Secrecy Control of Wireless Networks with Finite Encoding Blocklength

Abstract

We consider wireless multi-hop networks in which each node aims to securely transmit a message. To guarantee the secure transmission, we employ an independent randomization encoding strategy to encode the confidential message. We aim to maximize the network utility. Based on the finite length of a secrecy codewords strategy, we develop an improved control algorithm, subject to network stability and secrecy outage requirements. On the basis of the Lyapunov optimization method, we design an control algorithm, which is decomposed into end-to-end secrecy encoding, flow control and routing scheduling. The simulation results show that the proposed algorithm can achieve a utility result that is arbitrarily close to the optimal value. Finally, the performance of the proposed control policy is validated with various network conditions.

1. Introduction

A wireless multi-hops network is a decentralized network which is contained by a set of nodes. The message is transmitted over the wireless channel with multi-hops mode. Since the wireless channel is a broadcast channel, it is easy to eavesdrop on the data transmission. Therefore, when designing a network, in addition to considering the quality of service (QoS) constraint, the data transmission security should also be involved. In 1975, Wyner [1] studied a wire-tapped noisy channel and encoded the data to confuse the eavesdropper. After ground-breaking work in [1], many works have tackled the secrecy transmission of wireless networks. Liang et al. [2] considered a cellular network where the base station needed to transmit data to multiuser confidentially, they designed a dynamic control algorithm to maximize the network utility by employing infinite secrecy encoding block. Since secrecy outage was inevitable, Wang et al. [3] investigated the secrecy outage and and secrecy rate in a multiuser wireless systems. Jointly considering the reliability, security and stability, they designed an optimal online control algorithm by exploiting stochastic network optimization method. Later, in [4], the authors also considered a multi-user wireless scenario with imperfectly known channels. They aimed to maximize the worst case of secrecy throughput and developed a low complexity and rapid convergence algorithm for the optimal power allocation. In [5], Koksal et al. investigated a cross-layer security in wireless network and proposed a dynamic control algorithm to maximize the network utility. After that, in [6], aiming to minimize the secrecy outage probability, the authors extended the dynamic control algorithm to a cognitive radio network and developed a bandwidth and resource allocation algorithm.

Recently, on the basis of the works mentioned above, the secrecy control problem in wireless networks has been extensively studied, such as the OFDMA-based wireless network and cognitive wireless network. In [7,8], the authors formulated an analytical framework for secure resource allocation in a downlink OFDMA-based broadband network. Jointly considering the power and subcarrier allocation, they proposed an optimal algorithm to maximize the average aggregate rate of all users for a base station. In [9], the authors extended the cellular network to cognitive network and proposed a scheduling policy to maximize the secrecy rate of second users. In [10,11], they designed a scheduling policy in cognitive radio networks to analyze the ergodic capacity on the impact of fading channel and distributed eavesdroppers. In [12], Maged et al. considered the cognitive wiretap channel and proposed multiple antennas to secure the transmission at the physical layer. They revealed the impact of the primary network on the secondary network in the presence of a multi-antenna wiretap channel.

Although these security control algorithms improved the network performance, most of them focused on the cellular networks. In contrast, for the multi-hop wireless networks, there were few works involved. In [13,14], the authors considered a multi-hop wireless network and proposed an optimal control to maximize the network throughput. However, they did not consider the data transmission security. In [15,16], the authors investigate the confidential message secure transmission in a large scale wireless networks. By using infinite secure encoding blocklength, they derived the secrecy throughput with ideal control policies. After that, Zheng et al. [17] extended the infinite secure encoding blocklength to the finite case and revealed the relation of secrecy outage probability to the length of codewords. As for the mobile ad hoc networks, Li et al. [18] jointly exploited cooperative jamming and secrecy guard zone scheme and derived the exact secrecy throughput based on the physical layer security technology. To enhance security, Zhu et al. [19] employed directional antennas and evaluated the secure secrecy performance in millimeter wave ad hoc networks. While for the wireless multi-hop networks, He [20] proposed a dynamic control algorithm in multi-hop wireless network with untrusted relays. While in [21], Sarikaya et al. considered a multi-hop network with random and independent node distribution. To guarantee the secrecy transmission, they developed a strategy to encode the confidential message with multi-path transmission and infinite coding block length. By using stochastic network optimization [22], they developed a control policy to stable the network and maximize the network utility, which combines end-to-end secrecy encoding, routing scheme and the resource allocation algorithm. However, most of the works mentioned above only focused on cellular networks security or multi-hop wireless networks with multi-path transmission strategy to guarantee the security.

In this paper, we consider the secrecy control problem in multi-hop wireless network, which is extended work of our previous work [23]. In [23], we have developed a secrecy control algorithm to maximize the network utility, while the blocklength of secrecy encoding is infinite. For the case of finite blocklength, it would be much more complicated since perfect secrecy is not possible. To deal with this scenario, We exploit an independent randomization encoding strategy to guarantee the security and define a secrecy outage probability. Given a constraint on the probability of secrecy outage, we develop an improved control algorithm, which is decomposed into end-to-end secrecy encoding, flow control and routing scheduling such that the network stability and secrecy outage constraint are satisfied. Finally, we prove that the performance of proposed control policies can close to the optimal utility result asymptotically.

