Content uploaded by Nicola Maturo
Author content
All content in this area was uploaded by Nicola Maturo
Content may be subject to copyright.
1
Security Gap Assessment
for the Fast Fading Wiretap Channel
Nicola Maturo, Marco Baldi, Marco Bianchi, Franco Chiaraluce,
DII, Universit`
a Politecnica delle Marche, Ancona, Italy
Email: {n.maturo, m.baldi, m.bianchi, f.chiaraluce}@univpm.it
Abstract—Using the error rate as a metric is useful for
assessing the performance of actual transmission schemes from
the physical layer security viewpoint. The security gap concept
has been used over the additive white Gaussian noise channel
as a practical measure for combined reliability and security.
In this paper, the definition of security gap is extended to a
wire-tap channel with fast fading. Our aim is to show that
by introducing scrambling and error correction coding can
significantly reduce the required quality difference between the
channel of the authorized user and that of the unauthorized one.
Index Terms—Fast fading, error correcting codes, physical
layer security, scrambling, security gap.
I. INTRODUCTION
Physical layer security (PLS) is gaining a prominent role in
reducing complexity of high layers cryptographic techniques.
Contrary to the latter, PLS is only based on the differences
between the channels experienced by authorized and unautho-
rized users. All receivers are perfectly aware of the encoding
and transmission procedures, and there is no need for the
legitimate users to share secrets (like cryptographic keys).
We refer to the classic wire-tap channel model [1], where a
transmitter (Alice) sends a message to an authorized receiver
(Bob) in the presence of an eavesdropper (Eve). In such
a scenario, a useful parameter for evaluating the efficiency
of PLS is the so called security gap. Formerly introduced
in [2], it is defined as the quality ratio between Bob’s and
Eve’s channels that is required to achieve a sufficient level of
PLS, while ensuring that Bob reliably receives the transmitted
information. In some recent papers [3]–[5], we have demon-
strated that the adoption of error correcting codes, joined
with scrambling (so realizing nonsystematic transmission) and
frames concatenation, allows to achieve rather small security
gaps over the additive white Gaussian noise (AWGN) wire-
tap channel. In [6] we have shown that suitable scramblers
can also be used to achieve an automatic bootstrap of secure
IEEE 802.11g wireless networks. In this paper, this approach is
extended to wireless channels affected by fast Rayleigh fading.
The PLS properties of fading channels have been widely
investigated in previous literature (see, for example, [7]–
[9]). Most of these works, however, have been focused on
the evaluation of the secrecy capacity, that is an extremely
important parameter from the information-theoretic point of
This work was supported in part by the MIUR project “ESCAPADE” (Grant
RBFR105NLC) under the “FIRB - Futuro in Ricerca 2010” funding program.
view, but which assumes asymptotic conditions and ideal
coding. Instead, our aim is to analyze the subject in terms
of practical codes, by considering the probability of error for
both the legitimate receiver and the eavesdropper. We consider
channels affected by fast Rayleigh fading, where each trans-
mitted symbol experiences a different channel realization. This
permits us to study the transmission performance in terms of
average signal-to-noise ratio (SNR) and outage probabilities.
The security gap achievable in the presence of fast Rayleigh
fading without coding can be very large. We investigate the
matter, and we show that both scrambling and coding are
effective in reducing the security gap. In particular, the use
of coding permits us to limit the frame length required to
achieve a given security gap.
The organization of the paper is as follows. In Section
II, the definition of security gap for the AWGN channel is
reminded, and extended to the fading channel. In Section III,
the transmission outage probability is studied. In Section IV,
the role of scrambling and framing is highlighted. In Section
V, we introduce coding and present suitable bounds on the
error rate. Numerical examples are discussed in Section VI.
Finally, Section VII concludes the paper.
II. SECURITY GAP DEFINITION
A. AWGN channel
Let us suppose that Bob’s and Eve’s channels are corrupted
by AWGN with different SNR: 𝐸𝑏
𝑁0
(𝐵)is Bob’s channel energy
per bit to noise power spectral density ratio, whereas 𝐸𝑏
𝑁0
(𝐸)is
the same parameter for Eve’s channel. Similarly, 𝑃(𝐵)
𝑏denotes
Bob’s bit error rate (BER) and 𝑃(𝐸)
𝑏that of Eve. In order to
achieve reliable transmission, 𝑃(𝐵)
𝑏must be sufficiently low,
that is 𝑃(𝐵)
𝑏≤𝑃(𝐵)
𝑏,𝑡ℎ , with 𝑃(𝐵)
𝑏,𝑡ℎ being some fixed threshold.
