Timely Updating on Ber/Geo/1/2 Queue Modeled Status Updating System with Eavesdropper

Abstract

We consider that the source sends packets to the receiver through a Ber/Geo/1/2 queue modeled status updating system, where the transmitted packets are subject to potential eavesdropping. Time is discretized into identical time slots. This paper studies the tradeoffs between the information freshness and transmission security of a system, where freshness is characterized by the age of information (AoI) metric and transmission security is represented by the proportion of obtained insecure packets over a long period of time. We assume that in a time slot, the source generates a new packet with probability p, and a packet arrives at the receiver with probability ${\gamma }_d$. With probability ${\gamma }_E$, a transmitted packet is eavesdropped. At the receiver, AoI is defined as the elapsed time since the generation instant of the latest obtained packet. A packet is defined to be insecure if it is obtained by the eavesdropper earlier than the receiver. To control the proportion of insecure packets obtained in the receiver, we propose using the probabilistic deletion/retaining scheme. More specifically, when a packet is eavesdropped before arriving at the receiver, this packet is deleted with probability $\delta$ or retained with probability $1-\delta$. Under this transmission policy, we derive the system’s average AoI which we call the average $\delta -$secure AoI, and investigate its relations with the insecure packet proportion, which is denoted as $\eta \left(\delta \right)$. The obtained formulas are then calculated in three special cases, including ${\gamma }_E=0$, ${\gamma }_E=1$, and $\delta =1$. We explain that these cases correspond to the average AoI of a basic status updating system with Ber/Geo/1/2 queue, packet with random geometric deadline in service process, and average age of secure information (AoSI), respectively. Numerical simulations of obtained results are provided. In particular, the tradeoffs between average $\delta -$secure AoI and $\eta \left(\delta \right)$ are analyzed in detail. We demonstrate that depending on the value of the eavesdropping probability ${\gamma }_E$, average $\delta -$secure AoI varies in different trends with $\eta \left(\delta \right)$, and in most cases the average $\delta -$secure AoI and $\eta \left(\delta \right)$ can be minimized simultaneously.

1. Introduction

Due to the rapid development of wireless communication networks, in recent years IoT technology has given rise to a large number of emerging applications. Among them, real-time data transmission plays an important role. One typical application is autonomous vehicles. In order to achieve intelligent and safe autonomous driving, different kinds of sensors installed on vehicles need to provide real-time feedback about the surrounding road conditions to the vehicle’s control center so that the speed, steering, and other driving states can be updated in a timely manner. In papers [1,2], Kaul and Yates et al. proposed using age of information (AoI) to measure the freshness of packets when they arrive at the receiver. Then, the freshness of the obtained packets represents the transmission timeliness performance of the system. Since then, as a metric characterizing packet freshness, AoI has been analyzed theoretically and been widely used in system design or scheduling problems.

Based on queuing theory, Yates et al. proposed a status updating system as a real-time communication model. They defined the age of information as the random process of current time minus $u\left(t\right)$, where $u\left(t\right)$ is the instant that the latest obtained packet was generated. The average AoI of the system with basic queue was obtained in [1,2,3,4,5]. In particular, in work [5], the authors proved that a small-capacity system has a lower average AoI and preempting/replacingold packet helps to reduce the average AoI of the system. On the M/M/1/2 queue modeled system, in paper [6] Kam et al. demonstrated that by controlling the packet waiting time in the buffer, imposing an appropriate packet deadline can achieve a lower average AoI. Inoue proved the same conclusion for an infinite capacity system in work [7]. In another paper [8], by deriving a general formula which links the stationary distributions of AoI, peak AoI, and service time, Inoue determined most results about AoI on single-source single-server systems. Assuming that there are multiple sources, the AoI of every source was analyzed for example in works [9,10,11,12], while a system with multiple servers was investigated in papers [13,14,15]. Notice that analyzing AoI for a multiple-server system is more complex because sometimes the receiver may obtain one packet that is even older than that which the receiver currently has. In these cases, AoI will not be updated. In addition, AoI has often been used as timeliness measure, sometimes even as an optimization objective in designing optimal resource scheduling problems, such as in [16,17,18,19,20,21,22]. In recent years, many results have been obtained in deriving the average AoI and the stationary distribution of AoI for discrete time status updating systems. In [23,24,25,26], the authors determined the average AoI of system with several simple queuing models, such as FCFS Ber/G/1/1, Ber/G/1/∞, and a system with multiple sources. In previous works [27,28,29], the authors derived the average value and stationary distribution of discrete time AoI for Ber/Geo/1/1, Ber/Geo/1/2, and Ber/Geo/1/∞ queue modeled systems. In addition, the discrete age of information for systems with multiple prioritized sources was discussed in paper [30].

When transmitting packets via electromagnetic waves in open spaces, an illegal eavesdropper may eavesdrop on the transmitted packets through a wiretap channel. Recently, it was found that within the framework of AoI theory, constructing some new security measures based on real-time transmission performance, then studying the tradeoffs between transmission timeliness and transmission security of the system has become a noticeable research topic. Unlike the usual secure transmission research such as in works [31,32,33,34], in real-time communication scenario with eavesdroppers, one packet is defined to be insecure if it is obtained by the eavesdropper before arriving at the receiver.

In papers [35,36], using the short-packet permutation-based policy, Yang considered transmitting packets securely and in a timely manner, where an eavesdropper is present to probe their communication link. They proposed a new security measure called secrecy margin, which was defined as the area of random region enclosed by the AoI sample path from $t_B$ to $t_E$, where $t_B$ is the instance that the receiver obtains a packet, and $t_E$ denotes the instance that the same packet is eavesdropped. By maximizing the average secrecy margin, they determined the optimal structure of short packets. Later, the same real-time and secure communication scenario was studied by Wang and Chen et al. in work [37]. To characterize transmission security, they constructed another two AoI-based security measurements by drawing inspiration from the concept of Wyner’s secrecy capacity [38]. They defined secrecy age to be average instantaneous gap between the eavesdropper’s and receiver’s AoI, and the secrecy age outage probability denoted the probability that this gap does not exceed some threshold. Under random and threshold-based packet generation policies, the optimal generation probability/packet transmission strategy was obtained by maximizing the joint measure, i.e., average secrecy age divided by average secrecy age outage probability. Age of secure information (AoSI) was defined and investigated in [39,40]. Just as its name implies, AoSI characterizes the evolution of the real-time age of the latest and secure packet in the receiver, and average AoSI equals average AoI calculated over those secure packets. In [39], the authors analyzed AoSI using finite block-length information theory, while [40] considered the situation where the eavesdropper is an energy harvesting node. The optimal transmission strategy that minimizes average AoSI was obtained by the certain optimization method. In work [41], considering the scenarios where packets are transmitted through infinite capacity systems, we defined the freshness advantage F to be the security measurement. Then, the relations and tradeoffs between transmission timeliness and transmission security were investigated. We proved that the average AoI of legitimate receivers and the freshness advantage cannot be minimized simultaneously. Therefore, there exist certain tradeoffs between reducing the average AoI and maintaining a sufficiently large freshness advantage F.

Assuming that there is an eavesdropper, this paper considers transmitting packets over Ber/Geo/1/2 queue modeled status updating systems, and analyzes the relations between packet freshness and transmission security, where freshness is characterized using average AoI while security performance is measured by the proportion of obtained insecure packets. The motivation of considering systems with Ber/Geo/1/2 queue are explained as follows. Firstly, notice that the system with capacity 1 buffer is the simplest buffer-equipped transmission system, and this model simplifies the analysis and calculations for both average AoI and insecure packet proportion. In addition, although the numerical simulations in work [5,6] demonstrated that the average AoI of the M/M/1/2 queue modeled system almost has no advantage over that of the system with the M/M/1/1 queue, reserving some arriving packets waiting for transmission not only improves utilization of the source node’s energy but the packets themselves may convey some useful information, such as synchronization signals and the estimation state of wireless channels.

In order to control the number of insecure packets arriving at the receiver, we adopt a probabilistic deletion/retaining transmission scheme. Specifically speaking, in each time slot, an insecure packet is deleted with probability $\delta$, and with probability $1-\delta$ this packet is retained and transmission continues. Here, we explain that deleting one insecure packet may be very effective. In real-time communication scenarios, in order to reduce the average AoI, usually each packet has a few bytes such that transmitting one packet takes a short time. Consequently, it is necessary not for an eavesdropper to have a strong eavesdropping ability for a long time but for the eavesdropper to have a strong eavesdropping ability for a short period of time. Then, with large probability one packet can be eavesdropped. Considering that each packet contains only a small amount of data, we believe that in real-time applications, such as autonomous vehicles, deleting an insecure packet directly is more appropriate than using some secure transmission policies, for example, encrypting the transmitted packets.

Based on system models and transmission policy, we derive the average AoI of the system, which we call average $\delta -$secure AoI, ${\overline{\Delta }}_{\delta }$. In addition, as the function of deletion probability $\delta$, the proportion of insecure packets obtained in the receiver, $\eta \left(\delta \right)$, is also determined. Combining ${\overline{\Delta }}_{\delta }$ and $\eta \left(\delta \right)$, the relationships between transmission timeliness and transmission security can be analyzed. Provided ${\overline{\Delta }}_{\delta }$ and $\eta \left(\delta \right)$, actually we establish the following achievability relationships: we can achieve average AoI ${\overline{\Delta }}_{\delta }$ under the restriction that the proportion of the obtained insecure packet is at most $\eta \left(\delta \right)$.

In this paper, we use insecure packet proportion $\eta \left(\delta \right)$ to be the transmission security measurement. Here, we propose one situation where the insecure packets proportion can be linked to the amount of information leaked to the eavesdropper. Consider that the packets are encoded to be identical-length codewords, for example, by maximum distance separable (MDS) codes. Assuming that each codeword is composed of L symbols, and decoding a codeword requires at least $K<L$ symbols, in the legitimate receiver, as long as $\eta \left(\delta \right)$ is controlled below $K/L$, with large probability the eavesdropper cannot restore the original packet, and thus obtains no information. By introducing encoding and decoding procedures, one can establish the relationships between $\eta \left(\delta \right)$ and average leaked information. In practical applications such as autonomous driving, encoding packets are usually necessary, which facilitates the unified processing of packets in the entire system. Under the redundancy protection mechanism brought by encoding strategies, allowing some packets to be insecure rather than waiting for enough secure packets can advance the decoding time at the receiver, thereby accelerating the response speed of autonomous cars. Using packet encoding and decoding provides helpful inspiration for the design of real-time systems like autonomous vehicles and some others.

The main contributions of this paper are summarized as follows.

• Under probabilistic deletion/retaining transmission policy, we derive the formula of average $\delta -$secure AoI and the insecure packet proportion $\eta \left(\delta \right)$. To verify the correctness of the average AoI formula, we prove that in cases of ${\gamma }_E=0$, average $\delta -$secure AoI reduces to ${\overline{\Delta }}_{Ber/Geo/1/2}$, i.e., the average AoI of system with basic Ber/Geo/1/2 queues.
• We further consider two special cases. In the first one, ${\gamma }_E=1$, and in the second case, $\delta =1$. We determine the average AoI for both cases and explain that when ${\gamma }_E=1$, the considered problem degenerates to analyzing AoI for the system with a random service time deadline, while by setting $\delta =1$, the average $\delta -$secure AoI is actually equal to the average AoSI of the system.
• The relationships between ${\overline{\Delta }}_{\delta }$ and $\eta \left(\delta \right)$ are investigated through numerical simulations. We demonstrate that depending on the value of ${\gamma }_E$, the average $\delta -$secure AoI ${\overline{\Delta }}_{\delta }$ varies in different trends with $\eta \left(\delta \right)$. In most cases, especially when ${\gamma }_d>{\gamma }_E$, it is shown that ${\overline{\Delta }}_{\delta }$ and $\eta \left(\delta \right)$ can be minimized simultaneously by setting $\delta =1$.
• For a system with random service time deadline, numerical simulations show that in most cases, imposing such a deadline cannot reduce the average AoI. This result actually negates the effectiveness of imposing a service time deadline in improving transmission timeliness, at least in Ber/Geo/1/2 queue modeled systems.
• In the Discussion and Conclusion section, we provide brief comments discussing the rationality of different security measures proposed in real-time communication scenarios.

