavesdropper. Perfect secrecy is achieved if for all ǫ > 0 the equivocation rate satisfies

1

NH(W|g,ZN) ≥

1

NH(W) − ǫ.

(4)

For conciseness, we say that a code C of length N is good for a wire-tap channel with the channel pair

(h,g) if Pe(h) ≤ ǫ and the perfect secrecy requirement (4) can be achieved, for all ǫ > 0 and sufficiently

large N.

C. Secure HARQ Protocols

We first consider a general (in M) secure HARQ protocol for a block-fading wire-tap channel. The

transmitter encodes the confidential information (and cyclic redundancy check (CRC) bits) by using a

mother code of length MN. The obtained codeword xMNis partitioned into M blocks represented as

[xN

1,xN

(h1,g1). Decoding of this code is performed at the intended receiver, while the secrecy level is measured

2,...,xN

M]. At the first transmission, the transmitter sends the block xN

1under the channel gain pair

at the eavesdropper. If no error is detected, the receiver sends back an acknowledgement (ACK) to stop

the transmission; otherwise a negative acknowledgement (NACK) is sent to request retransmission, and

the transmitter sends the block xN

2under the channel gain pair (h2,g2). Now, decoding and equivocation

calculation are attempted at the receiver and eavesdropper by combining the previous block xN

1with the

new block xN

2. The procedure is repeated after each subsequent retransmission until all M blocks of

the mother code are transmitted or an HARQ session completes due to the successful decoding at the

intended receiver.

Now, we focus on the error performance and secrecy level after m transmissions, m = 1,2,...,M.

Let

x(m) = [xN

1,...,xN

m],

y(m) = [yN

1,...,yN

m],

and

z(m) = [zN

1,...,zN

m]

denote the input, the output at the intended receiver, and the output at the eavesdropper after m transmis-

sions, respectively. For a given channel pair (h,g), the average error probability after the m transmissions

is defined as

Pe(m|h) =

?

w∈W

Pr?φ?Ym(w)??= w|w sent,h?Pr(w),

(5)

where φ?Ym(w)?denotes the output of the decoder at the legitimate receiver after m transmissions.

The secrecy level after m transmissions is given by

1

mNH(W|Zm,g).

Page 8

8

We say that perfect secrecy is achieved after m transmissions if, for all ǫ > 0, the equivocation rate

satisfies

1

mNH(W|Zm,g) ≥

1

mNH(W) − ǫ.

(6)

We note that this definition implies that the perfect secrecy can also be achieved after j transmissions,

for j = 1,...,m − 1.

Similar to the definition of good codes for a single-block transmission, we say that a code C of length

mN is good for the m-block transmission and a channel pair (h,g) if Pe(m|h) ≤ ǫ and the perfect

secrecy requirement (6) can be achieved, for all ǫ > 0 and sufficiently large N.

In particular, we consider the following two secure HARQ protocols based on different mother codes

and different combination techniques.

1) Incremental Redundancy: In the INR secure HARQ protocol, the mother code is a Wyner code of

length MN, i.e.,

C ∈ C(R0,Rs,MN).

In the first transmission, the transmitted coded symbols x(1) = [xN

1] form a codeword of a punctured

Wyner code of length N,

C1∈ C (MR0,MRs,N).

Similarly, after m transmission, m = 1,...,M, the (all) transmitted coded symbols x(m) = [xN

1,...,xN

m]

form a codeword of a punctured Wyner code of length mN,

Cm∈ C

?MR0

m

,MRs

m

,mN

?

.

At the legitimate receiver and the eavesdropper, decoding and equivocation calculation are attempted,

respectively, based on the punctured code Cm.

We note that the punctured codes {CM, CM−1, ..., C1} form a family of rate-compatible Wyner

codes with the secrecy rates

?

Hence, we refer to this protocol as the INR protocol based on rate-compatible Wyner codes.

Rs,

M

M − 1Rs, ..., MRs

?

.

2) Repetition Time Diversity: We also consider a simple time-diversity HARQ protocol based on the

repetition of a Wyner code. In this case, the mother code C is a concatenated code consisting of the

Wyner code C1∈ C (MR0,MRs,N) as the outer code and a simple repetition code of length M as the

inner code, i.e.,

C = [C1,C1,...,C1

?

???

M

].

(7)

Page 9

9

After each transmission, decoding and equivocation calculation are performed at the receiver and the

eavesdropper, respectively, based on maximal-ratio packet combining.