Concerning security, the target condition is 0.5≥𝑃(𝐸)
𝑏≥
𝑃(𝐸)
𝑏,𝑡ℎ, where 𝑃(𝐸)
𝑏,𝑡ℎ is another suitable threshold. Noting by
𝐸𝑏
𝑁0
(𝐵)and 𝐸𝑏
𝑁0
(𝐸), the SNRs corresponding to such thresholds,
the security gap for the AWGN channel is defined as:
𝑆𝑔=
𝐸𝑏
𝑁0
(𝐵)
𝐸𝑏
𝑁0
(𝐸).(1)
According to its definition, it is important to keep 𝑆𝑔
as small as possible, such that the desired security level is
achieved even with a small degradation of Eve’s channel with
respect to Bob’s channel.
2
B. Fading channel
Let us suppose that the AWGN channel is also affected by
fast Rayleigh fading. In order to estimate the error rate, we
use the concept of Pairwise Error Probability (PEP) [10]. Let
us suppose that the transmitted symbol is 𝑠𝑘and the received
constellation symbol is 𝑠𝑗∕=𝑠𝑘. This event will be denoted as
𝐸𝑗in the following, and its probability of occurrence is the
PEP 𝑃(𝑠𝑗,𝑠
𝑘). The probability of a symbol error conditioned
on the transmission of 𝑠𝑘can be expressed as:
𝑃(𝑒∣𝑠𝑘)=𝑃
𝑗∕=𝑘
𝐸𝑗
≤
𝑗∕=𝑘
𝑃(𝐸𝑗)=
𝑗∕=𝑘
𝑃(𝑠𝑗,𝑠
𝑘),(2)
where the well-known union bound (UB) approximation has
been used. Let us consider the simple case of a binary phase
shift keying (BPSK) modulation with constellation signals
𝑠0=−𝑠1=√2𝐸𝑏. In this case, we find:
𝑃(𝑠1,𝑠
0)=𝑃(𝑠0,𝑠
1)=𝑃𝑏=𝑄
2𝛼2𝐸𝑏
𝑁0
=𝑄2𝛾𝑏,
(3)
where 𝑄(⋅)is the tail probability of a unit variance normal
random variable and 𝛾𝑏=𝛼2𝐸𝑏
𝑁0is the modified SNR. As we
assume that the channel is Rayleigh fading, 𝛼is the modulus of
a Rayleigh random variable ℎ, whose real and imaginary parts
are Gaussian variables with mean 0and variance 1/2. Hence,
𝛼2is chi-square distributed, with expectation 𝐸(𝛼2)=1, and
the probability density function of 𝛾𝑏results in:
𝑝𝛾𝑏(𝑥)= 1
𝛾𝑏
𝑒−𝑥/𝛾𝑏,𝑥≥0(4)
where 𝛾𝑏=𝐸𝑏/𝑁0is the average value of 𝛾𝑏.
Taking into account the randomness of 𝛾𝑏, the expected
value of 𝑃𝑏can be determined as follows:
𝑃𝑏=∞
0
𝑄(√2𝑥)𝑝𝛾𝑏(𝑥)𝑑𝑥 =1
21−𝛾𝑏
1+𝛾𝑏≈1
4𝛾𝑏
,
(5)
where the approximation is good for 𝛾𝑏≫1.
The above analysis applies to either Bob’s channel (whose
modified SNR is 𝛾(𝐵)
𝑏) or Eve’s channel (whose modified
SNR is 𝛾(𝐸)
𝑏). So, reasoning in terms of 𝛾𝑏, it is possible to
derive a parameter similar to the 𝑆𝑔defined in Section II-A for
the AWGN channel without fading. To this purpose, we can
fix a threshold value for Bob and derive 𝛾𝑏(𝐵)accordingly,
and a threshold value for Eve and derive 𝛾(𝐸)
𝑏accordingly.
As an example, by choosing 𝑃(𝐵)
𝑏,𝑡ℎ =10
−6,from(5)we
obtain 𝛾𝑏(𝐵)= 249999 (the approximate value would be
𝛾𝑏(𝐵)= 250000); on the other hand, by choosing 𝑃(𝐸)
𝑏,𝑡ℎ =0.4,
from (5) we obtain 𝛾𝑏(𝐸)=0.042 (the approximate value
would be 𝛾𝑏(𝐸)=0.625, that is significantly different since
the condition 𝛾𝑏(𝐸)≫1is not verified). The security gap,
expressed in logarithmic units, is therefore 𝑆𝑔=𝛾𝑏(𝐵)dB −
𝛾𝑏(𝐸)dB =67.75 dB. This is an impressively high value,
partly due to the presence of fading and partly to the absence
of forward error correcting (FEC) coding and scrambling.
