Defending Against Randomly Located Eavesdroppers by Establishing a Protecting Region

The security problem in wireless sensor networks faces severe challenges, due to the openness of the sensor network channel and the mobility and diversity of the terminals. When facing randomly located eavesdroppers, the situation is much more complex. This paper studies the security performance of a wireless sensor network where randomly located passive and active eavesdroppers are both considered. Compared to a passive eavesdropper, an active eavesdropper can perform both eavesdropping and malicious jamming simultaneously in a wireless sensor network. Based on beamforming and artificial noise (AN), we propose a practical way to defend against the eavesdropper by establishing a protecting region. An appropriate metric, the hybrid outage probability, which takes both the transmission outage probability and the secrecy outage probability into consideration, is utilized to evaluate the security performance. In addition, the concept of safe transmission range is defined to evaluate the security performance. Simulation results are provided to depict the insecure region and verify the harm of the active eavesdropper to the transmission in the wireless sensor network.


Introduction
Along with the emergence of numerous wireless devices and various wireless services, wireless security has become a critical design issue in the implementation and operation of wireless sensor networks [1][2][3][4]. Against this background, physical layer security (PLS) has been receiving great research attention [5]. Compared to traditional key-based cryptographic techniques applied to upper layers which can be deciphered, PLS which exploits the channel characters to enhance security, can safeguard wireless data transmissions without requiring secret keys and complex algorithms [6][7][8].
The main design goal of PLS is to increase the performance difference between the link of the legitimate receiver and that of the eavesdropper by using well-designed transmission schemes in the wireless sensor networks [9]. In particular, beamforming and artificial noise (AN) are exploited to improve the security performance [10][11][12][13]. Most works assume that eavesdroppers work with a passive way in the wireless sensor networks. However, there are also active eavesdroppers who can eavesdrop information in a more "smart" way. An active eavesdropper, which can perform both eavesdropping and malicious jamming simultaneously, brings an intractable challenging security problem [14][15][16][17][18][19][20][21][22][23][24].
One of the active eavesdropping methods is pilot contamination in a wireless sensor network. The eavesdropper attacked the training phase to cause pilot contamination in wireless communication to improve its eavesdropping performance [14][15][16]. Another active eavesdropping method is jamming. In the presence of an active eavesdropper, the authors in [17,18] calculated an optimal power allocation to improve the security performance of transmission. In [19,20], the properties of the game equilibrium were exploited to design a transmission strategy and a jamming strategy, where the eavesdropper took action first as the leader and the legitimate user acts as the follower in the wireless network. In [21], a three-stage Stackelberg game approach was proposed to improve the security performance under the competitions among the transmitter, relays and active eavesdropper. Finding the Stackelberg equilibrium of the scheme, and the legitimate users can achieve cooperative communication to improve the secrecy capacity and to defend against full-duplex active eavesdropping attacks. A novel transmission outage constrained scheme for both reliability and security was proposed to evaluate the secrecy performance and to gain valuable design insights in [22]. An optimal relay selection scheme was developed to improve the security performance with an active eavesdropper in cooperative wireless networks in [23,24].
These works mainly focused on adjusting the transmission strategies to obtain a better performance under the effect of self interference at the active eavesdropper and neglected the location of the eavesdropper in the wireless sensor networks. However, in practice, the location of the eavesdropper is unknown and this can change its location to cause severe interference for the transmission with small power. In this case, the above transmission strategies do not work well, which brings an intractable challenge for the transmission. Hence, the location of the active eavesdropper, as a vital parameter, has to be considered.
Under the assumption that the eavesdropper is passive, the authors in [25,26] revealed that the uncertainty on the location of the eavesdropper should be seriously taken into account for deploying a wireless sensor network system. A piecewise function was proposed to approximate the line-of-sight (LoS) probability for the air-to-ground links, which provides a better approximation than using the existing sigmoid-based fitting under randomly located unmanned aerial vehicle eavesdroppers [27]. The secrecy outage analysis of the randomly located eavesdroppers, which act independently and collude to intercept the transmitted message, was studied in [28]. The insecure region refers to a geographical area where certain security metrics such as average secrecy capacity and secrecy outage probability are not satisfied [29][30][31][32][33][34]. In [29], both the legitimate receiver and transmitter generated AN to impair the eavesdropper's channel, and the insecure region was defined by the average secrecy capacity to characterise the security performance when the eavesdropper's channel was unknown. A concept of outage secrecy region to evaluate the secrecy performance from a geometrical perspective was proposed in [30], where the legitimate receiver generated AN to impair the eavesdropper's channel. However, the approximate secrecy capacity was not accurate to define the insecure region. Then, outage probability, as a more appropriate metric, was exploited to determine the insecure region [31][32][33][34]. Authors examined the impact of the unmanned aerial vehicle jamming power and its three-dimensional spatial deployment on the outage probability of the legitimate receiver and the intercept probability of the eavesdropper. The security region was defined by the intercept probability [31]. In [32], one relay node in the sensor networks can improve the security by decreasing the area in which the eavesdropper can reside and listen to the information transmitted to the destination. This region was called vulnerability region with its characterization. In [33,34], with the design of AN, high outage performance around the around the transmitter was achieved.
Inspired by the above works, we propose a practical way to defend against an active eavesdropper by establishing a protecting region to restrict the location of an active eavesdropper in a wireless sensor network. Since the eavesdropper is able to emit a jamming signal to interfere with the transmission, the traditional metrics are not appropriate in this case, and a new metric, namely hybrid outage probability, is exploited to evaluate the security performance. Specifically, we derive the expression of the hybrid outage probability which takes both the transmission outage probability and the secrecy outage probability into consideration both for active and passive eavesdropper. Based on it, the insecure region is defined to confront the eavesdropper. And the concept safe transmission range, as a valuable indicator, is proposed. In our system, the AN is generated from receiver. This method has the following advantages. (a) The CSI is not needed by Alice, so there is no feedback channel and thus the bandwidth resource is saved; (b) The AN can be generated by either multiple antennas or a single antenna, which is more practical than the existing AN methods which need multiple antennas at the transmitter; (c) It is particularly useful when the receiver has a stronger ability than the transmitter; (d) It is efficient if Eves are located around Bob [29,30,35]. Our analysis can be used in various practical sensor networks to provide valuable basis for establishing the protecting region and achieve secure transmission.