III. SECURE CHANNEL SET AND OUTAGE EVENTS

In this section, we study the error performance and the secrecy level when a mother Wyner code is

transmitted over M parallel channels. Results given in this section form the basis for the performance

analysis of secure HARQ protocols.

For a given Wyner code, an important practical question is: under what channel conditions will the

communication be reliable and secure? In the following theorem, we describe a secure channel set and

demonstrate that there exists a Wyner code sequence good for all channel pairs in this set.

Theorem 1. Let P denote the union of all channel pairs (h,g) satisfying

1

M

M

?

M

?

i=1

I(X;Y |hi) ≥ R0

(8)

and

1

M

i=1

I(X;Z|gi) ≤ R0− Rs,

(9)

where I(X;Y |hi) and I(X;Z|gi) are single letter mutual information characterizations of the channel

(1). There exists a Wyner code C ∈ C(R0,Rs,MN) good for all channel pairs (h,g) ∈ P.

Proof: A proof of Theorem 1 is provided in Appendix A.

In the system model described in Section II, the transmitter does not have any channel state information;

that is, one cannot choose the code based on a particular fading channel state. Hence, it is important to

show that there exists a Wyner code sequence good for all channel pairs in the secure channel set P.

To facilitate the formulation of outage-based throughput, we define that an outage event occurs when

the channel pair does not belong to the secure channel set, i.e., (h,g) / ∈ P. Specifically, we distinguish

two types of outage: connection outage3and secrecy outage. In particular, we say that a connection

outage occurs if

1

M

M

?

i=1

I(X;Y |hi) < R0,

(10)

3The main channel is viewed as a communication link. The link is connected if a packet can be delivered to the intended receiver

successfully within the delay constraint (within M transmissions), otherwise it is in the connection outage. The connection outage

probability defined in this paper is also referred to as information outage probability in [19].

Page 10

10

while we say that a secrecy outage occurs if

1

M

M

?

i=1

I(X;Y |gi) > R0− Rs.

(11)

Accordingly, we can evaluate both connection outage and secrecy outage probabilities, which are the

probabilities of each of the outage events averaged over all possible fading states. In fact, the connection

outage probability can be interpreted as the limiting error probability for large block length packets; the

secrecy outage probability can be regarded as an upper bound on the probability of unsecured packets.

Moreover, Theorem 1 implies that the connection outage probability and the secrecy outage probability

are not just average probabilities over a code ensemble, but they can be achieved by a deterministic code

sequence.

IV. SECURE HARQ WITH WYNER CODES

In this section, we evaluate the error performance and measure the secrecy level during secure HARQ

sessions.

A key part of an ARQ protocol is that decoding errors should be detected, so that ACKs or NACKs can

be generated accurately. A complete decoding function (e.g. maximum a posteriori probability decoding

or maximum-likelihood decoding) requires the encoder to add extra redundancy to the information bits,

which decreases the throughput slightly. The authors of [1] have shown that error detection can be

accomplished by using the built-in error detection capability of suboptimal decoders.

Lemma 1. [1, Lemma 3] For all ǫ > 0 and channel h, any code C of length MN satisfies

Pr(undetected error|h,C) < ǫ,

for all sufficiently large N.

Proof: The proof follows similarly to that given in [1].

A. Incremental Redundancy

To evaluate the performance of the INR protocol, we employ the following M-parallel channel model.

Let us focus on the decoding after m transmissions, i.e., the coded blocks x(m) = [xN

1,...,xN

m] are

transmitted, m = 1,...,M. As shown in Fig. 2, the block xN

i

experiences channel pair (hi,gi), i =

1,...,m. We assume that each of the punctured blocks [xN

m+1,...,xN

M] is sent to a dummy memoryless

component channel whose output is independent of the input.

Page 11

11

N

x2

N

m

N

m

x

x

1

+

N

M

x

M

M

N

y1

N

y2

N

m

y

N

b1

M

M

N

z1

N

z2

N

m

z

N

d1

N

Mm

d

−

M

M

M

h

m

1

+

m

M

h

M

h

2 h

1h

M

g

m

1

+

m

M

g

M

g

2

g

1 g

1

2

m

m+1

M

N

Mm

b

−

M

M

N

x1

Fig. 2.

M-parallel channel model for the INR protocol: the first m punctured blocks are actually transmitted (solid lines);

the remaining M − m punctured blocks are assumed to be sent via M − m dummy memoryless channels whose outputs are

independent of the inputs (dashed lines).