III. TRANSMISSION OUTAGE PROBABILITY
Reasoning in terms of average error rate, the approach
developed in Section II may not fit the performance of a
specific transmission. For this reason, another, more fine,
measure of error rate is needed, and this can be provided by
the error rate outage probability.
The transmission outage probability is defined as the prob-
ability that the error rate overcomes a given threshold. This
parameter is of interest from Bob’s point of view, since
it expresses, in a different way, the need to have reliable
transmissions. In this case, we do not apply the average
probability provided by (5) but, instead, we consider directly
(3), since this establishes a “local” relationship between the
probability of error and the modified SNR. Fixing a BER
threshold 𝑃(𝐵)
𝑏,𝑡ℎ , the transmission outage probability is:
𝑃𝑏,𝑜 =𝑃𝑃(𝐵)
𝑏,𝑡ℎ ≤𝑃𝑏≤0.5.(6)
By using (3), 𝑃𝑏,𝑜 can be expressed in terms of 𝛾𝑏.Asan
example, by assuming 𝑃𝑏=𝑃(𝐵)
𝑏,𝑡ℎ =10
−7we have 𝛾(𝐵)
𝑏,𝑡ℎ ≈
13.5. So, also considering that 𝛾𝑏=0→𝑃𝑏=0.5,wehave:
𝑃𝑏,𝑜 =𝑃0≤𝛾(𝐵)
𝑏≤𝛾(𝐵)
𝑏,𝑡ℎ=𝛾(𝐵)
𝑏,𝑡ℎ
0
𝑝𝛾(𝐵)
𝑏
(𝑥)𝑑𝑥
=1−exp −𝛾(𝐵)
𝑏,𝑡ℎ
𝛾𝑏(𝐵).(7)
Similarly to the transmission outage probability, we can
define the secrecy outage probability in terms of the BER,
that is, the probability that Eve’s BER falls below 𝑃(𝐸)
𝑏,𝑡ℎ.The
secrecy outage probability is therefore:
𝑃𝑏,𝑠 =𝑃𝑃𝑏≤𝑃(𝐸)
𝑏,𝑡ℎ=𝑃𝛾(𝐸)
𝑏≥𝛾(𝐸)
𝑏,𝑡ℎ
=∞
𝛾(𝐸)
𝑏,𝑡ℎ
𝑝𝛾(𝐸)
𝑏
(𝑥)𝑑𝑥 =exp−𝛾(𝐸)
𝑏,𝑡ℎ
𝛾𝑏(𝐸).(8)
Like 𝛾(𝐵)
𝑏,𝑡ℎ,also𝛾(𝐸)
𝑏,𝑡ℎ is obtained from (3). For example, by
setting 𝑃(𝐸)
𝑏,𝑡ℎ =0.45 we have 𝛾(𝐸)
𝑏,𝑡ℎ ≈0.007895. So, in (7)
and (8) the values of 𝛾(𝐵)
𝑏,𝑡ℎ and 𝛾(𝐸)
𝑏,𝑡ℎ are imposed as design
parameters, and the same occurs for the outage probabilities
𝑃𝑏,𝑜 and 𝑃𝑏,𝑠. The values of 𝛾𝑏(𝐵)and 𝛾𝑏(𝐸)follow from
them, and they can be determined by inverting (7) and (8),
i.e.:
𝛾𝑏(𝐵)=𝛾(𝐵)
𝑏,𝑡ℎ
ln 1
1−𝑃𝑏,𝑜 ,𝛾𝑏(𝐸)=𝛾(𝐸)
𝑏,𝑡ℎ
ln 1
𝑃𝑏,𝑠 .(9)
The security gap is then defined as the ratio between 𝛾𝑏(𝐵)
and 𝛾𝑏(𝐸). By setting 𝛾(𝐵)
𝑏,𝑡ℎ =13.5and 𝛾(𝐸)
𝑏,𝑡ℎ =0.007895
and fixing 𝑃𝑏,𝑜 =𝑃𝑏,𝑠 =10
−3, we obtain 𝛾𝑏(𝐵)= 13509.80
and 𝛾𝑏(𝐸)=0.001143. Using these values, we obtain 𝑆𝑔=
𝛾𝑏(𝐵)
𝛾𝑏(𝐸)=70.7dB, that is even greater than that obtained from
the approach in Section II. However, we should note that these
values depend on the choice made for 𝑃(𝐵)
𝑏,𝑡ℎ ,𝑃(𝐸)
𝑏,𝑡ℎ,𝑃𝑏,𝑜 and
𝑃𝑏,𝑠. Moreover, a significant reduction is expected by resorting
to coding and scrambling, as will be shown afterwards.