System Model
We consider a multiple-input single-output (MISO) system in the presence of a full-duplex active eavesdropper (We assume that the distribution of location of eavesdropper is a homogeneous Poisson point process, and the eavesdropper works independently. In this case, an eavesdropper with changeable location can be popularized to multiple randomly located eavesdroppers.), as shown in Figure 1. Alice with N a uniform linear array (ULA) antennas aims to transmit a confidential signal to Bob. In order to enhance the secrecy performance, beamforming is utilized at Alice. Bob and randomly located Eve are both equipped with one receiving antenna and one transmitting antenna [17,18]. Bob simultaneously receives the signal from Alice and emits the AN signal omnidirectionally to confuse the potential eavesdropper, while Eve simultaneously eavesdrops the signal from Alice and transmits jamming signal to interfere with the transmission. Since the full duplex capability at Bob, we assume the cancellation is not perfect. h bb is the residual self interference after the self-interference cancellation. It is often assumed that the self-interference can be significantly suppressed [36], so that h bb can be regarded as an independent Rayleigh distributed variable [37]; and ρ ∈ [0, 1] is the linear residual self-interference coefficient. As for Eve, since the legitimate users cannot obtain the information of Eve, the worst case that Eve's self-interference can be eliminated perfectly is considered for the robust design.