In this case, the mother codeword is transmitted over M parallel channels. At the legitimate receiver, the

decoder combines the real signal y(m) = [yN

1,...,yN

m] with M−m dummy signal blocks [bN

1,...,bN

M−m]

to form

[yN

1,...,yN

m,bN

1,...,bN

M−m].

Similarly, the processed symbols at the eavesdropper are

[zN

1,...,zN

m,dN

1,...,dN

M−m],

where [dN

1,...,dN

M−m] are M −m dummy signal blocks. We note that the added dummy blocks do not

affect either the decoding at the legitimated receiver or the equivocation calculation at the eavesdropper

Page 12

12

since they are independent of the confidential message.

The codewords of the mother Wyner code C are transmitted in at most M transmissions during the

secure HARQ session. By using the equivalent parallel channel model, we can describe this secure HARQ

problem as communication over M parallel wire-tap channels and, hence, establish the following theorem.

Theorem 2. Consider the secure INR protocol based on rate compatible Wyner codes

{CM,CM−1,...,C1},

where

Cm∈ C

?MR0

m

,MRs

m

,mN

?

,m = 1,...,M.

Let P(m) denote the union of all channel pairs (h,g) satisfying

1

M

m

?

m

?

i=1

I(X;Y |hi) ≥ R0,

(12)

and

1

M

i=1

I(X;Z|gi) ≤ R0− Rs.

(13)

Then, there exists a family of rate compatible Wyner codes {CM,CM−1,...,C1} such that Cmis good

for all channel pairs (h,g) ∈ P(m), for i = 1,...,M.

Proof: We provide a proof of Theorem 2 in Appendix B.

B. Repetition Time Diversity

In the RTD secure HARQ protocol, both the legitimate receiver and the eavesdropper combine several

noisy observations of the same packet based on diversity techniques. The optimal receivers perform

maximal-ratio combining (MRC), which essentially transforms the vector channel pair (h,g) into a

scalar channel pair (ˆh(m), ˆ g(m)). Hence, after m transmissions, the equivalent channel model can be

written as follows:

y(t) =

?

ˆh(m)x(t) + v(t)

and

z(t) =

?

ˆ g(m)x(t) + u(t)

(14)

for t = 1,...,N, whereˆh(m) =?m

Let L(m) denote the union of all channel pairs (h,g) satisfying

i=1hiand ˆ g(m) =?m

i=1gi.

I(X;Y |ˆh(m)) ≥ MR0,

(15)

and

I(X;Z|ˆ g(m)) ≤ M(R0− Rs),

(16)

Page 13

13

where I(X;Y |ˆh(m)) and I(X;Z|ˆ g(m)) are single letter mutual information characterizations of the

channel (14). For a given (finite) M, we have the following result for the RTD secure HARQ protocol.

Corollary 1. There exists a Wyner code C1∈ C (MR0,MRs,N) such that its m-repeating code

Cm= [C1,C1,...,C1

?

???

m

]

is good for all channel pairs (h,g) ∈ L(m), for m = 1,...,M.

Proof: The proof follows directly from Theorem 1 by setting M = 1.

V. SECRECY THROUGHPUT OF HARQ PROTOCOLS

In this section, we study the achievable secrecy throughput for HARQ protocols. We focus on Rayleigh

independent block fading channels for illustration; other types of block fading channels can be studied

in a similar way.

We note that the optimal input distribution of the channel (1) is not known in general when the

transmitter has no CSI. For the sake of mathematical tractability, we consider Gaussian inputs. For INR,

the mutual information I[INR]

XY

(m) and I[INR]

XZ(m) can be written as

I[INR]

XY(m) =

1

2M

m

?

m

?

i=1

log2(1 + λi)

and

I[INR]

XZ(m) =

1

2M

i=1

log2(1 + νi),

(17)

where

λi= hi¯P

and

νi= gi¯P,i = 1,...,M,

(18)

are the signal-to-noise ratios (SNRs) at the legitimate receiver and the eavesdropper, respectively, during

transmission i. For RTD, we can express the mutual information quantities I[RTD]

XY

(m) and I[RTD]

XZ

(m) as

I[RTD]

XY

(m) =

1

2Mlog2

?

?

1 +

m

?

m

?

i=1

λi

?

?

and

I[RTD]

XZ

(m) =

1

2Mlog2

1 +

i=1

νi

.

(19)

Although we consider only Gaussian signaling here, the results in Section IV can be applied to other

input distributions, for example, discrete signaling under modulation constraints.