3
IV. SCRAMBLED AND FRAMED TRANSMISSIONS
In [3], we have introduced the concept of perfect scrambler,
for which a single residual bit error in the received sequence is
sufficient to ensure that half of the information bits are in error
after descrambling and that the error positions are randomly
distributed. This assumption will be used afterwards.
Scrambling can be applied if transmission is organized in
frames (a special case of framed transmission is obtained by
applying a FEC, as will be shown next). By considering a
framed transmission, in which groups of 𝑛bits are transmitted,
we can focus on the frame error rate (FER) (𝑃𝑓), rather than
the BER. Because of the assumption of perfect scrambler, we
can write:
𝑃(𝐵)
𝑓≤2𝑃(𝐵)
𝑏,𝑡ℎ =𝑃(𝐵)
𝑓,𝑡ℎ,
1≥𝑃(𝐸)
𝑓≥2𝑃(𝐸)
𝑏,𝑡ℎ =𝑃(𝐸)
𝑓,𝑡ℎ,(10)
and, similarly:
𝑃𝑓,𝑜 =𝑃𝑃(𝐵)
𝑓,𝑡ℎ ≤𝑃(𝐵)
𝑓≤1,
𝑃𝑓,𝑠 =𝑃𝑃(𝐸)
𝑓≤𝑃(𝐸)
𝑓,𝑡ℎ.(11)
Since 𝑃𝑓=1−(1 −𝑃𝑏)𝑛, we can obtain the FER averaged
over all channel realizations by using (5), that is:
𝑃𝑓=1−1
2𝑛1+𝛾𝑏
1+𝛾𝑏𝑛
,(12)
while the FER for a specific channel realization can be
obtained by using (3), that is:
𝑃𝑓=1−1−𝑄2𝛾𝑏𝑛.(13)
In the presence of a perfect scrambler, we have that a resid-
ual bit error in a received frame causes maximum uncertainty,
that is, BER equal to 0.5. Hence, under the perfect scrambling
condition, the BER equals half the FER (𝑃𝑆 stands for perfect
scrambling):
𝑃𝑃𝑆
𝑏=1
2𝑃𝑓=1
21−1−𝑄2𝛾𝑏𝑛,(14)
from which we have:
𝛾𝑏=1
2𝑄−11−𝑛
1−2𝑃𝑃𝑆
𝑏2
.(15)
By using (15) and replacing 𝑃(𝐵)
𝑏,𝑡ℎ , we obtain 𝛾(𝐵),𝑃 𝑆
𝑏,𝑡ℎ .Sim-
ilarly, we can replace 𝑃(𝐸)
𝑏,𝑡ℎ to obtain 𝛾(𝐸),𝑃 𝑆
𝑏,𝑡ℎ . These values of
𝛾𝑏,𝑡ℎ can be used in (9), after having fixed some target values
for the transmission and secrecy outage probabilities.
For the sake of comparison, we can consider the same
example as in Section III, i.e., 𝑃(𝐵)
𝑏,𝑡ℎ =10
−7,𝑃(𝐸)
𝑏,𝑡ℎ =0.45
and 𝑃𝑏,𝑜 =𝑃𝑏,𝑠 =10
−3. The results obtained for the case of
perfect scrambling over frames of 𝑛bits are reported in Table
I, for some values of 𝑛. The first row (𝑛=0)shows,asa
reference, the values obtained for the case without scrambling.
As we see from the table, the introduction of framing,
combined with scrambling, strongly reduces the security gap
which is needed, in terms of channel quality, between Bob and
Eve to achieve the desired security level.
TAB L E I
FRAME LENGTH,CHANNEL QUALITY AND SECURITY GAP VALUES FOR
FRAMED AND SCRAMBLED TRANSMISSIONS
𝑛 𝛾(𝐵)
𝑏,𝑡ℎ 𝛾(𝐸)
𝑏,𝑡ℎ 𝛾𝑏(𝐵)𝛾𝑏(𝐸)𝑆𝑔
013.5166 0.00789539 13509.8 0.00114297 70.7261 dB
10 15.0747 0.337457 15067.2 0.0488519 54.8915 dB
100 17.3119 1.99953 17303.2 0.289462 47.7654 dB
1000 19.5564 4.0152 19546.7 0.58126 45.267 dB
10000 21.8069 6.13466 21796 0.888084 43.8992 dB
V. C ODED TRANSMISSION
Let us suppose that Alice encodes her messages into code-
words of a linear block code with length 𝑁,rate𝑅𝑐and
minimum distance 𝑑min.