The rest of the paper is organized as follows. We introduce the system model, the parameters, and transmission policy in Section 2. By constructing a four-dimensional state vector and calculating the probability generation function of AoI, we derive the formula of average $\delta -$secure AoI in Section 3. It is verified that when ${\gamma }_E=0$, average $\delta -$secure AoI degenerates to ${\overline{\Delta }}_{Ber/Geo/1/2}$, which checks the correctness of the obtained formula. In Section 4, two other special cases are analyzed, where we let ${\gamma }_E=1$ in the first one and $\delta =1$ in the second one. The average AoI for both cases are determined. In Section 5, we provide numerical simulation for the results obtained in Section 3 and Section 4. The relationships between ${\overline{\Delta }}_{\delta }$ and $\eta \left(\delta \right)$ are investigated by analyzing numerical examples. In particular, we show that when changing the value of ${\gamma }_E$, ${\overline{\Delta }}_{\delta }$ varies in different trends with $\eta \left(\delta \right)$. Finally, in Section 6, we conclude the paper, make brief comments on the security measures, and discuss some possible further works.

2. System Model and Problem Formulation

We describe the considered status updating system depicted in Figure 1.

At each time slot, the source s generates a new packet with probability p. Following the First Come-First Served (FCFS) rule, these packets are delivered to the receiver d through the transmitter. The newly arrived packets that are unable to be served are temporarily stored in the capacity 1 buffer. When there are packets in both the server and the buffer, other arriving new packets are blocked and discarded. At the receiver, the age of information (AoI) is defined as the difference between the current time and the generation instant of the latest obtained packet. The value of AoI increases by 1 after each time slot if no newer packet is obtained. Every time a fresher packet, with a smaller age, arrives at d, this packet replaces the old one, and the value of the AoI is reduced to its instantaneous age. Long-term average AoI or other AoI-related quantities have been used widely to measure the freshness of obtained packets and demonstrate the system’s timeliness of transmitting status updates. Obviously, a lower average AoI means the system has better real-time transmission performance.

During packet transmissions from the source to the receiver, it is assumed that an eavesdropper attempts to probe the communication link between s and d and steal the information contained in the packets. Due to signal fadings and the unreliability of wireless channels, in the considered model, we assume that a transmitted packet is obtained at the legitimate receiver with probability ${\gamma }_d$, and the successful eavesdropping probability is equal to ${\gamma }_E$. Equivalently, both transmission links are modeled as i.i.d. erasure channels. In general situations, we have ${\gamma }_d>{\gamma }_E$. That is, for each packet the probability of successfully transmitting to a legitimate receiver is higher than that of being eavesdropped. If a transmitted packet is eavesdropped before arriving at d, we define it as an insecure packet. Once a packet becomes insecure due to eavesdropping, we assume that a help ACK signal is sent back to the transmitter. Therefore, the transmitter knows whether the current packet is secure or not at all times.

The goal of this paper is deriving achievable average AoI under the condition that the proportion of insecure packets that the receiver obtains is controlled. To do this, we apply the random deletion/retaining transmission scheme. More specifically, we consider that at the beginning of each time slot, with probability $\delta$, the transmitter discards an insecure packet and starts sending the next new and secure one, if there is such a packet, in the buffer. Otherwise, with probability $1-\delta$, the transmitter will still send the insecure packet in this time slot. If this packet is not obtained by the receiver, this probabilistic deletion/retaining scheme is performed again at the beginning of the next time slot until this insecure packet arrives at d, or is deleted by the transmitter. Based on the proposed system assumptions and the above transmission scheme, in this paper we derive the average AoI of the system, which we call the average $\delta -$secure AoI. Provided average $\delta -$secure AoI and insecure packet proportion, the relationships between packet freshness and transmission security are investigated in depth.

3. Analysis of Age of $\mathbf{\delta }-$Secure Information for Ber/Geo/1/2 Queue Modeled Status Updating System

As a whole, we define four-dimensional state vectors $(n,m,l,0)$ and $(n,m,l,1)$ to represent the AoI, age of packet under the service, and age of packet in the buffer. The last component 0 indicates that the currently served packet is secure, while 1 denotes that the packet in the server is insecure. Here, there is nothing special about 0 and 1; they can be replaced by any two distinguishable notations. In the following, we show that the random transfers of $(n,m,l,0)$ and $(n,m,l,1)$ can be described clearly, and average $\delta -$secure AoI is obtained by analyzing the steady state of the four-dimensional random process constructed by $(n,m,l,0)$ and $(n,m,l,1)$.

In a time slot, we define binary random variables A, $B_d$, $B_E$, and F to represent if the source generates a new packet, if the transmitted packet arrives at the receiver and the eavesdropper, and whether the transmitter deletes the insecure packet. According to different values of these variables, we list all of the state vector transfers in

Table 1. State vector transfers of $(n,m,l,0)$ and $(n,m,l,1)$.

Initial State Vector	Considered Random Variables	State Vector at Next Time Slot
$$\begin{gathered} (n,m,l,0) \\ n>m>l\ge 1 \end{gathered}$$	$(B_d=0,B_E=0)$	$(n+1,m+1,l+1,0)$
	$(B_d=0,B_E=1)$	$F=0$: $(n+1,m+1,l+1,1)$
		$F=1$: $(n+1,l+1,0,0)$
	$(B_d=1,B_E=0)$	$(m+1,l+1,0,0)$
	$(B_d=1,B_E=1)$	$F=0$: $(m+1,l+1,0,0)$
		$F=1$: $(n+1,l+1,0,0)$
$$\begin{gathered} (n,m,l,1) \\ n>m>l\ge 1 \end{gathered}$$	$F=0$	$B_d=0$: $(n+1,m+1,l+1,1)$
		$B_d=1$: $(m+1,l+1,0,0)$
	$F=1$	$(n+1,l+1,0,0)$
$$\begin{gathered} (n,m,0,0) \\ n>m\ge 1 \end{gathered}$$	$(A=0,B_d=0,B_E=0)$	$(n+1,m+1,0,0)$
	$(A=0,B_d=0,B_E=1)$	$F=0$: $(n+1,m+1,0,1)$
		$F=1$: $(n+1,0,0,0)$
	$(A=0,B_d=1,B_E=0)$	$(m+1,0,0,0)$
	$(A=0,B_d=1,B_E=1)$	$F=0$: $(m+1,0,0,0)$
		$F=1$: $(n+1,0,0,0)$
	$(A=1,B_d=0,B_E=0)$	$(n+1,m+1,1,0)$
	$(A=1,B_d=0,B_E=1)$	$F=0$: $(n+1,m+1,1,1)$
		$F=1$: $(n+1,1,0,0)$
	$(A=1,B_d=1,B_E=0)$	$(m+1,1,0,0)$
	$(A=1,B_d=1,B_E=1)$	$F=0$: $(m+1,1,0,0)$
		$F=1$: $(n+1,1,0,0)$
$$\begin{gathered} (n,m,0,1) \\ n>m\ge 1 \end{gathered}$$	$(A=0,F=0)$	$B_d=0$: $(n+1,m+1,0,1)$
		$B_d=1$: $(m+1,0,0,0)$
	$(A=0,F=1)$	$(n+1,0,0,0)$
	$(A=1,F=0)$	$B_d=0$: $(n+1,m+1,1,1)$
		$B_d=1$: $(m+1,1,0,0)$
	$(A=1,F=1)$	$(n+1,1,0,0)$
$$\begin{gathered} (n,0,0,0) \\ n\ge 1 \end{gathered}$$	$A=0$	$(n+1,0,0,0)$
	$(A=1,B_d=0,B_E=0)$	$(n+1,1,0,0)$
	$(A=1,B_d=0,B_E=1)$	$F=0$: $(n+1,1,0,1)$
		$F=1$: $(n+1,0,0,0)$
	$(A=1,B_d=1,B_E=0)$	$(1,0,0,0)$
	$(A=1,B_d=1,B_E=1)$	$F=0$: $(1,0,0,0)$
		$F=1$: $(n+1,0,0,0)$

. State vectors $(n,m,0,0)$, $(n,m,0,1)$ denote that the buffer is empty, and the packet under service is secure if the last component is 0, or is insecure when the last component is 1. The last case $(n,0,0,0)$ means that both the server and the buffer are empty. Since there is no packet in the server, in these cases, the last component 0 does not indicate a secure packet.

Brief explanations are given for state vector transfers in Table 1. For initial state vector $(n,m,l,0)$, a secure packet of age m is under the service. The realizations of $B_d$ and $B_E$ represent the packet being transmitted to d and E. For the case of $B_d=0,B_E=0$, it means that at (the right endpoint of) this time slot, neither the receiver nor the eavesdropper obtains the packet, and thus the state vector changes to $(n+1,m+1,l+1,0)$. If $B_d=0,B_E=1$, that is, the eavesdropper obtains the packet but the receiver does not, in this case, the transmitted packet becomes insecure and the random deletion/retaining scheme is performed. The insecure packet is deleted with probability $\delta$, which is denoted by $F=1$, resulting in the state vector transferring to $(n+1,l+1,0,0)$. Since the new packet of age $l+1$ is secure, the last component is reset to 0. On the contrary, with probability $1-\delta$, i.e., when $F=0$, the insecure packet is retained, and it sees that the initial state vector $(n,m,l,0)$ changes to $(n+1,m+1,l+1,1)$. According to similar discussions, it is easy to determine the state vector transfers under the conditions $B_d=1,B_E=0$ and $B_d=1,B_E=1$, and that from other initial states. It is worth noticing that for $(n,m,l,1)$ and $(n,m,0,1)$, the packet under the service is insecure because it has been obtained by an eavesdropper. Therefore, when describing state vector transfers, we only need to consider the realizations of A, $B_d$, and F.

Assuming that the constructed random process reaches the steady state, according to the probability balance conditions, we determine the stationary equations as follows:

$$\left\{\begin{array}{c}{\pi }_{(n,m,l,0)}={\pi }_{(n-1,m-1,l-1,0)}(1-{\gamma }_d)(1-{\gamma }_E)(n>m>l\ge 2)\hfill \\ {\pi }_{(n,m,1,0)}={\pi }_{(n-1,m-1,0,0)}p(1-{\gamma }_d)(1-{\gamma }_E)(n>m\ge 2)\hfill \\ {\pi }_{(n,m,l,1)}={\pi }_{(n-1,m-1,l-1,0)}(1-{\gamma }_d){\gamma }_E(1-\delta )+{\pi }_{(n-1,m-1,l-1,1)}(1-{\gamma }_d)(1-\delta )(n>m>l\ge 2)\hfill \\ {\pi }_{(n,m,1,1)}={\pi }_{(n-1,m-1,0,0)}p(1-{\gamma }_d){\gamma }_E(1-\delta )+{\pi }_{(n-1,m-1,0,1)}p(1-{\gamma }_d)(1-\delta )(n>m\ge 2)\hfill \\ {\pi }_{(n,m,0,0)}={\pi }_{(n-1,m-1,0,0)}(1-p)(1-{\gamma }_d)(1-{\gamma }_E)+{\sum }_{k=n}^{\infty }{\pi }_{(k,n-1,m-1,0)}{\gamma }_d(1-{\gamma }_E\delta )+{\sum }_{j=m}^{n-2}{\pi }_{(n-1,j,m-1,0)}{\gamma }_E\delta \hfill \\ +{\sum }_{k=n}^{\infty }{\pi }_{(k,n-1,m-1,1)}{\gamma }_d(1-\delta )+{\sum }_{j=m}^{n-2}{\pi }_{(n-1,j,m-1,1)}\delta (n>m\ge 2,n-m\ge 2)\hfill \\ {\pi }_{(m+1,m,0,0)}={\pi }_{(m,m-1,0,0)}(1-p)(1-{\gamma }_d)(1-{\gamma }_E)+{\sum }_{k=m+1}^{\infty }{\pi }_{(k,m,m-1,0)}{\gamma }_d(1-{\gamma }_E\delta )\hfill \\ +{\sum }_{k=m+1}^{\infty }{\pi }_{(k,m,m-1,1)}{\gamma }_d(1-\delta )(m\ge 2)\hfill \\ {\pi }_{(n,1,0,0)}={\pi }_{(n-1,0,0,0)}p(1-{\gamma }_d)(1-{\gamma }_E)+{\sum }_{k=n}^{\infty }{\pi }_{(k,n-1,0,0)}p{\gamma }_d(1-{\gamma }_E\delta )+{\sum }_{j=1}^{n-2}{\pi }_{(n-1,j,0,0)}p{\gamma }_E\delta \hfill \\ +{\sum }_{k=n}^{\infty }{\pi }_{(k,n-1,0,1)}p{\gamma }_d(1-\delta )+{\sum }_{j=1}^{n-2}{\pi }_{(n-1,j,0,1)}p\delta (n\ge 3)\hfill \\ {\pi }_{(2,1,0,0)}={\pi }_{(1,0,0,0)}p(1-{\gamma }_d)(1-{\gamma }_E)+{\sum }_{k=2}^{\infty }{\pi }_{(k,1,0,0)}p{\gamma }_d(1-{\gamma }_E\delta )+{\sum }_{k=2}^{\infty }{\pi }_{(k,1,0,1)}p{\gamma }_d(1-\delta )\hfill \\ {\pi }_{(n,m,0,1)}={\pi }_{(n-1,m-1,0,0)}(1-p)(1-{\gamma }_d){\gamma }_E(1-\delta )+{\pi }_{(n-1,m-1,0,1)}(1-p)(1-{\gamma }_d)(1-\delta )(n>m\ge 2)\hfill \\ {\pi }_{(n,1,0,1)}={\pi }_{(n-1,0,0,0)}p(1-{\gamma }_d){\gamma }_E(1-\delta )(n\ge 2)\hfill \\ {\pi }_{(n,0,0,0)}={\pi }_{(n-1,0,0,0)}[(1-p)+p{\gamma }_E\delta ]+{\sum }_{k=n}^{\infty }{\pi }_{(k,n-1,0,0)}(1-p){\gamma }_d(1-{\gamma }_E\delta )+{\sum }_{j=1}^{n-2}{\pi }_{(n-1,j,0,0)}(1-p){\gamma }_E\delta \hfill \\ +{\sum }_{k=n}^{\infty }{\pi }_{(k,n-1,0,1)}(1-p){\gamma }_d(1-\delta )+{\sum }_{j=1}^{n-2}{\pi }_{(n-1,j,0,1)}(1-p)\delta (n\ge 3)\hfill \\ {\pi }_{(2,0,0,0)}={\pi }_{(1,0,0,0)}[(1-p)+p{\gamma }_E\delta ]+{\sum }_{k=2}^{\infty }{\pi }_{(k,1,0,0)}(1-p){\gamma }_d(1-{\gamma }_E\delta )+{\sum }_{k=2}^{\infty }{\pi }_{(k,1,0,1)}(1-p){\gamma }_d(1-\delta )\hfill \\ {\pi }_{(1,0,0,0)}={\sum }_{k=1}^{\infty }{\pi }_{(k,0,0,0)}p{\gamma }_d(1-{\gamma }_E\delta )\hfill \end{array}\right.$$

(1)

Each equation in (1) shows how the state vector on the left can be transferred to from the state vectors on the right under their corresponding conditions.

We denote ${\Delta }_{\delta }$ as the stationary AoI of the system when a probabilistic deletion/retaining scheme is applied. From the expectation formula, the average $\delta -$secure AoI is calculated as

$${\overline{\Delta }}_{\delta }={\sum }_{n=1}^{\infty }n·Pr\{{\Delta }_{\delta }=n\}$$

(2)

where in general cases

$$Pr\{{\Delta }_{\delta }=n\}={\pi }_{(n,0,0,0)}+{\sum }_{i=0}^1{\sum }_{m=1}^{n-1}{\pi }_{(n,m,0,i)}+{\sum }_{i=0}^1{\sum }_{l=1}^{n-2}{\sum }_{m=l+1}^{n-1}{\pi }_{(n,m,l,i)}$$

(3)

since the AoI is represented by the first component of the four-dimensional state vector.

Define the probability generation function $H_{\delta }\left(z\right)$ as

$$\begin{array}{cc}\hfill H_{\delta }\left(z\right)& ={\sum }_{n=1}^{\infty }{z}^{n}Pr\{{\Delta }_{\delta }=n\}\hfill \\ \hfill & ={\sum }_{n=1}^{\infty }{z}^n{\pi }_{(n,0,0,0)}+{\sum }_{i=0}^1{\sum }_{m=1}^{\infty }{\sum }_{n=m+1}^{\infty }{z}^n{\pi }_{(n,m,0,i)}\hfill \end{array}$$

(4)

$$\begin{array}{cc}\hfill & +{\sum }_{i=0}^1{\sum }_{l=1}^{\infty }{\sum }_{m=l+1}^{\infty }{\sum }_{n=m+1}^{\infty }{z}^n{\pi }_{(n,m,l,i)}\hfill \end{array}$$

(5)

Equation (5) is obtained by substituting (3). It sees from (4) that

$${\overline{\Delta }}_{\delta }={\left.{\displaystyle \frac{\mathrm{d}{H}_{\delta }\left(z\right)}{\mathrm{d}z}}\right|}_{z=1}$$

(6)

In the following paragraphs, we obtain the average $\delta -$secure AoI by deriving $H_{\delta }\left(z\right)$ and calculating its derivative at $z=1$.

To obtain $H_{\delta }\left(z\right)$, we denote that

$$\begin{array}{c}{h}_1\left(z\right)={\sum }_{n=1}^{\infty }{z}^n{\pi }_{(n,0,0,0)}\end{array}$$

(7)

$$\begin{array}{c}{h}_2\left(z\right)={\sum }_{m=1}^{\infty }{\sum }_{n=m+1}^{\infty }{z}^n{\pi }_{(n,m,0,0)},h_4\left(z\right)={\sum }_{l=1}^{\infty }{\sum }_{m=l+1}^{\infty }{\sum }_{n=m+1}^{\infty }{z}^n{\pi }_{(n,m,l,0)}\end{array}$$

(8)

$$\begin{array}{c}{h}_3\left(z\right)={\sum }_{m=1}^{\infty }{\sum }_{n=m+1}^{\infty }{z}^n{\pi }_{(n,m,0,1)},h_5\left(z\right)={\sum }_{l=1}^{\infty }{\sum }_{m=l+1}^{\infty }{\sum }_{n=m+1}^{\infty }{z}^n{\pi }_{(n,m,l,1)}\end{array}$$

(9)

Lemma 1. 

The functions defined in (7)–(9) satisfy the relationships that

$$\begin{array}{c}{h}_3\left(z\right)={\displaystyle \frac{p(1-{\gamma }_d){\gamma }_E(1-\delta )z}{1-(1-p)(1-{\gamma }_d)(1-\delta )z}}{h}_1\left(z\right)+{\displaystyle \frac{(1-p)(1-{\gamma }_d){\gamma }_E(1-\delta )z}{1-(1-p)(1-{\gamma }_d)(1-\delta )z}}{h}_2\left(z\right)\end{array}$$

(10)

$$\begin{array}{c}{h}_4\left(z\right)={\displaystyle \frac{p(1-{\gamma }_d)(1-{\gamma }_E)z}{1-(1-{\gamma }_d)(1-{\gamma }_E)z}}{h}_2\left(z\right)\end{array}$$

(11)

$$\begin{array}{c}{h}_5\left(z\right)={\displaystyle \frac{p(1-{\gamma }_d){\gamma }_E(1-\delta )z{h}_2\left(z\right)}{[1-(1-{\gamma }_d)(1-{\gamma }_E)z][1-(1-{\gamma }_d)(1-\delta )z]}}+{\displaystyle \frac{p(1-{\gamma }_d)(1-\delta )z{h}_3\left(z\right)}{1-(1-{\gamma }_d)(1-\delta )z}}\end{array}$$

(12)

We prove Lemma 1 in Appendix A. Using Equations (10)–(12), it shows that

$$\begin{array}{cc}\hfill H_{\delta }\left(z\right)& =h_1\left(z\right)+h_2\left(z\right)+h_3\left(z\right)+h_4\left(z\right)+h_5\left(z\right)=h_1\left(z\right)+h_2\left(z\right)+h_3\left(z\right)+{\displaystyle \frac{p(1-{\gamma }_d)(1-{\gamma }_E)z}{1-(1-{\gamma }_d)(1-{\gamma }_E)z}}{h}_2\left(z\right)\hfill \\ \hfill & +{\displaystyle \frac{p(1-{\gamma }_d){\gamma }_E(1-\delta )z}{[1-(1-{\gamma }_d)(1-{\gamma }_E)z][1-(1-{\gamma }_d)(1-\delta )z]}}{h}_2\left(z\right)+{\displaystyle \frac{p(1-{\gamma }_d)(1-\delta )z}{1-(1-{\gamma }_d)(1-\delta )z}}{h}_3\left(z\right)\hfill \\ \hfill & =h_1\left(z\right)+h_2\left(z\right)\left({\displaystyle \frac{1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)z}{1-(1-{\gamma }_d)(1-{\gamma }_E)z}}+{\displaystyle \frac{p(1-{\gamma }_d){\gamma }_E(1-\delta )z}{[1-(1-{\gamma }_d)(1-{\gamma }_E)z][1-(1-{\gamma }_d)(1-\delta )z]}}\right)\hfill \\ \hfill & +{\displaystyle \frac{1-(1-p)(1-{\gamma }_d)(1-\delta )z}{1-(1-{\gamma }_d)(1-\delta )z}}\left({\displaystyle \frac{p(1-{\gamma }_d){\gamma }_E(1-\delta )z}{1-(1-p)(1-{\gamma }_d)(1-\delta )z}}{h}_1\left(z\right)+{\displaystyle \frac{(1-p)(1-{\gamma }_d){\gamma }_E(1-\delta )z}{1-(1-p)(1-{\gamma }_d)(1-\delta )z}}{h}_2\left(z\right)\right)\hfill \\ \hfill & =\left(1+{\displaystyle \frac{p(1-{\gamma }_d){\gamma }_E(1-\delta )z}{1-(1-{\gamma }_d)(1-\delta )z}}\right)h_1\left(z\right)+{\displaystyle \frac{[1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)z][1-(1-{\gamma }_d)(1-{\gamma }_E)(1-\delta )z]}{[1-(1-{\gamma }_d)(1-{\gamma }_E)z][1-(1-{\gamma }_d)(1-\delta )z]}}{h}_2\left(z\right)\hfill \end{array}$$

(13)

By calculating the derivative of (13) and letting $z=1$, the average $\delta -$secure AoI is determined to be

$$\begin{array}{cc}\hfill {\overline{\Delta }}_{\delta }& ={\displaystyle \frac{p(1-{\gamma }_d){\gamma }_E(1-\delta )}{{[1-(1-{\gamma }_d)(1-\delta )]}^2}}{M}_1+\left(1+{\displaystyle \frac{p(1-{\gamma }_d){\gamma }_E(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}\right)\left[{\left.{\displaystyle \frac{\mathrm{d}{h}_1\left(z\right)}{\mathrm{d}z}}\right|}_{z=1}\right]\hfill \\ \hfill & +\left({\displaystyle \frac{p(1-{\gamma }_d)(1-{\gamma }_E)[1-(1-{\gamma }_d)(1-{\gamma }_E)(1-\delta )]}{{[1-(1-{\gamma }_d)(1-{\gamma }_E)]}^2[1-(1-{\gamma }_d)(1-\delta )]}}+{\displaystyle \frac{(1-{\gamma }_d){\gamma }_E(1-\delta )[1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)]}{[1-(1-{\gamma }_d)(1-{\gamma }_E)]{[1-(1-{\gamma }_d)(1-\delta )]}^2}}\right)M_2\hfill \\ \hfill & +{\displaystyle \frac{[1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)][1-(1-{\gamma }_d)(1-{\gamma }_E)(1-\delta )]}{[1-(1-{\gamma }_d)(1-{\gamma }_E)][1-(1-{\gamma }_d)(1-\delta )]}}\left[{\left.{\displaystyle \frac{\mathrm{d}{h}_2\left(z\right)}{\mathrm{d}z}}\right|}_{z=1}\right]\hfill \end{array}$$

(14)

in which we denote that $M_1=h_1\left(1\right)$, $M_2=h_2\left(1\right)$.