The rest of the paper is organized as follows. In Section 2, we introduce the network model and problem formulation. Section 3 proposes an improve control policy with finite secrecy codewords. Section 4 evaluates the proposed policy with various network conditions. Finally, the paper is concluded in Section 5.

2. System Models

2.1. Network Model

The wireless Ad hoc network is formed by M legitimate nodes and L links connecting the nodes. As shown in Figure 1, for a link $l\in \{1,2,\dots ,L\}$, let $T\left(l\right)$ and $D\left(l\right)$ be the set of transmitter and receiver nodes on link l. The eavesdroppers set is denoted as E. In the network system, each node wishes to transmit its confidential message to the destination via a multi-hops manner against eavesdroppers. We assume the network operates on a time-slotted model and the slot is normalized to integral unit $t\in \{0,1,2,\dots \}$. In this work, there exists a reasonable assumption that the system Channel State Information (CSI) is known. As in [10], each node can get full-CSI by utilizing pilot symbols and CSI feedback process. For example, each node reports a received-signal-strength index to PBS in packets such as RSSI reports. Let $\overrightarrow{S}\left(t\right)=(S_1\left(t\right),\dots ,S_L\left(t\right))$ represent the channel state vector of link set L in slot t, which is a block fading channel and follows independent and identically distribution (i.i.d) and $S_l\left(t\right)$ is the channel state of link l. Note that $S_l\left(t\right)$ contains $N<\infty$ channels which implicates the perfect secrecy [1] cannot satisfy. Let $R_l\left(t\right)$ and ${\overline{R}}_l^e\left(t\right)$ denote the achievable rate on link l and the maximum overhearing rate of eavesdropper e, respectively. Since the network is a multi-commodity problem, each flow is identified by its destination node $c\in \{1,\dots ,M\}$. Let ${\lambda }_n^{cs}\left(t\right)$ be the arrival confidential data at node n and destined for node c, which is bounded by ${\lambda }_n^{cmax}$. As shown in Figure 1, there is a control valve at each node to admit $R_n^{cs}\left(t\right)$ confidential data into the network. For each flow c, let $Q_n^c\left(t\right)$ be the queue backlog at node n. If $c=n$, $Q_n^n\left(t\right)=0$ for all n and t.

Since the data is transmitted by wireless channel, there exists simultaneous transmission interference. Thus, Link set L can not be fully utilized. Let g be a link set that can be transmitted simultaneously, and G denote the collection of all sets of the link set g, where set G is determined by the network interference model. We also define an indicator variable $I_g\left(t\right)$ to represent the decision of the network in slot t, where $I_g\left(t\right)=1$ means the link set g is scheduled in slot t, otherwise it is 0. Similarly, indicator variable $I_{ij}^{n,c}=1$, if link $(i,j)$ is employed to transmit the flow generated by source n to node c, otherwise it is 0. Thus, in slot t, the flow rate of source n to node c at link $(i,j)$ is

$${\mu }_{ij}^n\left(t\right)=\left\{\begin{array}{cc}{R}_{ij}\left(t\right)\hfill & \mathrm{if}(i,j)\in g,I_g\left(t\right)=1,I_{ij}^{n,c}=1.\hfill \\ 0\hfill & \mathrm{else}\hfill \end{array}\right.$$

(1)

and the time average link rate is

$${\overline{\mu }}_{ij}^n=\underset{t\to \infty }{lim}\frac{1}{t}\sum _{\tau =1}^t{\mu }_{ij}^n\left(\tau \right).$$

(2)

Due to the broadcast feature of wireless channel, the confidential message is overheard by eavesdroppers. To guarantee the secure transmission of confidential message, we employ Wyner’s encoding scheme [1] to encode the confidential message. Specifically, at each slot t and link l, using independent randomization encoding strategy, the transmitter, according to $R_l\left(t\right)$ and ${\overline{R}}_l^e\left(t\right)$, encodes a mount of $R_n^s\left(t\right)$ (may contain multiple flows) confidential message from its arrival data. Such that the maximum output confidential message rate $R_l^s\left(t\right)$ can be denoted as $R_l\left(t\right)-{\overline{R}}_l^e\left(t\right)$, if $R_l^s\left(t\right)>R_l\left(t\right)-{\overline{R}}_l^e\left(t\right)$, secrecy outage occurs. Using this secrecy encoding strategy, we can guarantee the transmission security in each link. All the parameters that have been defined or would be used are presented in

Table 1. Notations.