A. Hard-decision decoding
If we consider the adoption of a hard-decision decoding
algorithm, like bounded-distance decoding, the frame and bit
error probabilities at the receiver can be estimated as:
𝑃𝑓=
𝑁
𝑖=𝑡+1 𝑁
𝑖𝑃𝑖
0(1 −𝑃0)𝑁−𝑖,
𝑃𝑏=
𝑁
𝑖=𝑡+1
𝑖
𝑁𝑁
𝑖𝑃𝑖
0(1 −𝑃0)𝑁−𝑖,
(16)
where 𝑡=𝑑min−1
2is the maximum number of errors the
code is able to correct and 𝑃0=𝑄√2𝑅𝑐𝛾𝑏.
B. Linear block codes with soft-decision decoding
It is known that the performance of effective soft-decision
algorithms converges to that obtainable through maximum
likelihood (ML) decoding, in the region of high SNR.
Given two vectors (xand y) the PEP due to them is [11]:
𝑃(x,y)=𝑃(x→y∣ℎ)=𝑄𝐸𝑠
2𝑁0
𝛼2∥x−y∥2,(17)
where ∥x−y∥2=𝑁
𝑙=1 ∣𝑥𝑙−𝑦𝑙∣2.
Starting from this expression, the BER can be computed, at
least in principle, by considering all the possible competing
vectors y, and by averaging over all the possible starting
vectors x. In particular, from the knowledge of the code
weight spectrum, all the possible competing vectors ycan
be enumerated and the UB can be employed to estimate the
performance of the ML decoder.
We can suppose, w.l.o.g., that the all-zero codeword is
transmitted, that is, 𝑥𝑙=+1,∀𝑙. Thus, if the competing vector
has weight 𝑤,wehave∥x−y∥2=4𝑤, and then:
𝑃(x,y)=𝑄𝐸𝑠
2𝑁0
𝛼24𝑤=𝑄2𝛾𝑏𝑅𝑐𝑤.(18)
Finally, by using the UB approximation, we obtain:
𝑃𝑓≤
𝑁
𝑤=𝑑min
𝐴𝑤𝑄2𝛾𝑏𝑅𝑐𝑤,(19a)
4
𝑃𝑏≤
𝑁
𝑤=𝑑min
𝑤
𝑁𝐴𝑤𝑄2𝛾𝑏𝑅𝑐𝑤.(19b)
where 𝐴𝑤is the codeword multiplicity.
C. Bounds for the fast fading case
The tools described in Sections V-A and V-B rely on the
simplifying assumption that only one channel realization is
observed during a codeword. In this section, we consider the
fast fading scenario, in which the channel is characterized by a
vector of 𝑁gain values, [𝛾𝑏1,𝛾
𝑏2,...,𝛾
𝑏𝑁], with 𝛾𝑏𝑖=𝛼2
𝑖𝐸𝑏
𝑁0.
For the sake of clarity, from now on, we slightly change
previous notation. In particular, let
𝜸(𝐵/𝐸)=𝛾(𝐵/𝐸)
1,𝛾(𝐵/𝐸)
2,...,𝛾(𝐵/𝐸)
𝑁,(20)
be the vector of random SNRs experienced by Bob/Eve for the
message transmitted by Alice; the average SNR of the channel
between Alice and Bob/Eve is:
𝛾(𝐵/𝐸)=1
𝑁
𝑖
𝛾(𝐵/𝐸)
𝑖.(21)
We are interested in finding the minimum value of 𝛾(𝐵),
denoted as 𝛾(𝐵)
min, for which the probability that 𝑃(𝐵)
𝑓≥𝑃(𝐵)
𝑓,𝑡ℎ
is not greater than a given value 𝜔, i.e.:
𝛾(𝐵)
min =min𝛾(𝐵):𝑃𝑃(𝐵)
𝑓≥𝑃(𝐵)
𝑓,𝑡ℎ≤𝜔.(22)
In order to obtain a worst-case estimate for Bob’s error rate,
we are interested in finding the minimum value of channel
gain, that is, 𝛾𝑚=min
𝛾1(𝐵),𝛾
2(𝐵),...,𝛾
𝑁(𝐵), and its