We determine $M_1$, $M_2$, $h_1^{\prime }\left(1\right)$, and $h_2^{\prime }\left(1\right)$ in the following Lemma 2.

Lemma 2. 

The derivatives of $h_1\left(z\right)$ and $h_2\left(z\right)$ at $z=1$ are determined by equations

$$\left\{\begin{array}{c}{a}_{11}{h}_1^{\prime }\left(1\right)+a_{12}{h}_2^{\prime }\left(1\right)=c_1{M}_1+c_2{M}_2+c_3\left[{\left.{\displaystyle \frac{\mathrm{d}{h}_2^{\left(m\right)}\left(z\right)}{\mathrm{d}z}}\right|}_{z=1}\right]\hfill \\ a_{21}{h}_1^{\prime }\left(1\right)+a_{22}{h}_2^{\prime }\left(1\right)=d_1{M}_1+d_2{M}_2+d_3\left[{\left.{\displaystyle \frac{\mathrm{d}{h}_2^{\left(m\right)}\left(z\right)}{\mathrm{d}z}}\right|}_{z=1}\right]\hfill \end{array}\right.$$

(15)

in which

$$\begin{array}{c}{a}_{11}=p\left(1-{\displaystyle \frac{{\gamma }_E\delta }{1-(1-p)(1-{\gamma }_d)(1-\delta )}}\right),a_{12}=-{\displaystyle \frac{(1-p){\gamma }_E\delta }{1-(1-p)(1-{\gamma }_d)(1-\delta )}}\end{array}$$

(16)

$$\begin{array}{c}{c}_1=(1-p)+p{\gamma }_d(1-{\gamma }_E)+{\displaystyle \frac{p{\gamma }_E[1-(1-{\gamma }_d)(1-\delta )]}{{[1-(1-p)(1-{\gamma }_d)(1-\delta )]}^2}}\end{array}$$

(17)

$$\begin{array}{c}{c}_2=(1-p){\gamma }_d(1-{\gamma }_E)+{\displaystyle \frac{(1-p){\gamma }_E[1-(1-{\gamma }_d)(1-\delta )]}{{[1-(1-p)(1-{\gamma }_d)(1-\delta )]}^2}}\end{array}$$

(18)

$$\begin{array}{c}{c}_3=(1-p){\gamma }_d(1-{\gamma }_E)+{\displaystyle \frac{(1-p){\gamma }_d{\gamma }_E(1-\delta )}{1-(1-p)(1-{\gamma }_d)(1-\delta )}}\end{array}$$

(19)

and for the second equation,

$$a_{21}=-p(1-{\gamma }_d)(1-{\gamma }_E)+p{\gamma }_E\delta \left({\displaystyle \frac{1}{1-(1-p)(1-{\gamma }_d)(1-\delta )}}-{\displaystyle \frac{1}{1-(1-{\gamma }_d)(1-\delta )}}\right)$$

(20)

$$\begin{array}{cc}\hfill a_{22}& =1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)\hfill \\ \hfill & -{\displaystyle \frac{p{\gamma }_E\delta }{1-(1-{\gamma }_d)(1-\delta )}}\left({\displaystyle \frac{1}{1-(1-{\gamma }_d)(1-{\gamma }_E)}}+{\displaystyle \frac{(1-p)(1-{\gamma }_d)(1-{\gamma }_E)}{1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)}}\right)\hfill \end{array}$$

(21)

$$d_1=p(1-{\gamma }_d)(1-{\gamma }_E)+p{\gamma }_E\left({\displaystyle \frac{1}{1-(1-{\gamma }_d)(1-\delta )}}-{\displaystyle \frac{1-(1-{\gamma }_d)(1-\delta )}{{[1-(1-p)(1-{\gamma }_d)(1-\delta )]}^2}}\right)$$

(22)

$$\begin{array}{cc}\hfill d_2& =(1-p)(1-{\gamma }_d)(1-{\gamma }_E)+{\displaystyle \frac{p[1-(1-p)(1-{\gamma }_d)(1-\delta )]}{[1-(1-{\gamma }_d)(1-{\gamma }_E)][1-(1-{\gamma }_d)(1-\delta )]}}\hfill \\ \hfill & +{\displaystyle \frac{p{\gamma }_E(1-p)(1-{\gamma }_d)(1-\delta )}{1-(1-p)(1-{\gamma }_d)(1-\delta )}}\left({\displaystyle \frac{1}{1-(1-{\gamma }_d)(1-\delta )}}+{\displaystyle \frac{1}{1-(1-p)(1-{\gamma }_d)(1-\delta )}}\right)\hfill \end{array}$$

(23)

$$d_3={\displaystyle \frac{p{\gamma }_d[1-{\gamma }_E\delta -(1-{\gamma }_d)(1-{\gamma }_E)(1-\delta )]}{[1-(1-{\gamma }_d)(1-{\gamma }_E)][1-(1-{\gamma }_d)(1-\delta )]}}+{\displaystyle \frac{p{\gamma }_d{\gamma }_E(1-p)(1-{\gamma }_d){(1-\delta )}^2}{[1-(1-{\gamma }_d)(1-\delta )][1-(1-p)(1-{\gamma }_d)(1-\delta )]}}$$

(24)

Define $h_2^{\left(m\right)}\left(z\right)={\sum }_{m=1}^{\infty }{\sum }_{n=m+1}^{\infty }{z}^m{\pi }_{(n,m,0,0)}$, it proves that ${\left.\mathrm{d}{h}_2^{\left(m\right)}\left(z\right)/\mathrm{d}z\right|}_{z=1}$ is determined by

$$\begin{array}{cc}\hfill {\left.{\displaystyle \frac{\mathrm{d}{h}_2^{\left(m\right)}\left(z\right)}{\mathrm{d}z}}\right|}_{z=1}& ={\displaystyle \frac{p(1-{\gamma }_d)(1-{\gamma }_E)+\frac{p^2(1-{\gamma }_d){\gamma }_E(1-\delta )}{[1-(1-{\gamma }_d)(1-\delta )][1-(1-p)(1-{\gamma }_d)(1-\delta )]}}{1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)}}{M}_1\hfill \\ \hfill & +{\displaystyle \frac{(1-p)(1-{\gamma }_d)(1-{\gamma }_E)+\frac{p[1-(1-{\gamma }_d)(1-{\gamma }_E)(1-\delta )]}{[1-(1-{\gamma }_d)(1-{\gamma }_E)][1-(1-{\gamma }_d)(1-\delta )]}+\frac{p(1-p)(1-{\gamma }_d){\gamma }_E(1-\delta )}{[1-(1-{\gamma }_d)(1-\delta )][1-(1-p)(1-{\gamma }_d)(1-\delta )]}}{1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)}}{M}_2\hfill \end{array}$$

(25)

Denote

$$R_{1,2}={\displaystyle \frac{p(1-{\gamma }_d)\left((1-{\gamma }_E)[1-(1-p)(1-{\gamma }_d)(1-\delta )]+p{\gamma }_E(1-\delta )\right)}{(1-p)\left([1-(1-{\gamma }_d)(1-{\gamma }_E)][1-(1-p)(1-{\gamma }_d)(1-\delta )]-p(1-{\gamma }_d){\gamma }_E(1-\delta )\right)}}$$

(26)

then $M_2=R_{1,2}{M}_1$, and finally $M_1$ is given as

$$M_1={\left(1+{\displaystyle \frac{p(1-{\gamma }_d){\gamma }_E(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}+{\displaystyle \frac{[1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)][1-(1-{\gamma }_d)(1-{\gamma }_E)(1-\delta )]}{[1-(1-{\gamma }_d)(1-{\gamma }_E)][1-(1-{\gamma }_d)(1-\delta )]}}{R}_{1,2}\right)}^{-1}$$

(27)

Derivations of results (15)–(27) are given in Appendix B. Combining Lemma 2 and Equation (14), we derive average $\delta -$secure AoI as follows.

Theorem 1. 

Assuming that the packets transmitted through a Ber/Geo/1/2 queue modeled status updating system are eavesdropped with probability ${\gamma }_E$ in each time slot, when applying the probabilistic deletion/retaining transmission scheme, the average $\delta -$secure AoI of the system is derived to be

$$\begin{array}{cc}\hfill {\overline{\Delta }}_{\delta }& ={\displaystyle \frac{p(1-{\gamma }_d){\gamma }_E(1-\delta )}{{[1-(1-{\gamma }_d)(1-\delta )]}^2}}{M}_1+{\displaystyle \frac{(e_1{a}_{22}-e_2{a}_{21}){\mathbf{c}}^{\mathrm{T}}\mathbf{f}-(e_1{a}_{12}-e_2{a}_{11}){\mathbf{d}}^{\mathrm{T}}\mathbf{f}}{a_{11}{a}_{22}-a_{12}{a}_{21}}}\hfill \\ \hfill & +\left({\displaystyle \frac{p(1-{\gamma }_d)(1-{\gamma }_E)[1-(1-{\gamma }_d)(1-{\gamma }_E)(1-\delta )]}{{[1-(1-{\gamma }_d)(1-{\gamma }_E)]}^2[1-(1-{\gamma }_d)(1-\delta )]}}+{\displaystyle \frac{(1-{\gamma }_d){\gamma }_E(1-\delta )[1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)]}{[1-(1-{\gamma }_d)(1-{\gamma }_E)]{[1-(1-{\gamma }_d)(1-\delta )]}^2}}\right)M_2\hfill \end{array}$$

(28)

where

$$\mathbf{c}=(c_1,c_2,c_3),\mathbf{d}=(d_1,d_2,d_3),\mathbf{f}=\left(M_1,M_2,{\left.{\displaystyle \frac{\mathrm{d}{h}_2^{\left(m\right)}\left(z\right)}{\mathrm{d}z}}\right|}_{z=1}\right)$$

(29)

the superscript $\mathrm{T}$ represents transposition. In Equation (28), we denote $e_1$ and $e_2$ to be

$$e_1=1+{\displaystyle \frac{p(1-{\gamma }_d){\gamma }_E(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}},e_2={\displaystyle \frac{[1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)][1-(1-{\gamma }_d)(1-{\gamma }_E)(1-\delta )]}{[1-(1-{\gamma }_d)(1-{\gamma }_E)][1-(1-{\gamma }_d)(1-\delta )]}}$$

(30)

Proof. 