Eve
Alice Bob The main channel and the wiretap channel can be expressed as 1 × N a vector h ab and h ae , respectively. Besides, the scalar h be and h eb represent the channels from Bob to Eve and Eve to Bob, respectively. All channels are assumed to be the flat Rayleigh fading. We assume that the Eve's CSI and location are unknown to both Alice and Bob and the full CSI of Bob is available for Alice. The received signals at Bob and Eve are respectively expressed as and where w a represents the N a × 1 beamforming vector at Alice, and the superscript [·] H represents Hermitian conjugate. Under the assumption that perfect CSI of Bob is assumed to be known for Alice, the optimal beamforming is designed as w a = h H ab h ab to enhance the receiving performance of Bob [38]. The confidential signal from Alice, the AN from Bob, and the jamming signal from Eve are respectively denoted by scalar x a , x b , and x e with unit power, i.e., E |x a | 2 = E |x b | 2 = E |x e | 2 = 1. The total transmission power is denoted by P, which includes the confidential signal power from Alice and the AN power from Bob; and φ is the power allocation factor between the confidential signal from Alice and the AN signal from Bob. The jamming signal power from Eve is denoted by P e . n b and n e are additive white Gaussian noises with powers σ 2 b and σ 2 e , respectively. As our system model is also compatible with the passive Eve, i.e., when P e = 0, Eve becomes passive. Then, the received signal at Bob is y

Insecure Region Analysis
In this section, the correctness of the hybrid outage probability for active Eve is verified firstly. Subsequently, the expression of the hybrid outage probability is derived. Based on it, the insecure region and safe transmission range are defined to evaluate the security performance.

Hybrid Outage Probability
From (1) and (2), the signal-to-interference-noise ratio (SINR) at Bob and active Eve can be respectively calculated as (This paper aims to establish the insecure region to defend against the active eavesdropper and achieve a higher security performance. The self-interference is beyond our main focus. This is modeled as a variable depending on the ability of Bob, according to [18,22]. The value of self-interference is changed with ρ.) and where · denotes the Euclidean norm, d ab , d ae , and d be represent the distances between Alice and Bob, Alice and Eve, Bob and Eve, respectively, λ is a constant which depends on the propagation model and carrier frequency, β ≥ 2 is the path-loss exponent. When Eve is passive, from (3), the SINR at Bob is The secrecy capacity is expressed as [29,30] where C b = log 2 (1 + γ b ) is the main channel capacity between Alice and Bob. C e = log 2 (1 + γ e ) is the wiretap channel capacity between Alice and Eve. Since the CSI of the wiretap channel is unavailable, the instantaneous secrecy capacity is unobtainable. Thus, the outage probability is a more suitable metric for our system. If the secrecy transmission rate is assumed to be R s , the entire event space of communication can be divided into three mutually exclusive events [39]: • Transmission outage event occurs when C b ≤ R s . In this case, we find C e = C b − R s < 0, which conflicts with the fact that C e > 0. As such, R s is not supported by the main channel and Alice can not transmit a signal.
• Secrecy outage event occurs when C s < R s and C b > R s . In this case, as some information on the confidential signal can be known by Eve, perfect secrecy cannot be achieved. • Secure transmission event occurs when C s ≥ R s . In this case, perfect secrecy can be guaranteed.
In the conventional scenario where Eve is passive, the main performance metric is secrecy outage probability. However, in our system, Eve can emit malicious interference to destroy the transmission, which causes the transmission outage event. In this case, the secrecy outage probability cannot evaluate the performance comprehensively. Hence, we adopt the hybrid outage probability as performance metric, as follows where P to (θ, d ae , d be ) represents the transmission outage probability and P so (θ, d ae , d be ) represents the secrecy outage probability. Meanwhile, the hybrid outage probability is also applicable to passive Eve. In order to obtain the expressions of the outage probabilities, we present the statistics of γ act b and γ e . From the right hand side of (4), we find the numerator follows a chisquared distribution since h ab 2 is a sum of the squares of N a independent Gaussian random variables; and the denominator follows an exponential distribution. Meanwhile, as the numerator and denominator are independent, we apply to obtain the cumulative distribution functions (CDF) of γ act b as where We now derive the CDF of γ e . Due to the fact that the beamforming vector w a at Alice is independent from eavesdropper's channel h ae , the denominator follows exponentially distributed; and the numerator is also exponentially distributed. Similarly, the numerator and denominator are independent. With the help of (9), the CDF of γ e is where According to the definition of the transmission outage event with active Eve, we have The hybrid outage probability in (8) can be re-expressed as P ho (θ, d ae , d be ) = P to (θ, d ae , d be ) + P so (θ, d ae , d be ) Then, from (11), the probability density function (PDF) of γ e can be derived as By substituting (9) and (13) into (12), the hybrid outage probability in the presence of an active Eve is derived as It is clear that the secrecy outage probability can be calculated through (15) and (12) with the help of (8).
From (6), h ab 2 is a sum of the squares of N a independent Gaussian random variables, the CDF The analysis of the outage probability expressions with passive Eve are similar. The transmission outage probability and the hybrid outage probability are derived, as follows and P pas ho (θ, d ae , where Ei (·) is the exponential integral function [40].

