IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 12, DECEMBER 2013

1961

Rate Regions for Multiple Access Channel With Conference and Secrecy Constraints Peng Xu, Zhiguo Ding, Member, IEEE, and Xuchu Dai

Abstract— This paper studies the impact of partial encoder cooperation on the secrecy of the multiple access channel (MAC) with an external eavesdropper. In particular, two encoders, connected by two communication links with finite capacities, wish to send secret messages to the common intended decoder in the presence of a passive eavesdropper. The inner and outer bounds on the secrecy capacity are derived for the discrete memoryless channel. The derived inner bound rate region is achievable by combining Willems’s coding for the MAC with partially cooperating encoders and Wyner’s random binning for the wiretap channel. Then, both the inner and outer bounds are extended to the Gaussian case and the corresponding rate regions are established. Several simple achievable transmission schemes are proposed for the Gaussian channel and the numerical results show that the partial encoder cooperation can increase the achievable rate regions. Index Terms— Information-theoretic secrecy, secrecy capacity region, partial encoder cooperation.

I. I NTRODUCTION

T

HE notion of information-theoretic security was introduced by Shannon in [1], where the transmission was assumed to be noiseless, and the confidential message was protected by using a key whose rate must be equal to the rate of data. Considering the noisy transmission, Wyner introduced the wiretapper channel in [2], where the signal received by the eavesdropper is a degraded version of the signal at the destination. Csiszár and Körner extended this degraded wiretapper channel to the general case and found the secrecy capacity in [3]. Recently, a variety of communication scenarios have been studied in order to find the corresponding secrecy capacities. Many of these channel models included an external eavesdropper in addition to the legitimate receivers, which

Manuscript received November 25, 2012; revised June 30, 2013 and September 4, 2013; accepted September 14, 2013. Date of publication September 20, 2013; date of current version November 11, 2013. The work of P. Xu and X. Dai was supported in part by the National Natural Science Foundation of China NSFC-61071094, in part by the National Basic Research Program of China (973 Program: 2013CB329004), and in part by the Intercollegiate Key Project of Nature Science of Anhui Province under Grant KJ2012A283. The work of Z. Ding was supported in part by the U.K. EPSRC under Grant EP/I037423/1 and in part by a EC-FP7 Marie Curie Outgoing International Fellowship. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Y.-W. Peter Hong. P. Xu and X. Dai are with the Department of Electronic Engineering and Information Science, University of Science and Technology of China, Hefei 230027, China (e-mail: [email protected]; [email protected]). Z. Ding is with the School of Electrical, Electronic, and Computer Engineering Newcastle University, Newcastle NE1 7RU, U.K. (e-mail: [email protected]). Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org. Digital Object Identifier 10.1109/TIFS.2013.2282913

follows the classical wiretap channels in [2] and [3]. With such an external eavesdropper in the system, secrecy rates have been developed for the multiple input multiple output (MIMO) wiretap channels in [4]–[6], multiple access wiretap channel (MAC-WT) in [7]–[9], the degraded compound multireceiver wiretap channel with two groups of users and a group of eavesdroppers [10], three-receiver broadcast channel with two eavesdroppers [11], [12], the relay-eavesdropper channel [13]–[15], the interference channel with an eavesdropper (IC-E) [16], [17], etc. Another set of channel models addressed the case that a node is the legitimate receiver for a certain information but also acts as an eavesdropper for the unintended messages in the system. This kind of work includes the multiple access channel with confidential messages (MACCM) [18]–[21], broadcast channel with confidential messages (BC-CM) [22]–[25], interference channel with confidential messages (IC-CM) [22], [26], etc. Moreover, the works in [27]–[29] considered an untrusted helper relay, where the cooperating node acted as a helper and an eavesdropper at the same time. Motivated by the potential of user cooperation to enhance the security level, many existing works have been carried out to characterize the effect of user cooperation for a variety of communication networks. It is important to recall that there are two types of user cooperation strategies, termed as the implicit cooperation and the explicit cooperation, respectively. The implicit cooperation strategy means that a helper node is to send dummy messages (or even pure noise) which are independent to the information bearing source messages in order to confuse eavesdroppers, such as cooperative jamming [8], the interference assisted scheme [14] and artificial noise (or channel prefixing) [17], [22]. The explicit cooperation strategy requires the helper user to send helping messages that are correlated to the intended messages, such as the decodeand-forward (DF) scheme for relay-eavesdropper channels [13] and cooperative coding schemes for cognitive channels (i.e. one user non-causally knows the other users’ messages) [9], [26]. Moveover, the work in [21] proposes another type of explicit cooperation for a generalized two-user MAC channel, where users can help each other by transmitting correlated messages through a one-way public channel. Different to these works, this paper is to design a hybrid cooperation scheme that requires the helper node to perform the explicit and implicit cooperation strategies simultaneously. Specifically, the helper node will send private dummy messages which are to confuse the eavesdropper, and also forward common source messages to the destination in order to improve the reception capability at the destination. The rates of