Denote that

$$\mathbf{c}=(c_1,c_2,c_3),\mathbf{d}=(d_1,d_2,d_3),\mathbf{f}=\left(M_1,M_2,{\left.{\displaystyle \frac{\mathrm{d}{h}_2^{\left(m\right)}\left(z\right)}{\mathrm{d}z}}\right|}_{z=1}\right)$$

Equation (15) can be represented as

$$\left[\begin{array}{cc}{a}_{11}& a_{12}\\ a_{21}& a_{22}\end{array}\right]\left[\begin{array}{c}{h}_1^{\prime }\left(1\right)\\ h_2^{\prime }\left(1\right)\end{array}\right]=\left[\begin{array}{c}{\mathbf{c}}^{\mathrm{T}}\mathbf{f}\\ {\mathbf{d}}^{\mathrm{T}}\mathbf{f}\end{array}\right]$$

(31)

from which we solve that

$$\left[\begin{array}{c}{h}_1^{\prime }\left(1\right)\\ h_2^{\prime }\left(1\right)\end{array}\right]={\displaystyle \frac{1}{a_{11}{a}_{22}-a_{12}{a}_{21}}}\left[\begin{array}{cc}{a}_{22}& -a_{12}\\ -a_{21}& a_{11}\end{array}\right]\left[\begin{array}{c}{\mathbf{c}}^{\mathrm{T}}\mathbf{f}\\ {\mathbf{d}}^{\mathrm{T}}\mathbf{f}\end{array}\right]$$

(32)

Define

$$e_1=1+{\displaystyle \frac{p(1-{\gamma }_d){\gamma }_E(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}},e_2={\displaystyle \frac{[1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)][1-(1-{\gamma }_d)(1-{\gamma }_E)(1-\delta )]}{[1-(1-{\gamma }_d)(1-{\gamma }_E)][1-(1-{\gamma }_d)(1-\delta )]}}$$

then,

$$\begin{array}{cc}\hfill e_1{h}_1^{\prime }\left(1\right)+e_2{h}_2^{\prime }\left(1\right)& =\left[e_1{e}_2\right]\left[\begin{array}{c}{h}_1^{\prime }\left(1\right)\\ h_2^{\prime }\left(1\right)\end{array}\right]\hfill \\ \hfill & ={\displaystyle \frac{1}{a_{11}{a}_{22}-a_{12}{a}_{21}}}\left[e_1{e}_2\right]\left[\begin{array}{cc}{a}_{22}& -a_{12}\\ -a_{21}& a_{11}\end{array}\right]\left[\begin{array}{c}{\mathbf{c}}^{\mathrm{T}}\mathbf{f}\\ {\mathbf{d}}^{\mathrm{T}}\mathbf{f}\end{array}\right]\hfill \\ \hfill & ={\displaystyle \frac{(e_1{a}_{22}-e_2{a}_{21}){\mathbf{c}}^{\mathrm{T}}\mathbf{f}-(e_1{a}_{12}-e_2{a}_{11}){\mathbf{d}}^{\mathrm{T}}\mathbf{f}}{a_{11}{a}_{22}-a_{12}{a}_{21}}}\hfill \end{array}$$

(33)

Substituting (33) into (14) gives the average $\delta -$secure AoI in Equation (28). This completes the proof of Theorem 1. □

The formula given in Theorem 1 is complex. With special case ${\gamma }_E=0$, we first verify that Equation (28) reduces to the average AoI of a basic Ber/Geo/1/2 queue modeled status updating system.

Letting ${\gamma }_E=0$ in Equations (26) and (27), it gives that

$$\begin{array}{c}{R}_{1,2}={\displaystyle \frac{p(1-{\gamma }_d)}{(1-p){\gamma }_d}}\end{array}$$

(34)

$$\begin{array}{c}{M}_1={\displaystyle \frac{(1-p){\gamma }_d^2}{{[1-(1-p)(1-{\gamma }_d)]}^2-p{\gamma }_d}}\end{array}$$

(35)

$$\begin{array}{c}{M}_2={\displaystyle \frac{p{\gamma }_d(1-{\gamma }_d)}{{[1-(1-p)(1-{\gamma }_d)]}^2-p{\gamma }_d}}\end{array}$$

(36)

$$\begin{array}{c}{M}_3=0\end{array}$$

(37)

in which (37) is obtained by referring to Equation (A27).

Substituting ${\gamma }_E=0$ and $M_3=0$ into (A23), we have

$$h_2^{\left(m\right)}\left(z\right)[1-(1-p)(1-{\gamma }_d)z]=p(1-{\gamma }_d)M_{1}z+{\displaystyle \frac{p{\gamma }_d{M}_{2}z}{1-(1-{\gamma }_d)z}}$$

(38)

Since $M_2=R_{1,2}{M}_1$, that is $p(1-{\gamma }_d)M_1=(1-p){\gamma }_d{M}_2$, from (38), we obtain that

$$h_2^{\left(m\right)}\left(z\right)={\displaystyle \frac{{\gamma }_d{M}_{2}z}{1-(1-{\gamma }_d)z}}$$

(39)

In the case of ${\gamma }_E=0$, Equations (A15) and (A16) are simplified to

$$\begin{array}{c}{h}_1\left(z\right)={\displaystyle \frac{p{\gamma }_d{M}_{1}z}{1-(1-p)z}}+{\displaystyle \frac{(1-p){\gamma }_{d}z}{1-(1-p)z}}{h}_2^{\left(m\right)}\left(z\right)\end{array}$$

(40)

$$\begin{array}{c}{h}_2\left(z\right)={\displaystyle \frac{p(1-{\gamma }_d)z}{1-(1-p)(1-{\gamma }_d)z}}{h}_1\left(z\right)+{\displaystyle \frac{p{\gamma }_{d}z}{[1-(1-{\gamma }_d)z][1-(1-p)(1-{\gamma }_d)z]}}{h}_2^{\left(m\right)}\left(z\right)\end{array}$$

(41)

Combining (13), (40), (41), and (38), one can calculate that

$$\begin{array}{cc}\hfill H_{\delta }\left(z\right)& =h_1\left(z\right)+{\displaystyle \frac{1-(1-p)(1-{\gamma }_d)z}{1-(1-{\gamma }_d)z}}{h}_2\left(z\right)\hfill \\ \hfill & ={\displaystyle \frac{p{\gamma }_d{M}_{1}z[1-(1-p)(1-{\gamma }_d)z]}{[1-(1-p)z]{[1-(1-{\gamma }_d)z]}^2}}+{\displaystyle \frac{p{\gamma }_d^2{M}_2{z}^2}{{[1-(1-{\gamma }_d)z]}^3}}\hfill \end{array}$$

(42)

Finally, through direct calculation,

$$\begin{array}{cc}\hfill {\left.{\displaystyle \frac{\mathrm{d}{H}_{\delta }\left(z\right)}{\mathrm{d}z}}\right|}_{z=1}& ={\displaystyle \frac{{[1-(1-p)(1-{\gamma }_d)]}^2}{p{\gamma }_d^2}}{M}_1+{\displaystyle \frac{[1-(1-p)(1-{\gamma }_d)]+2p(1-{\gamma }_d)}{{\gamma }_d^2}}{M}_2\hfill \end{array}$$

(43)

$$\begin{array}{cc}\hfill & ={\displaystyle \frac{1}{{\gamma }_d}}\left((1-{\gamma }_d)+{\displaystyle \frac{1}{{\rho }_d}}+{\displaystyle \frac{2{\rho }_d^2{(1-{\gamma }_d)}^2}{1+{\rho }_d(1-2{\gamma }_d)+{\rho }_d^2{(1-{\gamma }_d)}^2}}\right)\hfill \end{array}$$

(44)

$$\begin{array}{cc}\hfill & ={\overline{\Delta }}_{Ber/Geo/1/2}\hfill \end{array}$$

(45)

where in (44), we denote ${\rho }_d=p/{\gamma }_d$ as the discrete traffic intensity. Equation (44) is exactly the average AoI of the status updating system that uses the Ber/Geo/1/2 queue, which was determined in our previous work [29].

Notice that when ${\gamma }_E=0$, all of the packets that are sent out from transmitter will never be obtained by the eavesdropper. As a result, the probabilistic deletion/retaining is never triggered, and all the packets are transmitted to the receiver securely. In this case, it is proved that average $\delta -$secure AoI degenerates to ${\overline{\Delta }}_{Ber/Geo/1/2}$. Since the probabilistic deletion/retaining scheme is never performed, it is observed that deletion probability $\delta$ disappears in Equations (34)–(41), and finally is not contained in the average AoI formula.

We use average AoI to characterize packet freshness, while the transmission security of the system is measured by the proportion of insecure packets that the receiver obtains. In following theorem, we determine this insecure packet proportion under a probabilistic deletion/retaining transmission scheme.

Theorem 2. 

Let the deletion probability be δ. When applying the probabilistic deletion/retaining scheme to transmit packets over the Ber/Geo/1/2 queue modeled status updating system, the probability that an insecure packet arrives at the receiver, as well as the proportion of insecure packets that the receiver obtains over a long period of time, which is denoted as $\eta \left(\delta \right)$, is determined to be

$$\eta \left(\delta \right)={\displaystyle \frac{{\gamma }_d{\gamma }_E(1-\delta )}{[1-(1-{\gamma }_d)(1-{\gamma }_E)][1-(1-{\gamma }_d)(1-\delta )]}}$$

(46)

Proof. 

Define three events as

$$\begin{array}{cc}\hfill & E:\mathrm{an}\mathrm{insecure}\mathrm{packet}\mathrm{arrives}\mathrm{at}\mathrm{the}\mathrm{receiver}\hfill \\ \hfill & E_1:\mathrm{a}\mathrm{transmitted}\mathrm{packet}\mathrm{becomes}\mathrm{insecure}\hfill \\ \hfill & E_2:\mathrm{an}\mathrm{insecure}\mathrm{packet}\mathrm{arrives}\mathrm{at}d\mathrm{before}\mathrm{being}\mathrm{deleted}\hfill \end{array}$$

Then,

$$Pr\left(E\right)=\eta \left(\delta \right)=Pr\left(E_1\right)·Pr\left(E_2\right)$$

(47)

Let $T_d$, $T_E$, and $T_{\delta }$ be the time that a packet is transmitted to d, E, and that of being deleted under the probabilistic deletion/retaining scheme. Event $E_1$ requires that $T_d\ge T_E$, while event $E_2$ needs $T_{\delta }>T_d$. Due to the memoryless property of geometric distributions, these two events are independent. Therefore,

$$\begin{array}{cc}\hfill \eta \left(\delta \right)=Pr\left(E\right)& =Pr\{T_d\ge T_E\}·Pr\{T_{\delta }>T_d\}\hfill \\ \hfill & =\left({\sum }_{j=1}^{\infty }Pr\{T_E=j\}Pr\{T_d\ge j\}\right)\left({\sum }_{l=1}^{\infty }Pr\{T_d=l\}Pr\{T_{\delta }>l\}\right)\hfill \\ \hfill & =\left({\sum }_{j=1}^{\infty }{(1-{\gamma }_E)}^{j-1}{\gamma }_E{\sum }_{k=j}^{\infty }{(1-{\gamma }_d)}^{k-1}{\gamma }_d\right)\left({\sum }_{l=1}^{\infty }{(1-{\gamma }_d)}^{l-1}{\gamma }_d{\sum }_{k=l+1}^{\infty }{(1-\delta )}^{k-1}\delta \right)\hfill \\ \hfill & ={\displaystyle \frac{{\gamma }_d{\gamma }_E(1-\delta )}{[1-(1-{\gamma }_d)(1-{\gamma }_E)][1-(1-{\gamma }_d)(1-\delta )]}}\hfill \end{array}$$

(48)

This derives the results in Theorem 2. □

For the given deletion probability $\delta$, ${\overline{\Delta }}_{\delta }$ characterizes the freshness of the obtained packets, while $\eta \left(\delta \right)$, i.e., the proportion of insecure packets that are transmitted to the receiver, can be viewed as the security measurement of the system. Combining Theorem 1 and Theorem 2, and by introducing deletion probability $\delta$, we actually establish the relationships between the timeliness performance and security performance of the considered status updating system, which enables us to investigate the tradeoffs between these two performance types.

4. Packet with Random Service Time Deadline and Average Age of Secure Information

Before investigating the relationships between ${\overline{\Delta }}_{\delta }$, $\eta \left(\delta \right)$ and system parameters p, ${\gamma }_d$, and ${\gamma }_E$, in this section we further consider two special cases of Equation (28) by setting ${\gamma }_E=1$ and $\delta =1$. We explain that ${\gamma }_E=1$ corresponds to the situation with the packet with geometric deadline in service process. When $\delta =1$, the average $\delta -$secure AoI is equal to the average age of secure information (AoSI) that was studied in works [39,40] for bufferless systems.

4.1. Packet with Random Geometric Deadline in Service Process: ${\gamma }_E=1$

Assuming that ${\gamma }_E=1$, then in every time slot, each packet that enters the server will be obtained by an eavesdropper. This is equivalent to saying that each transmitted packet is insecure and a probabilistic deletion/retaining scheme will be performed in every time slot as long as there is a packet in service. With probability $\delta$, the packet is deleted, and with probability $1-\delta$, this packet is retained. Observing that this transmission situation is exactly the scenario of transmitting packets under the restriction that the packets are controlled by the geometric deadline in service process, in this subsection, we derive the explicit formula of average AoI.