Notation	Definition
M	Number of legitimate nodes.
E	The set of eavesdroppers.
N	Number of channels.
$T\left(l\right)$, $D\left(l\right)$	Transmitter and receiver nodes of link l.
$S_l\left(t\right)$	Channel state of link l in slot t.
$R_l\left(t\right)$	Achievable rate on link l in slot t.
${\overline{R}}_l^e\left(t\right)$	Maximum leakage rate at eavesdropper e.
${\lambda }_n^{cs}\left(t\right)$	Confidential data arrival rate.
${\lambda }_n^{cmax}\left(t\right)$	The maximum Confidential data arrival rate.
$R_n^{cs}\left(t\right)$	Confidential data admitted into the network.
$R_l^s\left(t\right)$	Secrecy encoding rate.
$\mathbf{Q}\left(t\right)$, $\mathbf{P}\left(t\right)$, $\mathbf{Z}\left(t\right)$, $\mathbf{Y}\left(t\right)$	Queues backlog in the network.
V	Parameter of control algorithm.
$U_n^c(·)$	Utility functions.

.

2.2. Problem Formulation

In [23], we have proposed a control algorithm according to the secrecy encoding, where the confidential message is encoded into an infinite codewords. Thus, it would involve an infinitely long delay to decode the confidential message. In this paper, we remove the assumption of infinite codewords, i.e., $N<\infty$. Since the confidential message is encoded into a finite codeword, the perfect secrecy for all message can not be guaranteed. Thus, to embody the security of confidential message, we define the notion of secrecy outage. The secrecy outage occurs if the confidential message is intercepted by eavesdroppers. To evaluate the state of secrecy outage, we assume each source node can collect the knowledge of the confidential message accumulated by eavesdroppers. Such that the source node can identify the occurrence of secrecy outage. Although this assumption is somewhat ideal, it provides a better insight on the performance of secure communication in multi-hop network. In addition, according to the state of secrecy outage, each secrecy codeword k would encode different confidential message $R_n^{k,cs}$. Thus, an encoding scheme needs to be designed to satisfy the requirement of secrecy outage. Let $R_n^{p,cs}$ be the average confidential message rate transmitted from node n to c, $p_n^{out}(R_n^{k,cs})$ denote the average secrecy outage of codeword k at node n, ${\gamma }_n$ be the maximum allowable portion of confidential message intercepted by the eavesdropper.

We aim to determine a joint scheduling, secrecy encoding scheme and routing algorithm that maximizes aggregate network utility. Let $U_n^c\left(x\right)$ be utility obtained by source n destined to node c when the confidential transmission rate is x bits/channel use. We assume that $U_n^c(·)$ is a continuously differentiable, increasing and strictly concave function. There is a finite backlog at the transport layer, which contains the secrecy-encoded messages. In each slot, source node n determines the amount of encoded information admitted to its queue at the network level. Let ${\lambda }_n^{cs}\left(t\right)$ be the amount of traffic injected into the queue of source n and destined to node c at slot t. Our objective is to support the traffic demand to achieve a long term confidential rate that maximizes the sum of utilities. Then the optimization problem can be formulated as following:

$$\begin{array}{c}\hfill \underset{R_n^{p,cs}\left(t\right),I_g\left(t\right),I_{ij}^{n,c}\left(t\right)}{max}:\sum _{n,c}{U}_n^c\left({\overline{r}}_n^{p,cs}\right)\end{array}$$

(3)

$$\mathrm{s}.\mathrm{t}.0\le R_n^{p,cs}\left(t\right)\le {\lambda }_n^{cs}\left(t\right)\mathrm{for}\mathrm{all}(n,c)$$

(4)

$$\sum _{\left\{j\right|(i,j)\in L\}}{\overline{\mu }}_{ij}^n-\sum _{\left\{i\right|(i,j)\in L\}}{\overline{\mu }}_{ij}^n\ge 0$$

(5)

$${\overline{R}}_n^{out}\le {\gamma }_n{\overline{R}}_n^{cs}$$

(6)

where ${\overline{R}}_n^{cs}={lim}_{K\to \infty }\frac{1}{K}{\sum }_{k=1}^K{R}_n^{n,cs}$, ${\overline{R}}_n^{out}={lim}_{K\to \infty }\frac{1}{K}{\sum }_{k=1}^K{R}_n^{n,cs}{p}_n^{out}(R_n^{k,cs})$. Constraint (4) guarantees the average confidential message rate is not larger than the message arrival rate; Constraint (5) is the input flows and output flows constraint at the intermediate nodes; Constraint (6) is the requirement of maximum allowable portion of confidential message intercepted by eavesdropper.

3. Control with Finite Secrecy Codewords

Similar to the control algorithm proposed in [23], we exploit the Lyapunov penalty and drift to solve this problem. However, due to the secrecy codeword finite and secrecy outage occurrence, the queue model needs to be improved. In particular, as shown in Figure 2, source node is equipped with two separate queues which are operated at two different time scales. The first queue stores the message admitted into the network and $Q_n^{p,c}\left(t\right)$ denotes the queue length in slot t. Let $R_n^{p,cs}\left(t\right)$ be the admitted confidential message in slot t, which is transmitted from source node n to destination node c. ${\overline{R}}_n^{p,cs}$ represents the long-term average admitted confidential message. The departure of the first queue occurs only when a new secrecy codeword is generated in slot t. Let $k_n\left(t\right)$ be the number of secrecy codewords generated in slot t, and $R_n^{k_n\left(t\right),cs}$ denote the confidential message encoded in $k_n\left(t\right)$-th secrecy codeword. Since there are N channels, where $N<\infty$, the actual transmitted confidential message is $N{R}_n^{k_n\left(t\right),cs}$ and the length of secrecy codeword is $N{R}_n^c$, the second queue is a partial queue and let $P_n^c\left(t\right)$ denote the queue length. In this queue, the data departures or not is depended the scheduling and routing policy. Only when the queue is empty, i.e., $P_n^c\left(t\right)=0$, a new secrecy codeword is allowed to admit into the queue. Thus, we have, if $P_n^c\left(t\right)=0$, $k_n(t+1)=k_n\left(t\right)+1$. According to the queue models defined above, the evolution of queues can be expressed as:

$$\begin{array}{c}{Q}_n^{p,c}(t+1)=\left\{\begin{array}{cc}{\left[Q_n^{p,c}\left(t\right)-N{R}_n^{k_n(t+1),cs}\right]}^{+}+R_n^{p,cs}\left(t\right)\hfill & \mathrm{if}{P}_n^c\left(t\right)=0.\hfill \\ Q_n^{p,c}\left(t\right)+R_n^{p,cs}\left(t\right)\hfill & \mathrm{else}\hfill \end{array}\right.\hfill \end{array}$$

(7)

$$P_n^c(t+1)=\left\{\begin{array}{cc}N{R}_n^c\hfill & \mathrm{if}{P}_n^c\left(t\right)=0.\hfill \\ {\left[P_n^c\left(t\right)-\sum _{i\left|\right(n,i)\in L}{\mu }_{ni}^n\left(t\right)\right]}^{+}\hfill & \mathrm{else}\hfill \end{array}\right.$$

(8)

For each intermediate node, there exists a queue to store the packet from source node n to destination node c. Let $Q_i^{n,c}\left(t\right)$ be the queue length. Then we have

$$Q_i^{n,c}(t+1)={\left[Q_i^{n,c}\left(t\right)-\sum _{j\left|\right(i,j)\in L}{\mu }_{ij}^n\left(t\right)\right]}^{+}+\sum _{j\left|\right(j,i)\in L}{\mu }_{ji}^n\left(t\right).$$

(9)

To evaluate the state of secrecy outage, we assume source node n can perceive the accumulated of confidential message at each eavesdropper, since it can check if some eavesdropper has intercepted the transmission. If it is impossible to know the information precisely, we will discuss in Section 4. Let $Z_e^{n,c}\left(t\right)$ denote the number of bits that must be accumulated by eavesdropper e in slot t to decode the $k_n\left(t\right)$-th confidential message. Note that, for any eavesdroppers e, if $Z_e^{n,c}\left(t\right)=0$, then secrecy outage of the $k_n\left(t\right)$-th confidential message is occurred. Let ${\overline{R}}^e\left(t\right)$ be the maximum rate that eavesdropper can be achieved, then the evolution of queue $Z_e^{n,c}\left(t\right)$ can be denoted as

$$Z_e^{n,c}(t+1)=\left\{\begin{array}{cc}\left(R_n^c-R_n^{k_n(t+1),cs}\right)N\hfill & \mathrm{if}{P}_n^c\left(t\right)=0.\hfill \\ {\left[Z_e^{n,c}\left(t\right)-{\overline{R}}^e\left(t\right)\right]}^{+}\hfill & \mathrm{else}\hfill \end{array}\right.$$

(10)

For the constraint (6), a virtual queue $Y_n^{k,c}$ is constructed, which is employed to record the state of secrecy outage. Thus, if the k-th confidential message is secrecy outage, then the arrival rate of queue $Y_n^{k,c}$ is $R_n^{k,cs}$, else it is 0. The evolution of queue $Y_n^{k,c}$ is:

$$\begin{array}{c}{Y}_n^{k+1,c}(t+1)=\left\{\begin{array}{cc}{\left[Y_n^{k,c}\left(t\right)+R_n^{k,cs}-{\gamma }_n{R}_n^{k,cs}\right]}^{+}\hfill & \mathrm{if}\mathrm{k}-\mathrm{th}\mathrm{message}\mathrm{is}\mathrm{outage}.\hfill \\ {\left[Y_n^{k,c}\left(t\right)-{\gamma }_n{R}_n^{k,cs}\right]}^{+}\hfill & \mathrm{else}\hfill \end{array}\right.\hfill \end{array}$$

(11)

The arrival and departure of virtual queue $Y_n^{k,c}$ is the number of confidential message bits undergoing secrecy outage, and the number of confidential message bits allowed to be outage, which is constrained by parameter ${\gamma }_n$. The value of $Y_n^{k,c}$ indicates the amount that we have exceeded the allowable secrecy outage constraint. Hence, the larger the value of $Y_n^{k,c}$, the more conservative our control algorithm needs to be to meet these constraints. That is, a less confidential message $R_n^{k_n\left(t\right),cs}$ is encoded into the $k_n\left(t\right)$-th codeword.