1556-6013 © 2013 IEEE

1962

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 12, DECEMBER 2013

Fig. 1.

Conferencing MAC with an eavesdropper (CMAC-E).

these two types of messages are determined by the capacities of the communication links between the two sources. In particular, compared to the implicit cooperation schemes in [8], [14], [17] and [22] based on sending independent dummy messages at different transmitters, the proposed cooperative scheme also considers explicit cooperation by coordinating two sources to transmit signals partially correlated to each other. Compared to the explicit cooperation schemes in [9], [13] and [26] that require the helper node to have a total knowledge of the other users’ messages, the proposed cooperative scheme considers a more practical cooperation scenario in which each helper node only needs to partially decode the other source’s messages. In addition, unlike the explicit cooperation scheme in [21] which aims only to enhance the reception capability at the destination, the proposed hybrid cooperative scheme also considers how to suppress the eavesdropping channel by sending private dummy messages. We further expand on the addressed channel model and the main contributions of this paper as follows. The focus of this paper is to deal with the partial cooperation for the MAC with an external passive1 eavesdropper. Such a partially cooperating channel model is termed as the conferencing MAC with an eavesdropper (CMAC-E), as shown in Fig. 1. Compared to the MAC-WT channel in [8], there is a conference between two sources which is formed by two communication links with finite capacities C1 and C2 . Compared to the generalized MAC channel in [21], the secure transmission problem considered in the addressed CMAC-E channel is also different due to the presence of the external eavesdropper. The practicality of the addressed CMAC-E can be illustrated by using the following simple example. Consider a wireless sensor network, in which there exist two sensors located nearby to each other but far from a data fusion center and an eavesdropper. Before sending the secret message to the fusion center, each sensor can communicate with each other via a short-range channel and send a part of its secret message to its partner without being intercepted by the remote eavesdropper. Note that we do not assume errorless communications via such short-range conference links, and the impact of the corresponding error events has been taken into consideration when the achievable rate region is developed. The non-secrecy case of this model has been introduced in [30] for a MAC with partial encoder cooperation without an eavesdropper. Furthermore, Willems established the capacity 1 Note that, an eavesdropper is termed as a passive one if it only listens without sending any information. Otherwise, it is termed as an active one, such as the eavesdroppers in the MAC-CM channels [18]–[21] which perform eavesdropping and transmit messages at the same time.