Letting ${\gamma }_E=1$, the main results required to derive ${\overline{\Delta }}_{\delta }$ are simplified to be

$$\begin{array}{c}{R}_{1,2}={\displaystyle \frac{p^2(1-{\gamma }_d)(1-\delta )}{(1-p)[1-(1-{\gamma }_d)(1-\delta )]}}\end{array}$$

(49)

$$\begin{array}{c}{M}_1={\displaystyle \frac{(1-p){[1-(1-{\gamma }_d)(1-\delta )]}^2}{(1-p)[1-(1-{\gamma }_d)(1-\delta )][1-(1-p)(1-{\gamma }_d)(1-\delta )]+p^2(1-{\gamma }_d)(1-\delta )}}\end{array}$$

(50)

$$\begin{array}{c}{M}_3={\displaystyle \frac{p(1-{\gamma }_d)(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}{M}_1={\displaystyle \frac{1-p}{p}}{M}_2\end{array}$$

(51)

$$\begin{array}{c}{h}_2^{\left(m\right)}\left(z\right)={\displaystyle \frac{[1-(1-{\gamma }_d)(1-\delta )]M_{2}z}{1-(1-{\gamma }_d)(1-\delta )z}}\end{array}$$

(52)

$$\begin{array}{c}{H}_{\delta }\left(z\right)=\left(1+{\displaystyle \frac{p(1-{\gamma }_d)(1-\delta )z}{1-(1-{\gamma }_d)(1-\delta )z}}\right)h_1\left(z\right)+{\displaystyle \frac{h_2\left(z\right)}{1-(1-{\gamma }_d)(1-\delta )z}}\end{array}$$

(53)

and

$$\begin{array}{cc}\hfill & \left([1-(1-p)z][1-(1-p)(1-{\gamma }_d)(1-\delta )z]-p\delta z\right)h_1\left(z\right)\hfill \\ \hfill & =(1-p)\delta z{h}_2\left(z\right)+p{\gamma }_d(1-\delta )M_{1}z+(1-p){\gamma }_d(1-\delta )z{h}_2^{\left(m\right)}\left(z\right)\hfill \\ \hfill & \left([1-(1-{\gamma }_d)(1-\delta )z][1-(1-p)(1-{\gamma }_d)(1-\delta )z]-p\delta z\right)h_2\left(z\right)\hfill \end{array}$$

(54)

$$\begin{array}{cc}\hfill & =p^2\delta (1-{\gamma }_d)(1-\delta )z^2{h}_1\left(z\right)+p^2{\gamma }_d(1-{\gamma }_d){(1-\delta )}^2{M}_1{z}^2+p{\gamma }_d(1-\delta )z{h}_2^{\left(m\right)}\left(z\right)\hfill \end{array}$$

(55)

From Equations (49)–(55), we have the following theorem.

Theorem 3. 

For the case where packets are restricted by a random geometric deadline during service process, the average AoI of Ber/Geo/1/2 queue modeled status updating system is determined as

$${\overline{\Delta }}_{\delta }={\displaystyle \frac{[1-(1-p)(1-{\gamma }_d)(1-\delta )]h_1^{\prime }\left(1\right)+h_2^{\prime }\left(1\right)}{1-(1-{\gamma }_d)(1-\delta )}}+{\displaystyle \frac{(1-{\gamma }_d)(1-\delta )(p{M}_1+M_2)}{{[1-(1-{\gamma }_d)(1-\delta )]}^2}}$$

(56)

in which δ is the expiration probability in each time slot. Two numbers $M_1$ and $M_2$ are given in (49) and (50) by noting that $M_2=R_{1,2}{M}_1$, and $h_1^{\prime }\left(1\right)$, $h_2^{\prime }\left(1\right)$ are obtained by

$$\begin{array}{cc}\hfill h_1^{\prime }\left(1\right)& =({\displaystyle \frac{p^2{\delta }^2(1-{\gamma }_d)(1-\delta )[1-(1-p)(1-{\gamma }_d)]N}{[1-(1-p)(1-{\gamma }_d)(1-\delta )]\left([1-(1-p)(1-{\gamma }_d)][1-(1-{\gamma }_d)(1-\delta )]-p\delta \right)}}\hfill \\ \hfill & +{\displaystyle \frac{[1-(1-{\gamma }_d)(1-\delta )][1-{(1-p)}^2(1-{\gamma }_d)(1-\delta )]}{p^2(1-{\gamma }_d)(1-\delta )}}+{\displaystyle \frac{{\gamma }_d(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}){\displaystyle \frac{(1-p)M_2}{p(1-\delta )[1-(1-p)(1-{\gamma }_d)]}}\hfill \end{array}$$

(57)

and

$$h_2^{\prime }\left(1\right)={\displaystyle \frac{p^2\delta (1-{\gamma }_d)(1-\delta )[1-(1-p)(1-{\gamma }_d)]N}{[1-(1-p)(1-{\gamma }_d)(1-\delta )]\left([1-(1-p)(1-{\gamma }_d)][1-(1-{\gamma }_d)(1-\delta )]-p\delta \right)}}{M}_2$$

(58)

in which N represents that

$$\begin{array}{cc}\hfill N& ={\displaystyle \frac{\frac{(1-p)[1-(1-{\gamma }_d)(1-\delta )][1-{(1-p)}^2(1-{\gamma }_d)(1-\delta )]}{p^2(1-{\gamma }_d)(1-\delta )}+\frac{(1-p){\gamma }_d(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}{p(1-\delta )[1-(1-p)(1-{\gamma }_d)]}}\hfill \\ \hfill & +{\displaystyle \frac{1-(1-p){(1-{\gamma }_d)}^2{(1-\delta )}^2-(1-p){[1-(1-{\gamma }_d)(1-\delta )]}^2+\frac{p{\gamma }_d(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}{p^2\delta (1-{\gamma }_d)(1-\delta )}}\hfill \end{array}$$

(59)

Proof. 

Calculating the derivative of (53) and letting $z=1$, we have

$$\begin{array}{cc}\hfill {\overline{\Delta }}_{\delta }& ={\left.{\displaystyle \frac{\mathrm{d}{H}_{\delta }\left(z\right)}{\mathrm{d}z}}\right|}_{z=1}\hfill \\ \hfill & ={\displaystyle \frac{p(1-{\gamma }_d)(1-\delta )}{{[1-(1-{\gamma }_d)(1-\delta )]}^2}}{M}_1+{\displaystyle \frac{1-(1-p)(1-{\gamma }_d)(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}{h}_1^{\prime }\left(1\right)\hfill \\ \hfill & +{\displaystyle \frac{(1-{\gamma }_d)(1-\delta )}{{[1-(1-{\gamma }_d)(1-\delta )]}^2}}{M}_2+{\displaystyle \frac{h_2^{\prime }\left(1\right)}{1-(1-{\gamma }_d)(1-\delta )}}\hfill \\ \hfill & ={\displaystyle \frac{[1-(1-p)(1-{\gamma }_d)(1-\delta )]h_1^{\prime }\left(1\right)+h_2^{\prime }\left(1\right)}{1-(1-{\gamma }_d)(1-\delta )}}+{\displaystyle \frac{(1-{\gamma }_d)(1-\delta )(p{M}_1+M_2)}{{[1-(1-{\gamma }_d)(1-\delta )]}^2}}\hfill \end{array}$$

(60)

This derives the average AoI in (56). Since $M_1$ and $M_2$ were obtained in Equations (49) and (50), the remaining work to determine ${\overline{\Delta }}_{\delta }$ is obtaining $h_1^{\prime }\left(1\right)$ and $h_2^{\prime }\left(1\right)$.

Taking the derivative of both sides of (54) and (55), it proves that

$$\begin{array}{cc}\hfill & p(1-\delta )[1-(1-p)(1-{\gamma }_d)]h_1^{\prime }\left(1\right)-(1-p)\delta h_2^{\prime }\left(1\right)\hfill \\ \hfill & =\left({\displaystyle \frac{(1-p)[1-(1-{\gamma }_d)(1-\delta )][1-{(1-p)}^2(1-{\gamma }_d)(1-\delta )]}{p^2(1-{\gamma }_d)(1-\delta )}}+{\displaystyle \frac{(1-p){\gamma }_d(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}\right)M_2\hfill \end{array}$$

(61)

and

$$\begin{array}{cc}\hfill & -p^2\delta (1-{\gamma }_d)(1-\delta )h_1^{\prime }\left(1\right)+\left([1-(1-{\gamma }_d)(1-\delta )][1-(1-p)(1-{\gamma }_d)(1-\delta )]-p\delta \right)h_2^{\prime }\left(1\right)\hfill \end{array}$$

$$\begin{array}{c}\hfill =\left(1-(1-p){(1-{\gamma }_d)}^2{(1-\delta )}^2-(1-p){[1-(1-{\gamma }_d)(1-\delta )]}^2+{\displaystyle \frac{p{\gamma }_d(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}\right)M_2\end{array}$$

(62)

Notice that during the calculations, we substitute

$${\left.{\displaystyle \frac{\mathrm{d}{h}_2^{\left(m\right)}\left(z\right)}{\mathrm{d}z}}\right|}_{z=1}={\displaystyle \frac{M_2}{1-(1-{\gamma }_d)(1-\delta )}}$$

(63)

which is obtained directly from Equation (52).

Writing (61) as

$$\begin{array}{cc}\hfill & h_1^{\prime }\left(1\right)-{\displaystyle \frac{(1-p)\delta }{p(1-\delta )[1-(1-p)(1-{\gamma }_d)]}}{h}_2^{\prime }\left(1\right)={\displaystyle \frac{\frac{(1-p)[1-(1-{\gamma }_d)(1-\delta )][1-{(1-p)}^2(1-{\gamma }_d)(1-\delta )]}{p^2(1-{\gamma }_d)(1-\delta )}+\frac{(1-p){\gamma }_d(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}{p(1-\delta )[1-(1-p)(1-{\gamma }_d)]}}{M}_2\hfill \end{array}$$

(64)

and Equation (62) is equivalent to

$$\begin{array}{cc}\hfill & {\displaystyle \frac{[1-(1-{\gamma }_d)(1-\delta )][1-(1-p)(1-{\gamma }_d)(1-\delta )]-p\delta }{p^2\delta (1-{\gamma }_d)(1-\delta )}}{h}_2^{\prime }\left(1\right)-h_1^{\prime }\left(1\right)\hfill \end{array}$$

$$\begin{array}{c}\hfill ={\displaystyle \frac{1-(1-p){(1-{\gamma }_d)}^2{(1-\delta )}^2-(1-p){[1-(1-{\gamma }_d)(1-\delta )]}^2+\frac{p{\gamma }_d(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}{p^2\delta (1-{\gamma }_d)(1-\delta )}}{M}_2\end{array}$$

(65)

From (64) and (65), we have

$$\begin{array}{cc}\hfill & h_2^{\prime }\left(1\right)\left({\displaystyle \frac{[1-(1-{\gamma }_d)(1-\delta )][1-(1-p)(1-{\gamma }_d)(1-\delta )]-p\delta }{p^2\delta (1-{\gamma }_d)(1-\delta )}}-{\displaystyle \frac{(1-p)\delta }{p(1-\delta )[1-(1-p)(1-{\gamma }_d)]}}\right)\hfill \end{array}$$

$$\begin{array}{cc}\hfill =& h_2^{\prime }\left(1\right){\displaystyle \frac{[1-(1-p)(1-{\gamma }_d)(1-\delta )]\left([1-(1-p)(1-{\gamma }_d)][1-(1-{\gamma }_d)(1-\delta )]-p\delta \right)}{p^2\delta (1-{\gamma }_d)(1-\delta )[1-(1-p)(1-{\gamma }_d)]}}\hfill \\ \hfill =& ({\displaystyle \frac{\frac{(1-p)[1-(1-{\gamma }_d)(1-\delta )][1-{(1-p)}^2(1-{\gamma }_d)(1-\delta )]}{p^2(1-{\gamma }_d)(1-\delta )}+\frac{(1-p){\gamma }_d(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}{p(1-\delta )[1-(1-p)(1-{\gamma }_d)]}}\hfill \end{array}$$