probability distribution. Let 𝑃(𝐵)
𝑓(𝜸(𝐵))be the error rate
achieved by Bob for a given channel realization 𝜸(𝐵).We
consider the upper bound
𝑃(𝐵)
𝑓(𝜸(𝐵))≤𝑃(𝐵)
𝑓([𝛾𝑚,𝛾
𝑚,...,𝛾
𝑚]) .(23)
We indicate by 𝛾𝛿the minimum value of 𝛾𝑚at which
𝑃(𝐵)
𝑓([𝛾𝑚,𝛾
𝑚,...,𝛾
𝑚]) = 𝛿; hence (22) becomes
𝛾(𝐵)
min =min{𝛾(𝐵):𝑃(𝛾𝑚≤𝛾𝛿)≤𝜔}.(24)
The value of 𝛾𝛿can be determined by using (19a). For the
computation of 𝑃(𝛾𝑚≤𝛾𝛿), let us denote by 𝐿𝑖the event
that 𝛾𝑖(𝐵)≤𝛾𝛿. Its probability of occurrence is 𝑃(𝐿𝑖)=
1−exp −𝛾𝛿
𝛾(𝐵). The cumulative distribution function for
the random variable 𝛾𝑚results in:
𝑃(𝛾𝑚≤𝛾𝛿)=𝑃𝑁
𝑖=1
𝐿𝑖=1−
𝑁
𝑖=1
[1 −𝑃(𝐿𝑖)] .(25)
Through this derivation, we can compute 𝛾(𝐵)
min for which
condition (22) is satisfied.
The analysis over Eve’s channel is quite similar. According
to (11), we are interested in finding the maximum value
of 𝛾(𝐸), denoted as 𝛾(𝐸)
max, for which the probability that
𝑃(𝐸)
𝑓(𝜸(𝐵))≤𝑃(𝐸)
𝑓,𝑡ℎ is not greater than a given value 𝜁, i.e.:
𝛾(𝐸)
max =max𝛾(𝐸):𝑃𝑃(𝐸)
𝑓(𝜸(𝐸))≤𝑃(𝐸)
𝑓,𝑡ℎ≤𝜁.(26)
In order to obtain a best-case estimate for Eve’s error rate,
we are interested in finding the maximum value of channel
gain, that is, 𝛾𝑀=max
𝛾1(𝐸),𝛾
2(𝐸),...,𝛾
𝑁(𝐸), and its
probability distribution. Let 𝑃(𝐸)
𝑓(𝜸(𝐸))be the error rate
achieved by Eve for a given channel realization 𝜸(𝐸).We
consider the lower bound
𝑃(𝐸)
𝑓(𝜸(𝐸))≥𝑃(𝐸)
𝑓([𝛾𝑀,𝛾
𝑀,...,𝛾
𝑀]) .(27)
We indicate by 𝛾𝜂the maximum value of 𝛾𝑀at which
𝑃(𝐸)
𝑓([𝛾𝑀,𝛾
𝑀,...,𝛾
𝑀]) = 𝜂; hence (26) becomes
𝛾(𝐸)
max =max{𝛾(𝐸):𝑃(𝛾𝑀>𝛾
𝜂)≤𝜁}.(28)
The value of 𝛾𝜂can be estimated by using Shannon’s sphere
packing bound (SPB) [12]. [Details are omitted for the sake of
brevity.] For the computation of 𝑃(𝛾𝑀>𝛾
𝜂), let us denote
by 𝐺𝑖the event that 𝛾𝑖(𝐸)>𝛾
𝜂, for a given value of 𝛾𝜂.
Its probability of occurrence is 𝑃(𝐺𝑖)=exp
−𝛾𝜂
𝛾(𝐸).The
complementary cumulative distribution function for 𝛾𝑀is:
𝑃(𝛾𝑀>𝛾
𝜂)=𝑃𝑁
𝑖=1
𝐺𝑖=1−
𝑁
𝑖=1
[1 −𝑃(𝐺𝑖)] .(29)
Through this derivation, we can compute 𝛾(𝐸)
max for which
condition (26) is satisfied. Once having determined 𝛾(𝐵)
min and
𝛾(𝐸)
max,the𝜔−𝜁security gap can be obtained as:
𝑆(𝜔,𝜁)
𝑔=𝛾(𝐵)
min
𝛾(𝐸)
max
.(30)
On the other hand, if the channel between Alice and Bob is
known, (30) should be replaced by the 𝜁-outage security gap:
𝑆(𝜁)
𝑔=𝛾𝛿
𝛾(𝐸)
max
.(31)
VI. NUMERICAL EXAMPLES
We focus on the extended BCH (eBCH) code with length
𝑁=64, dimension 𝐾=36and minimum distance 𝑑min =
12. The complete weight spectrum of this code is known, and
the number of codewords with weight 𝑑min is 𝐴𝑑min = 30240.