region of this model for the discrete memoryless case in [30] and Bross et al. established the capacity region for the corresponding memoryless Gaussian channel in [31]. Most recently, the work in [15] extended Willems’s channel [30] to a secret scenario with an external eavesdropper, where only one source has information bearing messages to be transmitted while the other is just a helping node without its own messages to be sent. Different to the model in [15], this paper considers a more general CMAC-E model in the sense that both the two sources have their own messages to be sent. The aim of this paper is to investigate the effect of the conference on secrecy for the CMAC-E channel, and demonstrate that the conference can enlarge the achievable rate region if compared with the achievable result for MAC-WT in [8] with independent inputs. First, we derive an achievable rate region for the general memoryless CMAC-E channel which is mainly based on the combination of Willems’s coding scheme in [30] and Wyner’s random binning in [2]. A key feature of the proposed secrecy achievable scheme is that it includes not only the implicit cooperation but also the explicit cooperation to facilitate the cooperative secure transmission. We also provide another achievable rate region with a simpler expression and demonstrate that two types of regions are exactly the same. Such a rate region can be viewed as a generalization of the one in [30] to a secrecy context, and some existing works can be viewed as special cases of this rate region. Next, a Sato-type outer bound is derived on the secrecy capacity, which is shown to be dominated by the conference capacity pair. The basic idea is mainly based on an enhanced channel where a genie gives the signal received at the eavesdropper to the intended decoder as side information and the fact that the secrecy capacity region depends only on the marginal transition probability. Finally, the results of the inner and outer bounds for the discrete memoryless channel are extended to the Gaussian CMAC-E based on the Gaussian codebooks and a combination of the bounding approaches in [5] and [31], respectively. Specifically, two transmission schemes are proposed for the Gaussian CMAC-E, which are termed as the multiplexed and cooperative time division multiple access (TDMA) schemes. The performance of such two transmission schemes are illustrated by the numerical results which demonstrate that the conference links between two encoders can help both sources to achieve larger secrecy rates. Even for the strong eavesdropping case, the proposed partial beamforming scheme can still enable each source to achieve a positive secrecy rate, whereas the achievable rate of each source for MAC-WT in [8] becomes zero. For some special cases, the proposed outer bound is quite close to the developed inner bound rate region. The remainder of this paper is organized as follows. In Section II, the system model is described for the CMAC-E. Section III states the inner and outer bounds on the secrecy capacity for the discrete memoryless CMAC-E channel. Section IV investigates a Gaussian CMAC-E, where several transmission and power allocation schemes are proposed and an outer bound rate region is established. Section V illustrates numerical results through some examples. Conclusions are provided in Section VI.

XU et al.: RATE REGIONS FOR MAC WITH CONFERENCE AND SECRECY CONSTRAINTS

II. N OTATIONS AND S YSTEM M ODEL Throughout this paper, a sequence of random variables with time index i ∈ {1, . . . , N} is denoted as X N {X 1 , . . . , X N }. N−1 Similarly, for ∀n ≤ N, X n {X i , 1 ≤ i ≤ n}. And X ]n[ {X i , 1 ≤ i < n, and n < i ≤ N}. Also, the probability distribution of a random variables X (with alphabet X ) is denoted in the form of the shorthand p(x) Pr (X = x), x ∈ X . E(X) denotes the expectation of X, and |X | denotes the cardinality of the set X . Moreover, we define [x]+ max{0, x}, x¯ 1 − x, and C(x) = 12 log(1 + x). The considered partially cooperative multiple access communication model, termed as CMAC-E, has been shown in Fig. 1. Specifically, a discrete memoryless MAC with an eavesdropper denoted by (X1 × X2 , p(y1 , y2 |x 1 , x 2 ), Y1 × Y2 ) consists of two finite input alphabets (X1 and X2 ) at the two encoders (sources), two output alphabets (Y1 and Y2 ) at the decoder (destination) and the eavesdropper respectively, and a channel transmission probability distribution p(y1 , y2 |x 1 , x 2 ) where x t ∈ Xt , yt ∈ Yt for t = 1, 2. Besides, there are two communication links between the two encoders with finite capacities C1 and C2 , which forms a conference. The encoder of source t wishes to send a message Wt ∈ {1, . . . , Mt } to the destination in N channel uses, while keeping it secret from the eavesdropper. The eavesdropper is assumed to be passive and know perfectly the codebooks at the two source encoders. Each encoder is completely described by a set of K communication functions and an encoding function. The conference is therefore completely described by the two sets of K communication functions {h t,1 , . . . , h t,K }, t = 1, 2. Each function h t,k maps the secret message Wt and the sequence of previously received symbols into the kth symbol Vt,k , where Vt,k ranges over the finite alphabet Vt,k . The encoding function ft of source t maps Wt and what was learned from the conference into a codeword X tN . We can summarize this, for k = 1, . . . , K , as V1,k = h 1,k (W1 , Wd1 , V2k−1 ),

(1)

h 2,k (W2 , Wd2 , V1k−1 ), f 1 (W1 , Wd1 , V2K ), f 2 (W2 , Wd2 , V1K ),

(2)

V2,k = X 1N X 2N

= =

(3) (4)

where Wd1 and Wd2 are private independent random variables with arbitrary entropies, and are used to randomize the mapping between messages and codewords (stochastic encoders). Besides, the conference rates are bounded as K

log(|Vt,k |) ≤ NCt , t = 1, 2.