(66)

$$\begin{array}{cc}& +{\displaystyle \frac{1-(1-p){(1-{\gamma }_d)}^2{(1-\delta )}^2-(1-p){[1-(1-{\gamma }_d)(1-\delta )]}^2+\frac{p{\gamma }_d(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}{p^2\delta (1-{\gamma }_d)(1-\delta )}})M_2\hfill \end{array}$$

(67)

Denote

$$\begin{array}{cc}\hfill N& ={\displaystyle \frac{\frac{(1-p)[1-(1-{\gamma }_d)(1-\delta )][1-{(1-p)}^2(1-{\gamma }_d)(1-\delta )]}{p^2(1-{\gamma }_d)(1-\delta )}+\frac{(1-p){\gamma }_d(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}{p(1-\delta )[1-(1-p)(1-{\gamma }_d)]}}\hfill \\ \hfill & +{\displaystyle \frac{1-(1-p){(1-{\gamma }_d)}^2{(1-\delta )}^2-(1-p){[1-(1-{\gamma }_d)(1-\delta )]}^2+\frac{p{\gamma }_d(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}{p^2\delta (1-{\gamma }_d)(1-\delta )}}\hfill \end{array}$$

(68)

then Equation (67) shows that

$$h_2^{\prime }\left(1\right)={\displaystyle \frac{p^2\delta (1-{\gamma }_d)(1-\delta )[1-(1-p)(1-{\gamma }_d)]N}{[1-(1-p)(1-{\gamma }_d)(1-\delta )]\left([1-(1-p)(1-{\gamma }_d)][1-(1-{\gamma }_d)(1-\delta )]-p\delta \right)}}{M}_2$$

(69)

which is then combined with (64) to determine that

$$\begin{array}{cc}\hfill h_1^{\prime }\left(1\right)& =({\displaystyle \frac{p^2{\delta }^2(1-{\gamma }_d)(1-\delta )[1-(1-p)(1-{\gamma }_d)]N}{[1-(1-p)(1-{\gamma }_d)(1-\delta )]\left([1-(1-p)(1-{\gamma }_d)][1-(1-{\gamma }_d)(1-\delta )]-p\delta \right)}}\hfill \\ \hfill & +{\displaystyle \frac{[1-(1-{\gamma }_d)(1-\delta )][1-{(1-p)}^2(1-{\gamma }_d)(1-\delta )]}{p^2(1-{\gamma }_d)(1-\delta )}}+{\displaystyle \frac{{\gamma }_d(1-\delta )}{1-(1-{\gamma }_d)(1-\delta )}}){\displaystyle \frac{(1-p)M_2}{p(1-\delta )[1-(1-p)(1-{\gamma }_d)]}}\hfill \end{array}$$

(70)

So far, both $h_1^{\prime }\left(1\right)$ and $h_2^{\prime }\left(1\right)$ are obtained. Thus, the proof is completed. □

4.2. Average Age of Secure Information: $\delta =1$

Different from ${\gamma }_E=1$ in Section 4.1, in the second case we let $\delta =1$. This means the transmitter will delete one packet immediately upon it becoming insecure. It is interesting to compare the differences in the impact on packets caused by controlling strategies in these two cases. Notice that if ${\gamma }_E=1$, then packet deletion is performed with probability $\delta$ in each time slot. However, in the case of $\delta =1$, the packet is deleted with probability 1 but is not performed in every time slot, i.e., only in time slots when the served packet is insecure. The average AoI derived in the $\delta =1$ case is exactly the average age of secure information (AoSI) of the Ber/Geo/1/2 queue modeled status updating system.

Like in Section 4.1, we start the analysis from a series of simplified results. By setting $\delta =1$, we show that

$$\begin{array}{c}{M}_1={\displaystyle \frac{(1-p){[1-(1-{\gamma }_d)(1-{\gamma }_E)]}^2}{(1-p){[1-(1-{\gamma }_d)(1-{\gamma }_E)]}^2+p(1-{\gamma }_d)(1-{\gamma }_E)[1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)]}}\end{array}$$

(71)

$$\begin{array}{c}{M}_2={\displaystyle \frac{p(1-{\gamma }_d)(1-{\gamma }_E)[1-(1-{\gamma }_d)(1-{\gamma }_E)]}{(1-p){[1-(1-{\gamma }_d)(1-{\gamma }_E)]}^2+p(1-{\gamma }_d)(1-{\gamma }_E)[1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)]}}\end{array}$$

(72)

$$\begin{array}{c}{M}_3=0\end{array}$$

(73)

$$\begin{array}{c}{h}_2^{\left(m\right)}\left(z\right)={\displaystyle \frac{[1-(1-{\gamma }_d)(1-{\gamma }_E)]M_{2}z}{1-(1-{\gamma }_d)(1-{\gamma }_E)z}}\end{array}$$

(74)

$$\begin{array}{c}{H}_S\left(z\right)=h_1\left(z\right)+\left(1+{\displaystyle \frac{p(1-{\gamma }_d)(1-{\gamma }_E)z}{1-(1-{\gamma }_d)(1-{\gamma }_E)z}}\right)h_2\left(z\right)\end{array}$$

(75)

$$\begin{array}{c}\left(1-(1-p)z-p{\gamma }_{E}z\right)h_1\left(z\right)=(1-p){\gamma }_{E}z{h}_2\left(z\right)+p{\gamma }_d(1-{\gamma }_E)M_{1}z+(1-p){\gamma }_d(1-{\gamma }_E)z{h}_2^{\left(m\right)}\left(z\right)\end{array}$$

(76)

and

$$\begin{array}{cc}\hfill & h_2\left(z\right)\left(1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)z-{\displaystyle \frac{p{\gamma }_{E}z}{1-(1-{\gamma }_d)(1-{\gamma }_E)z}}\right)\hfill \\ \hfill & =p(1-{\gamma }_d)(1-{\gamma }_E)z{h}_1\left(z\right)+{\displaystyle \frac{p{\gamma }_d(1-{\gamma }_E)z}{1-(1-{\gamma }_d)(1-{\gamma }_E)z}}{h}_2^{\left(m\right)}\left(z\right)\hfill \end{array}$$

(77)

Theorem 4. 

For the Ber/Geo/1/2 queue modeled status updating system, assuming that with probability ${\gamma }_E$, a transmitted packet is eavesdropped in each time slot. Then, the average age of secure information, ${\overline{\Delta }}_S$, is obtained to be

$${\overline{\Delta }}_S={\displaystyle \frac{p(1-{\gamma }_d)(1-{\gamma }_E)}{{[1-(1-{\gamma }_d)(1-{\gamma }_E)]}^2}}{M}_2+h_1^{\prime }\left(1\right)+\left(1+{\displaystyle \frac{p(1-{\gamma }_d)(1-{\gamma }_E)}{1-(1-{\gamma }_d)(1-{\gamma }_E)}}\right)h_2^{\prime }\left(1\right)$$

(78)

in which

$$\begin{array}{cc}\hfill h_1^{\prime }\left(1\right)& ={\displaystyle \frac{\left(1-(1-p)(1-{\gamma }_d)(1-{\gamma }_E)-\frac{p{\gamma }_E}{1-(1-{\gamma }_d)(1-{\gamma }_E)}\right)\left(1+\frac{p{\gamma }_d(1-{\gamma }_d){(1-{\gamma }_E)}^2}{{[1-(1-{\gamma }_d)(1-{\gamma }_E)]}^2}\right)}{p(1-{\gamma }_E)\left(1-(1-p)(1-{\gamma }_d)-\frac{p{\gamma }_E}{1-(1-{\gamma }_d)(1-{\gamma }_E)}\right)}}{M}_1\hfill \\ \hfill & +{\displaystyle \frac{(1-p){\gamma }_E\left(1+\frac{p(1-{\gamma }_E)[1-{(1-{\gamma }_d)}^2(1-{\gamma }_E)]}{{[1-(1-{\gamma }_d)(1-{\gamma }_E)]}^2}\right)}{p(1-{\gamma }_E)\left(1-(1-p)(1-{\gamma }_d)-\frac{p{\gamma }_E}{1-(1-{\gamma }_d)(1-{\gamma }_E)}\right)}}{M}_2\hfill \end{array}$$

(79)

and

$$h_2^{\prime }\left(1\right)={\displaystyle \frac{(1-{\gamma }_d)\left(1+\frac{p{\gamma }_d(1-{\gamma }_d){(1-{\gamma }_E)}^2}{{[1-(1-{\gamma }_d)(1-{\gamma }_E)]}^2}\right)M_1+\left(1+\frac{p(1-{\gamma }_E)[1-{(1-{\gamma }_d)}^2(1-{\gamma }_E)]}{{[1-(1-{\gamma }_d)(1-{\gamma }_E)]}^2}\right)M_2}{1-(1-p)(1-{\gamma }_d)-\frac{p{\gamma }_E}{1-(1-{\gamma }_d)(1-{\gamma }_E)}}}$$

(80)

Proof. 

The proof of Theorem 4 is similar to that of Theorem 3. Thus, here we omit the derivation details of Theorem 4. □

5. Numerically Analyzing Relationships Between Freshness and Transmission Security

In Section 5.1, through numerical examples, we first investigate the change trends of average $\delta -$secure AoI and insecure packet proportion with respect to deletion probability $\delta$, as well as the tradeoffs between these two quantities. For the two cases discussed in Section 4, the average AoI with a random geometric service time deadline is numerically analyzed in Section 5.2. Letting $\delta =1$, we depict the relation curves of the average AoSI versus packet generation probability p, and eavesdropping probability ${\gamma }_E$ in Section 5.3.

5.1. Average $\delta -$Secure AoI and Insecure Packet Proportion

First of all, in Figure 2a we depict the relationship curves showing how ${\overline{\Delta }}_{\delta }$ varies when increasing packet deletion probability $\delta$ from 0 to 1. We select $p=0.1$, ${\gamma }_d=0.25$, and plot four curves by setting eavesdropping probability ${\gamma }_E$ to be 0.25, 0.35, 0.4, and 0.5. Numerical results show that in general, ${\overline{\Delta }}_{\delta }$ is monotonically decreasing as $\delta$ becomes large, except for cases where ${\gamma }_E$ is much larger than ${\gamma }_d$. These results are explained as follows. Notice that a large $\delta$ implies that it is more likely to delete an insecure packet, which will reduce the number of insecure packets arriving at the receiver. In some cases, deleting these insecure packets helps to improve the freshness of the obtained packets because the newer packet in the buffer can enter the server earlier and arrives at the receiver earlier. The curves with ${\gamma }_E=0.25$, 0.35, and 0.4 are exactly this situation. However, when increasing ${\gamma }_E$ further, the probability that a transmitted packet becomes insecure becomes high, and a large $\delta$ will result in many packet deletions before they can arrive at the receiver, which deteriorates the freshness of the obtained packets. Remember that in the proof of Theorem 2, the probability that a transmitted packet becomes insecure, i.e., $Pr\left(E_1\right)$, is equal to

$$Pr\left(E_1\right)={\displaystyle \frac{{\gamma }_E}{1-(1-{\gamma }_d)(1-{\gamma }_E)}}$$

(81)

which is increasing when ${\gamma }_E$ becomes large. It is proved by the curve corresponding to ${\gamma }_E=0.5$ that the average $\delta -$secure AoI first falls then rises when $\delta$ becomes large from 0 to 1. From the numerical results in Figure 2a, we can conclude that in general cases, especially when ${\gamma }_d>{\gamma }_E$, the average $\delta -$secure AoI is decreasing as the packet deletion probability $\delta$ increases. In extreme situations where ${\gamma }_E$ is much larger than ${\gamma }_d$, as $\delta$ increases, ${\overline{\Delta }}_{\delta }$ first falls then rises, and there exists one optimal deletion probability that minimizes ${\overline{\Delta }}_{\delta }$ (approximately 0.35 in Figure 2a).