Insecure Region and Safe Transmission Range
As mentioned above, the insecure region Ω is the set of the eavesdropper's locations where the hybrid outage probability is larger than a given threshold denoted by 0 < ε < 1; this is expressed as According to the definition of insecure region, we can establish the protecting region, where Eve is not allowed to enter to achieve secure transmission in a real communication scenario.
Eve emitting a jamming signal also brings the risk of being detected. We assume that if the jamming power from Eve increases to a certain threshold P th e , it will be exposed. When Eve is located near Alice, it can intercept the confidential signal easily; when Eve is located near Bob, it can damage the legitimate transmission with small power. Hence, not only the region around Alice but also around Bob is insecure. When the jamming signal power from Eve P e equals P th e , the boundary of the insecure region can be obtained.
In addition, for the worst case that Eve appears on the line between Alice and Bob, it can also obtain the power gain from Alice's beamforming. The safe transmission range is defined by P ho < ε, as shown in Figure 2. This range is denoted by d s , and helps delineating the circular protecting region around Alice and Bob.

Numerical Results
Simulation results are conducted to show the insecure region defined by the hybrid outage probability. Unless otherwise mentioned, the default simulation parameters are as listed in Table 1. All channels experience Rayleigh fading, i.e, λ = 1. The boundary of the insecure region is obtained when the jamming signal power P e = P th e . The outage probabilities are calculated over 1000 trials of Monte Carlo simulations.  Figures 3-7 show the insecure regions with active Eve and passive Eve, respectively. The region represents the secure region where P ho < ε, while the yellow region represents the insecure region where P ho > ε. Compared with the passive Eve in Figure 7, one can see that the active Eve increases the insecure region, and the region around Bob is also insecure. Since the jamming signal from Eve can interfere with Bob, which makes the insecure region also look approximately like a disc around Bob. On the other hand, the confidential signal is transmitted from Alice, Eve appears around Alice can eavesdrop the confidential signal, which makes the insecure region look approximately like a disc around Alice. As for the active Eve in Figures 3 and 4, when a large number of antennas are applied in Alice, the size of insecure region will diminish. Because the multi-antenna gain makes Bob receive the confidential signal more easily. Although it also benefits to the eavesdropper to eavesdrop the confidential signal, the gain from beamforming increases the performance difference between the link of the legitimate receiver and that of the eavesdropper, and from Figures 3 and 5, when P th e increases, the insecure region enlarges, since Eve can interfere with the transmission at a further location. It is noted that the insecure region enlarges when ρ increases from Figures 3 and 6 since that the AN from Bob effects itself much more. When the insecure region is determined, the secure transmission can be achieved by protecting the insecure region, which is easy to conduct due to its regular circular shape.     In the following, we consider that Eve is located on the line between Alice and Bob, and the change trend between Alice and Bob is analyzed. Figure 8 presents the hybrid outage probability P ho and the transmission outage probability P to versus d ae with different P th e . For passive Eve, P pas ho decreases with the increase of d ae , due to the fact that the power of the received confidential signal decreases and the power of the received AN from Bob increases. On the other hand, P pas to is a constant, which is easily verified from (17). For active Eve, when increasing d ae , the significant difference of P act ho from passive Eve P pas ho is the change around Bob. The main reason is that P act to dramatically increases around Bob, since the jamming signal from Eve causes significant damage to Bob. When P th e