(5)

k=1

A code has two sets of K communication functions, two encoding functions and a decoding function g: (Wˆ 1 , Wˆ 2 ) = g(Y1N ), such that the error probability is 1 Pr g(Y1 ) N Pe = M1 M2 (w1 ,w2 )∈W1 ×W2 = (w1 , w2 )|(w1 , w2 ) sent . (6)

1963

The secrecy level is measured by the equivocation rate H (W1 , W2 |Y2N ). A rate pair (R1 , R2 ) is said to be achievable for this CMAC-E if for any > 0 there exists an (M1 , M2 , N, K , Pe ) code such that 1 N

Mt ≥ 2 N Rt , t = 1, 2; Pe ≤ , 1 and R1 + R2 − H (W1, W2 |Y2N ) ≤ (7) N for a sufficiently large N. Note that the above secrecy requirement on the full message set also ensures the secrecy of individual message, i.e. N1 I (W1 , W2 ; Y2N ) ≤ implies that 1 N N I (Wt ; Y2 ) ≤ for t = 1, 2. The secrecy capacity region of this CMAC-E is the closure of the set of all achievable rate pairs (R1 , R2 ), denoted as CCMAC-E . III. D ISCRETE M EMORYLESS CMAC-E: I NNER AND O UTER B OUNDS In this section, the inner and outer bounds on the secrecy capacity for the discrete memoryless CMAC-E will be presented, respectively. A. Inner Bound Before the presentation of the inner bound, we first make some definitions as following. Definition 1: Let P denote the set of all joint distributions of the random variables Q, U, X 1 , X 2 that factor as p(q, u, x 1 , x 2 ) = p(q) p(u|q) p(x 1|q, u) p(x 2|q, u). (8) Note that X 1 − (U, Q) − X 2 is a Markov chain. Here Q is a time-sharing parameter; the variable U corresponds to the common message obtained via the conference links; conditioned on U and Q, the channel inputs X 1 and X 2 can be generated. Definition 2: Given C1 , C2 and a joint distribution p ∈ P, the rate region R1 ( p) on the rate pair (R1 , R2 ) is given by R1 ( p) (R1 , R2 ) : R1 ≥ 0, R2 ≥ 0, R1 ≤ I (X 1 ; Y1 |X 2 , U, Q) + C1 , R1 ≤ [I (X 1 ; Y1 |X 2 , U, Q) + []+ − I (X 1 ; Y2 |U, Q)]+ R2 ≤ I (X 2 ; Y1 |X 1 , U, Q) + C2 , R2 ≤ [I (X 2 ; Y1 |X 1 , U, Q) + []+ − I (X 2 ; Y2 |U, Q)]+ R1 + R2 ≤ [I (X 1 , X 2 ; Y1 |U, Q) + []+ − I (X 1 , X 2 ; Y2 |U, Q)]+ R1 + R2 ≤ [I (X 1 , X 2 ; Y1 |U, Q) − I (X 1 , X 2 ; Y2 |U, Q) + F ()(I (U ; Y1 |Q) − I (U ; Y2 |Q))]+ ,

(9)

where = C1 + C2 − I (U; Y2 |Q) and F is a unit step 0, if < 0 function of , i.e. F () = . 1, if ≥ 0 When ≥ 0, the common information obtained from the conference links is significant, and the achievable rate region R1 ( p) is obtained by a coding scheme integrating Willems’s coding [30] and Wyner’s random binning [2], which will be further discussed in the next subsection. When < 0, since the eavesdropper can completely decode the common message, the information obtained from the conference links is useless.

1964

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 12, DECEMBER 2013

In this case, we simply disable the conference links and R1 ( p) is obtained using independent channel inputs [7], [8]. Definition 3: Given C1 , C2 and a joint distribution p ∈ P, the rate region R2 ( p) on the rate pair (R1 , R2 ) is given by R2 ( p) (R1 , R2 ) : R1 ≥ 0, R2 ≥ 0, R1 ≤ I (X 1 ; Y1 |X 2 , U, Q) + C1 ,

Fig. 2.