Page 14

14

Let M denote the number of transmissions within a HARQ session. Given a distribution of the main

channel SNR λ, for both INR and RTD protocols, the probability mass function of M can be expressed

as

p[M = m] = Pr{IXY(m − 1) < R0and IXY(m) ≥ R0}

= Pr{IXY(m − 1) < R0} − Pr{IXY(m) < R0},m = 1,...,M − 1,

and

p[M = M] = Pr{IXY(M − 1) < R0},

where IXY(m) and IXZ(m) are chosen either from (19) or from (17) corresponding to a specific HARQ

(20)

protocol. Let Pedenote the connection outage probability, and Psdenote the secrecy outage probability.

The definition in (20) implies that Peand Pscan be written as follows:

Pe= Pr{IXY(M) < R0},

M

?

(21)

and

Ps=

m=1

p[m]Pr{IXZ(m) > R0− Rs}.

(22)

Now, we study the secrecy throughput based on Peand Ps. We first consider a target secrecy outage

probability ξs; that is, at least a fraction 1 − ξsof the confidential message bits sent by the transmitter

are kept completely secret. Under this constraint, the secrecy throughput η, measured in bits per second

per hertz, is defined to be the average number of bits decoded at the legitimate receiver,

η = lim

t→∞

a(t)

tN,

(23)

where again N is the number of symbols in each block and a(t) is the number of information bits

successfully decoded by the intended receiver up to time slot t (when a total of tN blocks are sent). The

event that the transmitter stops sending the current codeword is recognized to be a recurrent event [23].

A random reward R is associated with the occurrence of the recurrent event. In particular, R = MRs

bits/symbol if transmission stops because of successful decoding, and R = 0 bits/symbol if it stops

because successful decoding has not occurred after M transmissions. By applying the renewal-reward

theorem [1], [23], we obtain the secrecy throughput as

η(R0,Rs) =E[R]

E[M]=MRs

E[M](1 − Pe),

(24)

where E[M] is the expected number of transmissions in order to complete a codeword transmission, i.e.,

M

?

M

?

E[M] =

m=1

mp[M = m]

= 1 +

m=1

Pr{IXY(m) < R0}.

(25)

Page 15

15

We can properly choose the mother code parameters (R0and Rs) to obtain the maximum throughput

while satisfying ξs-secrecy requirement. Hence, we consider the following problem

max

R0,Rs

η(R0,Rs)

(26)

s.t.

Ps≤ ξs.

The optimization problem (26) imposes a probabilistic service requirement in terms of confidentiality;

that is, the service quality is acceptable as long as the probability of the secrecy outage is less than

ξs, a parameter indicating the outage tolerance of the application. Note that Psis a decreasing function

of Rs, and η is linearly proportional to Rs. Hence, we can solve the optimization problem (26) in the

following two steps: first, for given M, R0, and ξs, we find the maximum value R∗

s(R0); next, we obtain

the optimum R∗

0, which maximizes the secrecy throughput η(R0,R∗

On the other hand, reliability is another important quality of service parameter. To achieve both the

s(R0)).

connection outage target ξeand the secrecy outage target ξs, we consider the following problem

max

R0,Rs

η(R0,Rs)

(27)

s.t.

Ps≤ ξs, Pe≤ ξe.

In addition to the service requirement of confidentiality, problem (27) also imposes a probabilistic service

requirement on the connection outage, i.e., at least a fraction 1−ξsof HARQ sessions are successful. The

connection outage constraint ensures that, at the expense of possibly lower average throughput, the delay

constraint (that a packet can be delivered within M transmissions) is satisfied 1 − ξsof the time, hence

enabling applications which trade average rate for decoding delay like voice communication systems,

e.g., CDMA2000 [24]. A similar constraint has been considered in [25] in terms of service outage for

parallel fading channels.

To evaluate p[m], Peand Ps, we need the cumulative distribution functions (CDFs) of IXY(m) and

IXZ(m). For the RTD protocol, we can use the fact that?m

express the CDFs of I[RTD]

XY

XZ

(m) in terms of incomplete gamma functions. In the case of the

INR protocol, the distributions of I[INR]

i=1λiand?m

i=1νiare gamma distributed to

(m) and I[RTD]

XY(m) and I[INR]

XZ(m) cannot be written in a closed form. Hence, we

resort to Monte-Carlo simulation in order to obtain empirical CDFs. Note that Monte Carlo simulation is

needed only to estimate empirical CDFs, while (R∗

0,R∗

s) is found numerically by a (non-random) search.

#### View other sources

#### Hide other sources

- Available from Predrag Spasojevic · May 22, 2014
- Available from ArXiv