Considering modern families of codes, like low-density
parity-check (LDPC) codes, could seem a more attractive
solution. LDPC codes have been shown to be suitable for
several security-related applications [13], [14]. However, the-
oretical bounds on the performance of finite-length LDPC
codes are difficult to find, except for some families of very
structured codes [15], [16]. On the contrary, algebraic codes
like eBCH codes allow to analytically find tight bounds on
their performance. In addition, for short eBCH codes, ML-
like decoders are practically feasible, and achieve excellent
performance.
Fig. 1 reports the FER achieved by this code over the
AWGN channel, with soft-decision decoding using the most
reliable basis (MRB) algorithm presented in [17]. The figure
also shows the curves of Shannon’s SPB and the UB (19a) on
the performance achievable through ML decoding. We note
that the MRB decoder performance is tightly between the two
bounds, hence it is able to approach ML decoding.
5
-3-2-101234567
10
-7
10
-6
10
-5
10
-4
10
-3
10
-2
10
-1
10
0
eBCH(64, 36) union bound
eBCH(64 , 36) MRB decoding
eBCH(64, 36) sphere packing bound
Frame Error Rate
E
b
/N
0
[dB]
Fig. 1. Bounds and simulation results on the performance of the (64, 36)
eBCH code over the AWGN channel.
Fixing the target 𝑃(𝐸)
𝑓,𝑡ℎ =0.9, and considering Shannon’s
SPB, we have 𝑃(𝐸)
𝑓≥𝑃(𝐸)
𝑓,𝑡ℎ for 𝐸𝑏/𝑁 (𝐸)
0<−2.4dB. As
the SPB gives a good approximation of ML decoding for low
SNR, this value can be assumed as 𝛾𝜂and then used in the
analysis presented in Section V-C for the evaluation of 𝛾(𝐸)
max.
In particular, by fixing 𝜁=10
−3we obtain 𝛾(𝐸)
max =−12.84
dB. Concerning Bob’s error rate, the value of 𝛾𝛿can be derived
from the UB analysis of Section V-B. Assuming 𝑃(𝐵)
𝑓,𝑡ℎ =2⋅
10−7,wehave𝛾𝛿=5.35 dB. Then we can apply the analysis
in Section V-C for the evaluation of 𝛾(𝐵)
min. In particular, by
fixing 𝜔=10
−3we obtain 𝛾(𝐵)
min =53.41 dB. Thus, finally,
using (30), we have 𝑆(𝜔,𝜁)
𝑔=66.25 dB. Alternatively, we
can assume to have perfect knowledge of Bob’s channel. In
this case, Bob’s channel gain needed for reaching the desired
reliability level is 𝛾𝛿=5.35 dB. Definition (31) applies, and
gives 𝑆(𝜁)
𝑔=18.19 dB, that is significantly smaller.
Another interesting issue concerns comparison between
these results and those achievable without the use of coding.
The only difference, in this case, consists in using (14) (and,
hence, (15)) in place of (19b). The values so obtained, denoted
by 𝛾𝑢
𝛿and 𝛾𝑢
𝜂, replace 𝛾𝛿and 𝛾𝜂for the case with coding. The
analysis in Section V-C is then applied, in the case one or both
channels are known only in statistical terms, to derive 𝛾(𝐵)
min
and 𝛾(𝐸)
max. As obvious and expected, the results depend on the
frame length 𝑛. Some examples are given in Table II, for the
case of Bob’s channel perfectly known, while Eve’s channel
is known only in statistical terms. From the table, we observe
that we need to use frames with length 𝑛= 1000 bits or more
to obtain a value of the security gap that is comparable to or
less than that achieved by using the (64,36) eBCH code. This
confirms that the use of coding helps to reduce the security
gap, that is, to increase the security level.
VII. CONCLUSION
The security gap concept has been applied to the case of
fast fading channels, that are of interest in wireless scenarios.