It is necessary to introduce the concept of strong stability. As a discrete time process, $Q(t+1)={[Q\left(t\right)-\mu \left(t\right)]}^{+}+\lambda \left(t\right)$ is strongly stable if:

$$\underset{t\to \infty }{lim}sup\frac{1}{t}\sum _{\tau =0}^{t-1}\mathbb{E}\left\{Q\left(\tau \right)\right\}<\infty ,$$

(12)

In particular, a multi-queue network is stable when all queues of the network are strongly stable. According to Strong Stability Theorem in [13], for finite variable $\mu \left(t\right)$ and $\lambda \left(t\right)$, strong stability implies a rate stability of $Q\left(t\right)$. The definition of rate stability can be found in [13] and omitted here.

3.1. Control Algorithm

For the secrecy transmission strategy with finite secrecy codewords, the control algorithm is:

Multi-hop Secrecy Control Algorithm with Finite Block (MSCAFB):

• End-to-End Encoding: At each new secrecy codeword generation, i.e., $P_n^c\left(t\right)=0$, let $k_n(t+1)=k_n\left(t\right)+1$, the confidential message $R_n^{k_n(t+1),cs}$ allowed to encode into a new codeword satisfies:

  $$\begin{array}{c}{R}_n^{k_n(t+1),cs}=arg\underset{r}{max}\left\{r\left[Q_n^{p,c}\left(t\right)-Y_n^{k_n\left(t\right),c}(p_n^{out}\left(r\right)-{\gamma }_n)\right]\right\}.\hfill \end{array}$$

  (13)
• Flow Control: In each slot t, for a given parameter V, the admitted confidential message at each source node n is:

  $$R_n^{p,cs}=arg\underset{x}{max}\left\{V{U}_n^c\left(x\right)-x{Q}_n^{p,c}\left(t\right)\right\},$$

  (14)
• Scheduling: In each slot t, if $I_g\left(t\right)=1$ and $I_{ij}^{n,c}\left(t\right)=1$, then the flow of node n is on the link $(i,j)\in g$ and the scheduler selects the set of $l^{\ast }$, where

  $$\begin{array}{c}(n,l^{\ast })=arg\underset{n,g}{max}\left\{\sum _{(n,i)\in g}{\mu }_{ni}^n\left(t\right)\right(\frac{R_n^c}{R_n^{k_n\left(t\right),cs}}{Q}_n^{p,c}\left(t\right)+P_n^c\left(t\right)\hfill \\ -Q_i^{n,c}\left(t\right))+\sum _{(i,j)\in g}{\mu }_{ij}^n\left(t\right)\left(Q_i^{n,c}\left(t\right)-Q_j^{n,c}\left(t\right)\right)\hfill \\ -\sum _{e\in E}\sum _{e\ne i}{Z}_e^{n,c}\left(t\right){\overline{R}}^e\left(t\right)\}.\hfill \end{array}$$

  (15)
  The term $\frac{R_n^c}{R_n^{k_n\left(t\right),cs}}$ of $Q_n^{p,c}\left(t\right)$ is used to normalize it to the value of other queues.

Note that, the long-term average secrecy outage $p_n^{out}\left(r\right)$ is increasing with variable r. Once r increases, secrecy codeword is encoded with less randomization bits, such that eavesdropper can intercept the confidential message with a higher probability. Hence, as the queue length $Q_n^{p,c}\left(t\right)$ increases, the confidential message $R_n^{k_n\left(t\right),cs}$ is increased. Moreover, it decreases with the increasing of the virtual queue length $Y_n^{k_n\left(t\right),c}$, such that the constraints of problem (3) are satisfied.

3.2. Algorithm Performance

Using the Theorem of Lyapunov penalty and drift [22], we can also prove that the proposed control algorithm can close to the optimal arbitrarily. Let ${\mathbf{Q}}^p\left(t\right)=(Q_1^{p,c}\left(t\right),\dots ,Q_n^{p,c}\left(t\right))$ denote the queue vector of the first queue in Figure 2, ${\mathbf{P}}_n\left(t\right)=(P_1^c\left(t\right),\dots ,P_n^c\left(t\right))$ be the queue vector of the second queue in Figure 2, ${\mathbf{Q}}^n\left(t\right)=(Q_1^{n,c}\left(t\right),\dots ,Q_i^{n,c}\left(t\right))$ represent the queue vector of intermediate nodes for flow c, ${\mathbf{Z}}^n\left(t\right)=(Z_1^{n,c}\left(t\right),\dots ,Z_e^{n,c}\left(t\right))$ be the queue vector of leaked confidential message accumulated by eavesdropper and ${\mathbf{Y}}_n^k=(Y_1^{k,c},\dots ,Y_n^{k,c}\left(t\right))$ be the queue vector of secrecy outage. All the queue vectors can be denoted as $\mathsf{\Theta }\left(t\right)\triangleq \left({\mathbf{Q}}^p\left(t\right),{\mathbf{P}}_n\left(t\right),{\mathbf{Q}}^n\left(t\right),{\mathbf{Z}}^n\left(t\right),{\mathbf{Y}}_n^k\right)$. Define a Lyapunov function as