R1 ≤ [I (X 1 ; Y1 |X 2 , U, Q)+C1 +C2 −I (U, X 1 ; Y2 |Q)]+ R2 ≤ I (X 2 ; Y1 |X 1 , U, Q) + C2 , R2 ≤ [I (X 2 ; Y1 |X 1 , U, Q)+C1 +C2 −I (U, X 2 ; Y2 |Q)]+ R1 + R2 ≤ [I (X 1 , X 2 ; Y1 |U, Q) + C1 + C2 −I (X 1 , X 2 ; Y2 |Q)]+

R1 + R2 ≤ [I (X 1 , X 2 ;Y1 |Q)− I (X 1 , X 2 ;Y2 |Q)]+ .

(10)

The expression of this new rate region, R2 ( p), is much simpler than that of R1 ( p), since the unit step function F has been removed . When ≥ 0, it is obvious that the two rate regions are the same. Furthermore, when we consider the union sets for all the joint distributions, we can prove that p∈P R1 ( p) is equivalent to p∈P R2 ( p), as shown in Appendix B. Based on the above definitions, an achievable secrecy rate region and its equivalent expression can be given as following. Theorem 1: The secrecy rate region given below is achievable for the CMAC-E with the conference capacity pair (C1 , C2 ), ˜ CMAC-E R1 ( p) ⊆ CCMAC-E . R p∈P

Proof: The achievable coding scheme are outlined in the ˜ CMAC-E next subsection and the proof of the achievability of R are provided in Appendix A. We can further simplify the above achievable region in the following lemma. Lemma 2: For a given capacity pair (C1 , C2 ), define a new rate region RCMAC-E as given RCMAC-E p∈P R2 ( p), and we can show that the two rate regions are equivalent, i.e. R˜ CMAC-E = RCMAC-E . Proof: refer to Appendix B. In the following sections, we will use the rate region RCMAC-E instead of R˜ CMAC-E for simplicity. B. Outline of the Achievable Coding Scheme in Theorem 1 To achieve the secrecy rate region in Theorem 1, the two encoders use a coding scheme that blends Willems’s coding [30] method and Wyner’s random binning method [2]. The encoder at source t (t = 1, 2) first splits the secret message wt into two independent secrecy messages wc,t and w p,t . Then encoder t randomly generates the dummy x and w x to mix with messages w messages wc,t c,t and w p,t p,t respectively, which utilizes the basis of the random binning method in [2]. In the conference, the two encoders exchange

x , w x ). Encoder structure, where w0 = (wc,1 , wc,2 , wc,1 c,2

x x the messages (wc,1 , wc,1 ) and (wc,2 , wc,2 ) which form a x x ). Knowing common message w0 = (wc,1 , wc,2 , wc,1 , wc,2 w0 and the time sharing sequence q = (q1 , . . . , q N ), both encoders map the common message into a codeword u(w0 ) generated according to the probability distribution p(u|q) =

N i=1 p(u i |qi ). Then, using the superposition coding scheme in the form of Willems’s coding [30], encoder t maps the common message w0 and the private message (w p,t , w xp,t ) into a codeword xt (w0 , w p,t , w xp,t ) generated according to

N p(x i |u i , qi ) using u(w0 ). Finally, source t p(x|u, q) = i=1 transmits the codeword xt (w0 , w p,t , w xp,t ) in N channel uses. This encoding process is shown in Fig. 2. Now some remarks are provided as follows. Remark 1: The inner bound rate region R˜ CMAC-E and CMAC-E are already convex thanks to the auxiliary random R variable Q which represents a time-sharing parameter. Furthermore, if we use the channel prefixing technique (e.g. [3], [17]), the performance of the proposed scheme may be further enhanced. However, such a channel prefixing method is not considered in this paper due to the intractable evaluation of its performance. Remark 2: Compared to Willems’s coding in [30], we mix the messages that need to be decoded at the intended destination with some dummy messages. In particular, the common (private) message consists of not only the common (private) secrecy message but also the common (private) dummy message. Note that these dummy messages can provide the necessary randomness into the channel to confuse the eavesdropper and protect the secrecy messages. Remark 3: Beyond the explicit cooperation via directly transmitting the other source’s message, the proposed cooperative encoding scheme also allows the sources to help each other by adding more randomness into the channel. This is because there is a freedom in the allocation of randomness at the two sources (e.g. refer to Eq. (39) and (40) in Appendix A). In addition to adding more independent randomness via the private dummy message [8], each source can also help the other by adding more correlative randomness via the common dummy message.