In Figure 2b, we depict the insecure packet proportion $\eta \left(\delta \right)$ when increasing $\delta$ from 0 to 1. It is easy to understand that $\eta \left(\delta \right)$ decreases as $\delta$ becomes large because the number of insecure packets that are transmitted to the receiver is reduced by increasing the packet deletion probability. We also plot three curves where ${\gamma }_E$ is set to be 0.25, 0.55, and 0.75. As explained in the previous paragraph, $Pr\left(E_1\right)$ increases when ${\gamma }_E$ becomes large. As a result, for large ${\gamma }_E$, more packets change to be insecure, and the same deletion probability will cause a higher insecure packet proportion. It is verified in Figure 2b that the black curve with ${\gamma }_E=0.75$ has the highest $\eta \left(\delta \right)$.

By increasing packet deletion probability $\delta$, we draw the relationship curves of ${\overline{\Delta }}_{\delta }$ and $\eta \left(\delta \right)$ in Figure 3 so as to investigate the direct tradeoffs of packet freshness and transmission security. Since $\eta \left(\delta \right)$ is decreasing when $\delta$ increases, Figure 3 is read from the right to the left. It is shown in Figure 3 that as ${\gamma }_E$ increases from 0.4 to 0.7, ${\overline{\Delta }}_{\delta }$ has different change trends when $\eta \left(\delta \right)$ varies. When ${\gamma }_E$ is 0.4, as $\eta \left(\delta \right)$ reduces, ${\overline{\Delta }}_{\delta }$ is decreasing as well. Increasing ${\gamma }_E$ to 0.5, ${\overline{\Delta }}_{\delta }$ first falls then rises. Finally, for extremely large ${\gamma }_E$, such as ${\gamma }_E=0.7$, ${\overline{\Delta }}_{\delta }$ is increasing when $\eta \left(\delta \right)$ reduces. These results have the same explanations as those for results in Figure 2. Extremely large ${\gamma }_E$ increases the probability that a packet becomes insecure. Then, when $\delta$ is large, there is a large probability that those insecure packet are deleted before being transmitted to the receiver, resulting in the average AoI increasing. Characterizing packet freshness by average AoI and representing transmission security using $\eta \left(\delta \right)$, numerical simulations in Figure 3 prove that depending on eavesdropping probability ${\gamma }_E$, ${\overline{\Delta }}_{\delta }$ varies in different trends with $\eta \left(\delta \right)$. In some cases, for example, the blue curve in Figure 3, both ${\overline{\Delta }}_{\delta }$ and $\eta \left(\delta \right)$ can be minimized by setting $\delta =1$. However, in extreme cases where ${\gamma }_E$ is much larger than ${\gamma }_d$, when reducing $\eta \left(\delta \right)$, ${\overline{\Delta }}_{\delta }$ is increasing. That is, these two performance types cannot be optimized simultaneously.

Notice that in Figure 4 and Figure 7 of paper [5], the authors proved that the average AoI of the M/M/1/2 queue modeled system is decreasing when the packet arriving rate and service rate become large. If the probability of deleting a served packet is very small such that the average AoI is not significantly affected, in these cases, the average AoI of the system should have the similar change trends as in [5], that is, monotonically decreasing with p and ${\gamma }_d$. When ${\gamma }_d$ is greater than ${\gamma }_E$, according to Equation (81), the probability that a packet becomes insecure is very small such that even if $\delta$ equals 1, the probability of deleting a packet is still not very high. Consequently, the average AoI should follow a similar change trend to that in [5], which decreases with p and ${\gamma }_d$. On the other hand, increasing the packet deletion probability can always reduce insecure packet proportion, and in summary, we conclude that when ${\gamma }_d>{\gamma }_E$ such that the probability of deleting a packet is small, by setting $\delta =1$, both the average AoI and $\eta \left(\delta \right)$ can be minimized at the same time. For extreme cases where ${\gamma }_d<{\gamma }_E$, i.e., the capability that the eavesdropper obtains a packet is stronger than the legitimate receiver, to obtain lower average $\delta -$secure AoI, one should increase the emission power of the transmitter such that ${\gamma }_d$ is increased. If ${\gamma }_E$ is much larger than ${\gamma }_d$, then it is more appropriate to cancel the current transmission and restart sending the packet when ${\gamma }_E$ decreases.

5.2. Average AoI of the Ber/Geo/1/2 Queue Modeled System with Geometric Service Time Deadline

In this part, we provide numerical examples of average AoI for the Ber/Geo/1/2 queue modeled system when the packets are controlled by a random service time deadline. Firstly, the relationship curve between average AoI ${\overline{\Delta }}_{\delta }$ and expiration probability $\delta$ are illustrated in Figure 4a. By fixing ${\gamma }_d=0.3$ and increasing p from 0.25 to 0.29, we plot three curves. Referring also to Equation (81), when expiration probability $\delta$ is greater than ${\gamma }_d$, then many packets will be deleted before arriving at the receiver. This leads to an increase in the system’s average AoI. We limit the range of graphs in Figure 4a so as to make the varying trends prominent. The blue curve with $p=0.25$ shows that there exists an optimal but extremely small ${\delta }^{*}$ that minimizes ${\overline{\Delta }}_{\delta }$ (approximately 0.05 in Figure 4a), and for other two cases with larger p, ${\overline{\Delta }}_{\delta }$ is monotonically increasing as $\delta$ varies. Overall, the numerical results in Figure 4a prove that for most values of ${\rho }_d$, which is denoted as $p/{\gamma }_d$, letting $\delta =0$, i.e., without using a random service time deadline can achieve the minimal average AoI. Only in some extreme cases where ${\rho }_d$ is very high can ${\overline{\Delta }}_{\delta }$ be slightly reduced by setting a very small expiration probability.

Remember that in work [6,7], the authors demonstrated that by imposing a carefully selected waiting time deadline, one can achieves lower average AoI for M/M/1/2 queue modeled and infinity capacity status updating systems. The waiting time deadline can reduce the average AoI, while in most cases the service time deadline cannot; this reveals that if you want to delete one packet for reducing average AoI, then it is better to delete it in the earlier stages.

We depict the relations between ${\overline{\Delta }}_{\delta }$ and p in Figure 4b, in which ${\gamma }_d=0.3$ and p varies from 0 to 0.29 such that ${\rho }_d$ takes the value from 0 to approximately 1. It is observed that for three cases of $\delta =0$, 0.2, and 0.4, ${\overline{\Delta }}_{\delta }$ is decreasing with respect to p, as well as ${\rho }_d$. In addition, the curve corresponding to $\delta =0$ is located at the bottom such that letting $\delta =0$, or without using a random deadline in service process, achieves the minimal average AoI for the Ber/Geo/1/2 queue modeled system.

5.3. Average AoI of Secure Information for Ber/Geo/1/2 Queue Modeled System

Finally, we investigate how the average AoSI varies when system parameters p and ${\gamma }_E$ change through numerical examples in Figure 5. It is shown in Figure 5a that the average AoSI ${\overline{\Delta }}_S$ decreases as p becomes large, and Figure 5b demonstrates that ${\overline{\Delta }}_S$ is increasing when the eavesdropping probability ${\gamma }_E$ varies from small to large. Here, the main observation is that the relationships between ${\overline{\Delta }}_S$ and p, and that between ${\overline{\Delta }}_S$ and ${\gamma }_E$, are both monotonic. Apart from the endpoints, there is no other $p^{*}$ or ${\gamma }_E^{*}$ that minimizes or maximizes ${\overline{\Delta }}_S$. Notice that ${\overline{\Delta }}_S$ characterizes the average age of the secure packet; thus, increasing the eavesdropping probability ${\gamma }_E$ will deteriorate ${\overline{\Delta }}_S$, which is shown in Figure 5a where black curve with ${\gamma }_E=0.15$ is located at the top, and is directly illustrated in Figure 5b. Again, this can be explained as $Pr\left(E_1\right)$, i.e., the probability that a packet changes to be insecure is increasing as ${\gamma }_E$ becomes large, which leads to more packet deletions before they can arrive at the receiver.

6. Discussion and Conclusions

Assuming that there is an eavesdropper, we consider transmitting packets in a timely manner to the receiver through a Ber/Geo/1/2 queue modeled status updating system. The aim is investigating the tradeoffs between information freshness and transmission security. In this paper, packet freshness is measured by the age of information, and we use the insecure packet proportion to represent system’s transmission security, where a packet is defined to be insecure if it is obtained by the eavesdropper earlier than the receiver. We derive the formula of the average AoI ${\overline{\Delta }}_{\delta }$, and the proportion of obtained insecure packets $\eta \left(\delta \right)$, under a probabilistic deletion/retaining transmission scheme. This enables us to analyze the relationships between these two performance types. As a special case of ${\overline{\Delta }}_{\delta }$, we determine the average AoI of the system in which the transmitted packets are limited by a random service time deadline, and the average age of secure AoI. Through numerical simulations, the main conclusion is that we demonstrate that the average AoI ${\overline{\Delta }}_{\delta }$ varies in different trends depending on the value of eavesdropping probability ${\gamma }_E$. In general cases when ${\gamma }_d>{\gamma }_E$, both ${\overline{\Delta }}_{\delta }$ and $\eta \left(\delta \right)$ are minimized by setting $\delta =1$. While for extreme cases where ${\gamma }_E$ is very large, ${\overline{\Delta }}_{\delta }$ is increasing as $\eta \left(\delta \right)$ reduces such that ${\overline{\Delta }}_{\delta }$ and $\eta \left(\delta \right)$ cannot be optimized at the same time. For a system with other queuing models, for example, when the service time is deterministic, or assuming that the used deadline itself follows an arbitrary deadline, it is interesting to find the impacts of restricting the packet waiting time or service time on the average AoI of the system.

We discuss the tradeoffs of transmission timeliness and transmission security for infinity capacity system in work [41], in which we define freshness advantage F as a security measurement. In [41], F was defined as the average instantaneous gap between the eavesdropper’s AoI and legitimate receiver’s AoI. Here, it is interesting to compare the rationality of two transmission security measurements $\eta \left(\delta \right)$ and F. Optimizing F aims to increase the time interval between the legitimate receiver and the eavesdropper obtaining the same packet, while controlling $\eta \left(\delta \right)$ focuses on reducing the insecure packets obtained by the legitimate receiver and isolating the impact of the insecure packets on the system’s transmission security. From the authors’ point of view, if there are strong correlations between the transmitted packets, using F as a security measurement is more appropriate. Improving F expands the time interval between the legitimate receiver and eavesdropper obtaining the packets, which helps to reduce the possibility of the eavesdropper inferring other packets based on those he/she has obtained. However, for other cases of sending independent data, such as transmitting encoded packets, $\eta \left(\delta \right)$ is more suitable because reducing insecure packets and using secure packets to restore original data can effectively enhance the security of transmitted information.

Combining the two performance types derived in the paper, i.e., $({\overline{\Delta }}_{\delta },\eta (\delta ))$, we establish the following achievability relationships: we can achieve average AoI ${\overline{\Delta }}_{\delta }$ under the restriction that the proportion of obtained insecure packets is at most $\eta \left(\delta \right)$. Then, a natural question is what is the minimum average AoI that the receiver can obtain when the insecure packet proportion is no larger than a certain threshold? This is one of the follow-up problems that we will consider in the future. In addition, we desire to find the freshness advantage F for the Ber/Geo/1/2 queue modeled status updating system. By comparing with F of infinite capacity systems, the effects of the buffer size on the freshness advantage can be analyzed. Notice that the average AoIs of systems with the Ber/Geo/1/2 queue and Ber/Geo/1/∞ queue vary in different trends with traffic intensity, so it is expected that there are many interesting relations and tradeoffs to be analyzed. Apart from this, there is still much work in studying the relationship between transmission timeliness and transmission security. For example, introducing encryption and decryption operations in real-time packet transmission, and exploring the relationship between a system’s real-time performance and transmission security if the packets are encoded before being sent to the receiver.