$$\begin{array}{cc}\hfill L\left(\mathsf{\Theta }\right(t\left)\right)& \triangleq L\left({\mathbf{Q}}^p\left(t\right),{\mathbf{P}}_n\left(t\right),{\mathbf{Q}}^n\left(t\right),{\mathbf{Z}}^n\left(t\right),{\mathbf{Y}}_n^k\right)\hfill \\ & =\frac{1}{2}\sum _n\left[{\left(Q_n^{p,c}\left(t\right)\right)}^2+{\left(P_n^c\left(t\right)\right)}^2+{\left(Q_i^{n,c}\left(t\right)\right)}^2+{\left(Z_e^{n,c}\left(t\right)\right)}^2+{(Y_n^{k,c})}^2\right].\hfill \end{array}$$

(16)

Observing the state of all queues, we have the conditional expectation of on-step queuing evolutions, i.e., Lyapunov drift is:

$$\Delta \left(\mathsf{\Theta }\left(t\right)\right)=\mathbb{E}\left[L\left(\mathsf{\Theta }\right(t+1\left)\right)-L\left(\mathsf{\Theta }\right(t\left)\right)\left|\mathsf{\Theta }\right(t)\right].$$

(17)

Substituting the evolution expressions of all queues, we obtain the upper bound of Lyapunov drift is:

$$\begin{array}{c}\Delta \left(\mathsf{\Theta }\left(t\right)\right)\le B-\sum _n\mathbb{E}\left[Q_n^{p,c}\left(t\right)\left(R_n^{p,cs}\left(t\right)-N{R}_n^{k_n(t+1),cs}\right)\right]-\hfill \\ \sum _n\sum _{i\ne n}\mathbb{E}\left[Q_i^{n,c}\left(t\right)\left(\sum _{j\left|\right(j,i)\in L}{\mu }_{ji}^n\left(t\right)-\sum _{j\left|\right(i,j)\in L}{\mu }_{ij}^n\left(t\right)\right)|{\mathbf{Q}}^n\left(t\right)\right]\hfill \\ -\sum _n\sum _e\mathbb{E}\left[N{R}_n{Z}_e^{n,c}\left(t\right)\left(R_n^{k_n\left(t\right),cs}-R_n^{k_n(t+1),cs}\right)|{\mathbf{Z}}^n\left(t\right)\right]\hfill \\ -\sum _k\mathbb{E}\left[Y_n^{k,c}(R_n^{k,cs}-{\gamma }_n{R}_n^{k,cs})|{\mathbf{Y}}_n^k\right].\hfill \end{array}$$

(18)

Since the maximum transmission power is finite, all the rates of the network would be bounded. Additionally, the arrival rate ${\lambda }_n^{cmax}$ is also bounded. Hence, the parameter B is a nonnegative constant. Let the Lyapunov drift minus $V\mathbb{E}\left[{\sum }_{n,c}U\left({\overline{R}}_n^{p,cs}\right)|\mathsf{\Theta }\left(t\right)\right]$, where V is a weight parameter, we obtain the Lyapunov drift and penalty equation:

$${\Delta }^U\left(\mathsf{\Theta }\left(t\right)\right)\triangleq \Delta \left(\mathsf{\Theta }\left(t\right)\right)-V\mathbb{E}\left[\sum _{n,c}U\left({\overline{R}}_n^{p,cs}\right)|\mathsf{\Theta }\left(t\right)\right].$$

(19)

According to the Lyapunov optimization theorem [22] and substituting (18) to (19), the upper bound of ${\Delta }^U\left(\mathsf{\Theta }\left(t\right)\right)$ can be expressed as:

$$\begin{array}{cc}\hfill {\Delta }^U\left(\mathsf{\Theta }\left(t\right)\right)& \le B-\sum _n\mathbb{E}\left[Q_n^{p,c}\left(t\right)\left(R_n^{p,cs}\left(t\right)-N{R}_n^{k_n(t+1),cs}\right)\right]-\hfill \\ & \sum _n\sum _{i\ne n}\mathbb{E}\left[Q_i^{n,c}\left(t\right)\left(\sum _{j\left|\right(j,i)\in L}{\mu }_{ji}^n\left(t\right)-\sum _{j\left|\right(i,j)\in L}{\mu }_{ij}^n\left(t\right)\right)|{\mathbf{Q}}^n\left(t\right)\right]\hfill \\ & -\sum _n\sum _e\mathbb{E}\left[N{R}_n{Z}_e^{n,c}\left(t\right)\left(R_n^{k_n\left(t\right),cs}-R_n^{k_n(t+1),cs}\right)|{\mathbf{Z}}^n\left(t\right)\right]\hfill \\ & -\sum _k\mathbb{E}\left[Y_n^{k,c}(R_n^{k,cs}-{\gamma }_n{R}_n^{k,cs})|{\mathbf{Y}}_n^k\right]-V\mathbb{E}\left[\sum _{n,c}U\left({\overline{R}}_n^{p,cs}\right)|\mathsf{\Theta }\left(t\right)\right]\left(RHS\right).\hfill \end{array}$$

(20)

Rearranging and observing the $RHS$ of (20), we find that the MSCAFB algorithm indeed minimizes the right hand side of (20).