C. Some Special Cases We use our results on CMAC-E to unify some existing channel models as follows. 1) Partially Cooperating MAC: In [30], Willems has characterized the capacity for the partially cooperating MAC without a secrecy constraint, denoted as R pc which can be

XU et al.: RATE REGIONS FOR MAC WITH CONFERENCE AND SECRECY CONSTRAINTS

Definition 5: Given C1 , C2 and some p˜ ∈ K, the region R O ( p) ˜ is given by: ˜ R O ( p) (R1 , R2 ) : R1 ≥ 0, R2 ≥ 0,

expressed as R pc

(R1 , R2 ) : R1 ≥ 0, R2 ≥ 0,

1965

p(u) p(x 1 |u) p(x 2 |u)

p(u) p(x 1|u) p(x 2 |u)

R1 ≤ I (X 1 ; Y1 |U X 2 ) + C1 ,

R1 ≤ I (X 1 ; Y˜1 |X 2 , U ) + C1 , R2 ≤ I (X 2 ; Y˜1 |X 1 , U ) + C2 ,

R2 ≤ I (X 2 ; Y1 |U X 1 ) + C2 , R1 + R2 ≤ min{I (X 1 , X 2 ; Y1 |U ) (11) + C1 + C2 , I (X 1 , X 2 ; Y1 )} . If we disable the eavesdropper node by setting Y2 = ∅ in R2 defined in (10), the rate region RCMAC-E in Lemma 2 reduces to Willems’s capacity region R pc . Here the timesharing variable Q in (10) is useless since R pc is already convex. 2) Multiple Access Channel With an Eavesdropper: The multiple access channel with an eavesdropper (MAC-E), i.e. the MAC-WT in [8], is another special case of the CMAC-E if we disable the conference links by setting C1 = C2 = 0 and U = ∅ in (10). Then, the rate region RCMAC-E in Lemma 2 reduces to RMAC-E shown in [8], i.e. R2 ( p, C1 = 0, C2 = 0). (12) RMAC-E = p∈P s.t. U =∅

3) Cognitive Multiple Access Channel With an Eavesdropper: In [9], Simeone and Yener considered a cognitive multiple access channel with an eavesdropper (cgMAC-E). In the cgMAC-E, encoder 1 is cognitive in the sense that it knows a priori the messages (including both the secrecy message and dummy message) of encoder 2. If C1 = 0 and C2 is sufficiently large, one can verify that the CMAC-E reduces to the cgMAC-E since encoder 2 can reclassify its private message as the common message (i.e. U = X 2 ) and sent it via the communication link from encoder 2 to encoder 1. In this case, the rate region RCMAC-E in Lemma 2 reduces to the following achievable rate region R2 ( p, C1 = 0, C2 sufficiently large). RcgMAC-E = p∈P s.t. U =X 2

(13) It is straightforward to show that RcgCMAC-E is exactly equivalent to the achievable rate region in Proposition 2 in [9] if we further apply the channel prefixing as shown in Appendix in [9]. D. Outer Bound In this subsection, we provide a Sato-type outer bound on the capacity region. Definition 4: K denotes the class of CMAC-Es pY˜1 ,Y˜2 |X 1 ,X 2 that have the same marginal distributions pY1 |X 1 ,X 2 (y1 |x 1 , x 2 ) and pY2 |X 1 ,X 2 (y2 |x 1 , x 2 ), i.e., pY˜t |X 1 ,X 2 (yt |x 1, x 2 ) = pYt |X 1 ,X 2 (yt |x 1 , x 2 ) for t = 1, 2 and all x 1 , x 2 and y1 , y2 .