decreases, one notices that the width of the peak around Bob decreases, which means that the insecure region around Bob diminishes, and the safe transmission range d s increases. According to the safe transmission range, the circular protecting region around Alice and Bob can be conducted. Outage probability P act ho with P th e = 20 dBm P act ho with P th e = 15 dBm P pas ho with passive Eve P act to with P th e = 20 dBm P act to with P th e = 15 dBm P pas to with passive Eve Simulation results safe transmission range Figure 8. The influence of P th e on the outage probability. Figure 9 depicts the transmission outage probability P to and the secrecy outage probability P so versus d ae with different φ. As φ increases, P so increases while P to decreases; this is because increasing the power of the confidential signal is beneficial to the establishment of transmission between Alice and Bob, but also increases the risk of eavesdropping. Note that P to represents the reliability of the transmission. Thus, a reasonable trade-off between transmission reliability and security should be considered. Meanwhile, the variation trend of P so is the same for both active and passive Eve, which means that the active Eve mainly interferes with the establishment of the legitimate transmission link between Alice and Bob, and it can dramatically increase P act to by moving around Bob. Figure 10 shows the influence of β, R s , and ρ on the hybrid outage probability, respectively. It is clear that when β increases, the security performance decreases, since the communication condition is worse. When R s decreases, the security performance increases, as more power can be used to transmit the AN signal. As ρ increases, the security performance decreases, since the self-interference at Bob causes more damage to the transmission. It is worth noting that numerical results are consistent with the simulation results. Outage probability P act so with φ = 0.001 P act so with φ = 0.01 P pas so with φ = 0.001 P pas so with φ = 0.01 P act to with φ = 0.001 P act to with φ = 0.01 P pas to with φ = 0.001 P pas so with φ = 0.01 Simulation results Figure 9. The influence of φ on the outage probability. Hybrid outage probability β = 2.5, R s = 0.3 bps/Hz, ρ = 10 −8 β = 2.2, R s = 0.3 bps/Hz, ρ = 10 −8 R s = 0.8 bps/Hz, β = 2, ρ = 10 −8 R s = 0.4 bps/Hz, β = 2, ρ = 10 −8 ρ = 10 −4 , β = 2, R s = 0.3 bps/Hz ρ = 10 −6 , β = 2, R s = 0.3 bps/Hz Simulation results Figure 10. The influence of R s , β, and ρ on the hybrid outage probability P act ho . Figure 11 shows the influence of P th e and φ on d s . The top and bottom surfaces represent the positions of the right and left endpoints of the safe transmission range, respectively, with distance d s between them. The insecure region around Bob corresponding to the top surface mainly depends on P th e , while the insecure region around Alice corresponding to the bottom surface mainly depends on φ. Furthermore, when P th e increases, Eve can interfere with Bob from a further location, which causes the decrease of d s . The increase of φ makes it easier to intercept, which causes the decrease of d s as well. Obviously, all simulation results show that the active Eve can cause a higher outage probability, and is more harmful to the secure transmission.

Conclusions
This paper has proposed a valuable way to defend against an eavesdropper by establishing the protecting region to prevent the eavesdropper from entering in the wireless sensor networks. We have analyzed the insecure region based on the metric of the hybrid outage probability which takes both the transmission outage probability and the secrecy outage probability into consideration, under the assumption that the eavesdropper is passive and active. Subsequently, the hybrid outage probability expressions have been derived to define the insecure region. The safe transmission range, as an effective indicator, has been defined to conduct the circular protecting region around transceiver. The analysis of the insecure region can also be integrated with existing transmission strategies to achieve a higher security performance in wireless sensor networks.