If the arrival rates of each node are in the feasible region, based on the work in [22], there must exist a stationary scheduling, flow control and end-to-end encoding policy, which select the users and link rates independent of queue length and only relate to the channel statistics. This indicates that, if the channel statistics can be known a priori, the optimal control policy can be found as the solution of a deterministic policy. Let $U^{\ast }$ be the optimal value of problem (3), $R_n^{\ast cs}$ and ${\mu }_n^{\ast }$ denote the feasible and optimal arrival rate and transmission rate, respectively. Then, for all queues and any constants ${\delta }_1$, ${\delta }_2$ and ${\delta }_3$, there must exists a network control policy that is independent of all queue lengths and satisfies the following inequalities:

$$\sum _{\left\{i\right|(n,i)\in L\}}{\overline{\mu }}_{ni}^n\ge {\mu }_n^{\ast }+{\delta }_1,$$

(21)

$$\sum _{\left\{j\right|(i,j)\in L\}}{\overline{\mu }}_{ij}^n\ge \sum _{\left\{i\right|(j,i)\in L\}}{\overline{\mu }}_{ji}^n+{\delta }_2,$$

(22)

$${\overline{R}}^e\left(t\right)\le {\overline{R}}^{e\ast }\left(t\right)+{\delta }_3.$$

(23)

Since the MSCAFB indeed minimizes the RSH of (20), such that any stationary control policies (including the optimal policy) need to satisfy (20). Inserting (21)–(23) into (20), we get the following upper bound of our control algorithm:

$$\begin{array}{cc}\hfill RHSof\left(48\right)\le & B-\sum _n{\delta }_1\mathbb{E}\left[Q_n^{p,c}\left(t\right)\right]-\sum _n\sum _{i\ne n}{\delta }_2\mathbb{E}\left[Q_i^{n,c}\left(t\right)\right]-\sum _n\sum _e{\delta }_3\mathbb{E}\left[Z_e^{n,c}\left(t\right)\right]-V{U}^{\ast }.\hfill \end{array}$$

(24)

Rearrange (24), we obtain the performance of MSCAFB algorithm.

4. Numerical Results and Discussions

For the network model presented in Figure 1, we consider i.i.d Rayleigh fading channels between nodes. The ratio of transmit power and noise has been normalized to 1. Let $h_{i,j}$ be the power gain between node i and j, which follows exponential distribution and the mean of each link is presented in

Table 2. Mean Channel Gain.

($S_1$,1)	($S_1$,2)	($S_1$,3)	(1,$d_1$)	(2,$d_1$)	(3,$d_1$)
6	8	10	8	6	4
($S_2$,2)	($S_2$,3)	($S_2$,4)	(2,$d_2$)	(3,$d_2$)	(4,$d_2$)
6	8	10	8	6	4
($S_1$,e)	($S_2$,e)	(1,e)	(2,e)	(3,e)	(4,e)
3	2	1	1	2	3

. The achievable rate between node i and j is $R_{i,j}\left(t\right)=log(1+h_{i,j}\left(t\right))$ and the rate of eavesdropper $R_{i,e}\left(t\right)=log(1+h_{i,e}\left(t\right))$. The utility function is a logarithmic utility function, i.e., $U_n^c\left(t\right)=\kappa +log\left(R_n^{cs}\left(t\right)\right)$, where $\kappa =3$ and $R_n^{cs}\left(t\right)$ is the confidential rate selected by node n in slot t. We assume the confidential data arrival process for each user follows an i.i.d Bernoulli process with rate $\lambda$.

Firstly, we analyze the performance of MSCAFB algorithm. In the simulation, the maximum average confidential data arrival rate is 2 bit/s, since the bandwidth is assumed to be one. Choosing the parameter $V\in \{10,20,80\}$, we get the results in Figure 3 and Figure 4, where each value is collected by running 5000 times. Figure 3 shows the impact of increasing the average confidential data arrival rate on the utility function and Figure 4 depicts the average queue backlog in the network. From the simulation results, we find: (1) For a fixed V, when the arrival rate is low, Figure 3 indicates that the utility function linearly increases with the average admission confidential rate. The reason for this is that, if the arrival confidential rate is low, almost all the arrival confidential data can be admitted. (2) When the arrival confidential rate is larger than the secrecy channel capacity, the average admitted confidential rate turns into saturation. Not surprisingly, as the parameter V increases, we observe that the utility function grows closer to the optimal value. (3) While in Figure 4, the average queue backlog is increased with V dramatically. It indicates that the transmission delay is increased with V. Thus, the choice of V is indeed a tradeoff between average utility and short-term system performance. To achieve both large utility and low delay, we will discuss the selection of parameter V.