TAB L E I I
FRAME LENGTH,CHANNEL QUALITY AND SECURITY GAP VALUES FOR
FRAMED SCRAMBLED TRANSMISSIONS UNDER THE HYPOTHESIS OF
PERFECT KNOWLEDGE OF BOB’S CHANNEL
𝑛 𝛾𝑢
𝛿𝛾𝑢
𝜂𝛾(𝐸)
max 𝑆𝑔
10 15.0747 0.337457 0.0366389 26.1431 dB
100 17.3119 1.99953 0.173677 19.986 dB
1000 19.5564 4.0152 0.29063 18.2795 dB
10000 21.8069 6.13466 0.380607 17.5812 dB
Although the proposed definition is an extension of that used
over the AWGN channel, the need to take into account the
variability of the faded SNR and possible uncertainty on the
channels introduce some difficulties that can be efficiently
managed in analytical form. We have verified that the security
gap required over a fading channel can be very large but,
similarly to the AWGN channel, it can be significantly reduced
through the use of scrambling and error correction coding.
REFERENCES
[1] A. D. Wyner, “The wire-tap channel,” Bell Syst. Tech. J., vol. 54, no. 8,
pp. 1355–1387, Oct. 1975.
[2] D. Klinc, J. Ha, S. McLaughlin, J. Barros, and B.-J. Kwak, “LDPC codes
for the Gaussian wiretap channel,” in Proc. IEEE Information Theory
Workshop (ITW 2009), Taormina, Italy, Oct. 2009, pp. 95–99.
[3] M. Baldi, M. Bianchi, and F. Chiaraluce, “Coding with scrambling,
concatenation, and HARQ for the AWGN wire-tap channel: A security
gap analysis,” IEEE Trans. Inf. Forensics Security, vol. 7, no. 3, pp.
883–894, Jun. 2012.
[4] ——, “Increasing physical layer security through scrambled codes and
ARQ,” in Proc. IEEE International Conference on Communications
(ICC 2011), Kyoto, Japan, Jun. 2011.
[5] ——, “Non-systematic codes for physical layer security,” in Proc. IEEE
Information Theory Workshop (ITW 2010), Dublin, Ireland, Aug. 2010.
[6] M. Baldi, M. Bianchi, N. Maturo, and F. Chiaraluce, “A physical layer
secured key distribution technique for IEEE 802.11g wireless networks,”
IEEE Wireless Commun. Lett., 2013, in press.
[7] P. K. Gopala, L. Lai, and H. El Gamal, “On the secrecy capacity of
fading channel,” IEEE Trans. Inform. Theory, vol. 54, no. 10, pp. 4687–
4698, Oct. 2008.
[8] Y. Liang, H. V. Poor, and S. Shamai (Shitz), “Secure communications
over fading channels,” IEEE Trans. Inform. Theory, vol. 54, no. 6, pp.
2470–2492, Jun. 2008.
[9] F. Renna, N. Laurenti, and H. V. Poor, “Physical layer security for
OFDM transmissions over fading channels,” IEEE Trans. Inf. Forensics
Security, vol. 7, no. 4, pp. 1354–1367, Aug. 2012.
[10] G. L. St ¨
uber, Principles of Mobile Communication, 3rd ed. Springer,
2011.
[11] R. Knopp and P. A. Humblet, “On coding for block fading channels,”
IEEE Trans. Inform. Theory, vol. 46, no. 1, pp. 189–205, Jan. 1997.
[12] G. Wiechman and I. Sason, “An improved sphere-packing bound for
finite-length codes over symmetric memoryless channels,” IEEE Trans.
Inform. Theory, vol. 54, no. 5, pp. 1962–1990, May 2008.
[13] F. Renna, N. Laurenti, S. Tomasin, M. Baldi, N. Maturo, M. Bianchi,
F. Chiaraluce, and M. Bloch, “Low-power secret key agreement over
OFDM,” in Proc. ACM HotWiSec 2013, Budapest, Hungary, Apr. 2013.
[14] M. Baldi, M. Bianchi, and F. Chiaraluce. (2012) Security and
complexity of the McEliece cryptosystem based on QC-LDPC codes.
Accepted for publication in IET Information Security. [Online].
Available: http://arxiv.org/abs/1109.5827
[15] M. Baldi, F. Bambozzi, and F. Chiaraluce, “On a family of circulant
matrices for quasi-cyclic low-density generator matrix codes,” IEEE
Trans. Inform. Theory, vol. 57, no. 9, pp. 6052–6067, Sep. 2011.
[16] M. Baldi, G. Cancellieri, and F. Chiaraluce, “Interleaved product LDPC
codes,” IEEE Trans. Commun., vol. 60, no. 4, pp. 895–901, Apr. 2012.
[17] Y. Wu and C. N. Hadjicostis, “Soft-decision decoding using ordered
recodings on the most reliable basis,” IEEE Trans. Inform. Theory,
vol. 53, no. 2, pp. 829–836, Sep. 2007.