According to [22], the long-term average utility is proportion to $1/V$, such that we can rewrite the utility function as ${\sum }_{n,c}{U}_n^c\left({\overline{r}}_n^{cs}\left(t\right)\right)\approx {\sum }_{n,c}{U}_n^c\left(r_n^{\ast cs}\right)-BM/V$, where ${\sum }_{n,c}{U}_n^c\left(r_n^{\ast cs}\right)$ denotes the optimal value and is a constant. Hence, the utility function is an increasing hyperbolic function of parameter V and a good operating point would be to pick a V value where an unit increases in V yields a very small reduction in utility. At this point, the utility gains may not be worth the delay increase resulting from increasing V (since delay is proportional to V). Let $\eta >0$ be the slope of utility function ${\sum }_{n,c}{U}_n^c\left({\overline{r}}_n^{cs}\left(t\right)\right)$. Differentiating to V, i.e., $d\left({\sum }_{n,c}{U}_n^c\left(r_n^{\ast cs}\right)-BM/V\right)/dV=BM/V^2=\eta$, we have the good operating point of $V=\sqrt{BM}$, where M is the number of nodes, and $B\triangleq \frac{1}{M}{\sum }_{n=1}^M\left[{\left({\lambda }_n^{cmax}+R_{n,max}^{in,s}\right)}^2+{\left(R_{n,max}^{out,s}\right)}^2\right]$. Based on the setting of simulation, i.e., $M=8$, $B\approx 20$ and $\eta \approx 0.5$, we can obtain the good operating point $V\approx 20$.

Next, we analyze the performance of MSCAFB algorithm and compare with MSCA algorithm in [23]. Figure 5 reflects the influence of secrecy codeword length on the network utility, as well as comparing with infinite secrecy codeword. The average arrival of confidential message is 2 bit/s and the parameter V is 80. The maximum allowable portion of confidential message ${\gamma }_n$ is chosen from $\{0.05,0.1,0.2\}$, and the secrecy codeword length varies from $\{50,100,500,1000,2000,4000\}$ bits. From Figure 5, we find: (1) When the secrecy codeword length is 50 bits, the network utility is only 30% of the optimal value. (2) With the increasing of secrecy codeword length, the network utility is increased. When secrecy codeword length is up to 1000 bits, the network utility trends to be gentle, but closes to the value with infinite secrecy codeword. The reason for this is that, when the secrecy codeword length is small, subject to the constraint of ${\gamma }_n$, the confidential message inserted to the codeword is decreased. Such that the network utility is low, and vice versa. (3) The network utility is increased with the value of ${\gamma }_n$. The reason is that, with ${\gamma }_n$ increasing, more confidential message can be inserted into a secrecy codeword. Particularly, when ${\gamma }_n=0.2$ and secrecy codeword length is 1000 bits, the network utility is larger than that of infinite secrecy codeword. In order to depict the influence of ${\gamma }_n$ on the network utility, we have Figure 6.

In Figure 6, assuming the secrecy codeword length is $\{100,1000,4000\}$ bits, we vary ${\gamma }_n$ from $0.05$ to $0.5$. The results show that: (1) With ${\gamma }_n$ increasing, we have the similar results with Figure 5. (2) With the increasing of secrecy codeword length, the threshold of ${\gamma }_n$ at which network utility is larger than that of infinite secrecy codeword is decreased. The reason is that larger secrecy codeword length means more confidential message can be inserted into a secrecy codeword. Particularly, when the secrecy codeword length is small, even ${\gamma }_n$ is large, the network utility can not exceed the optimal value. (3) Although both ${\gamma }_n$ and secrecy codeword length are large, the network utility can exceed the optimal value, it can not exceed the network capacity without secrecy constraint.

Each node needs the information of queue length from eavesdroppers to decide the control algorithm, considers a situation that queue length information is shared among all the nodes, but in some environment it is impossible to know this information precisely. Compared with getting perfect information about $Z_e^{n,c}\left(t\right)$, it is more realistic to know the time-average packet arrival rate of eavesdroppers. Considering this, we propose an imperfect estimation of $Z_e^{n,c}\left(t\right)$. The estimated queue length in legitimate node is:

$${\widehat{Z}}_e^{n,c}(t+1)={[{\widehat{Z}}_e^{n,c}\left(t\right)-{\overline{R}}^e\left(t\right)]}^{+}+(R_n^{k,cs}+\iota )$$

(25)

where $\iota$ is an over-estimated slack variable to queue stability. As to the control algorithm, we use ${\widehat{Z}}_e^{n,c}$ to substitute $Z_e^{n,c}$ in resource allocation algorithm.

5. Conclusions

In this paper, we consider the online control problem of a multi-hop wireless network with a security constraint. To guarantee confidentiality in multi-hop transmission, we employed an independent randomization encoding strategy with infinite and finite secrecy codewords. Using the stochastic network optimization, we develop a dynamic control algorithm for finite secrecy encoding strategies. We also proved that the proposed control algorithm achieve an utility close to the optimal value asymptotically. Finally, we simulate the online control algorithm with various network scenarios. The results demonstrate that the value of utility approaches the optimum, while the average queue backlog increases very fast. Thus, how to make a tradeoff between performance and queue backlog should be the subject of future research.