(14)

R1 + R2 ≤ I (X 1 , X 2 ; Y˜1 |U, Y˜2 )

+ C1 + C2 ,

R1 + R2 ≤ I (X 1 , X 2 ; Y˜1 |Y˜2 ) .

(15)

Theorem 3: The following region is a Sato-type outer bound on the capacity region of the CMAC-E with conference capacity pair (C1 , C2 ): CCMAC-E ⊆ ROuter R O ( p). ˜ (16) K p∈ ˜ K

Proof: The outer bound is obtained by assuming an enhanced channel condition where a genie gives the signal Y2 at the eavesdropper to the intended decoder as side information for decoding (W1 , W2 ). Furthermore, as shown in (6) and (7), the secrecy capacity region of the CMAC-E depends only on the marginal distributions pY1 |X 1 ,X 2 and pY2 |X 1 ,X 2 and does not depend on any further structure of the joint distribution pY1 ,Y2 |X 1 ,X 2 . Therefore, all the CMAC-Es in K (defined in Definition 4) have the same secrecy capacity region, which results in the intersection in Theorem 3. The details of the proof steps are provided in Appendix C. Remark 4: Since it is assumed that the decoder has a complete access to the signal received at the eavesdropper, the outer bound is generally loose. However, for some special cases, the outer bound shown in Theorem 3 can be close to the achievable rate region. We can take the degraded cgMAC-E (Section III-C) for example, i.e. C1 = 0, C2 is sufficiently large and (X 1 , X 2 ) − Y1 − Y2 is a Markov chain. In this case, one can check that the outer bound in Theorem 3 is equivalent to the secrecy rate region RcgMAC-E by setting Q = ∅ in (13). IV. S ECURITY FOR THE G AUSSIAN CMAC-E In this section, the results of the inner and outer bounds for the discrete memoryless CMAC-E developed in the previous section will be extended to the Gaussian CMAC-E (GCMAC-E) scenario. In addition, two transmission schemes, termed as the multiplexed and cooperative TDMA schemes, will be proposed, and their performance will be investigated in the next section by using the numerical results. A. Inner Bound The achievable scheme for the discrete memoryless CMAC-E can further be applied to the GCMAC-E scenario in the standard form [8] Y1 = X 1 + X 2 + N1 ,

Y2 = h 1 X 1 + h 2 X 2 + N2 ,

(17)

1966

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 12, DECEMBER 2013

where N1 , N2 ∼ N (0, 1) are the Gaussian noises and the average transmit powers at the two sources are constrained by N N 1 1 E[(X 1,n )2 ] ≤ P1 , E[(X 2,n )2 ] ≤ P2 . N N n=1

(18)

n=1

Note that the weak and strong eavesdropping GCMAC-Es correspond to the cases that h t < 1, h t > 1 for ∀t ∈ {1, 2}, respectively. Furthermore, a special weak eavesdropping channel, called the stochastically degraded GCMAC-E, corresponds to the case that h 1 = h 2 < 1 [7]. Denote p(q) as the probability mass function (PMF) on the time sharing parameter, and let A( p(q)) denote the set of all the power allocations A( p(q)) (P1u (q), P1x0 (q), P2u (q), P2x0 (q), ∀q ∈ Q| [Ptu (q) + Ptx0 (q)] p(q) ≤ Pt , for t = 1, 2 . q∈Q

(19) Then define a set of joint Gaussian distributions: PG p| p ∈ P, (P1u (q), P1x0 (q), P2u (q), P2x0 (q)) ∈ A( p(q)), ∀q ∈ Q, r ∈ {1, −1}, U (q) ∈ N (0, 1), X 1,0 (q) ∼ N (0, P1x0 (q)), X 2,0 (q) ∼ N (0, P2x0 (q)), X 1 (q) = P1U (q)U (q) + X 1,0 (q), (20) X 2 (q) = r P2U (q)U (q) + X 2,0 (q) , where r is used to determine the covariance of X 1 (q) and X 2 (q) to be positive or negative. Using this set of distributions, the achievable rate region in Lemma 2 can be given as GCMAC-E convex closure of Corollary 4: R GCMAC-E . R ( p) ⊆ C 2 p∈PG To be more specific, we will consider two simple types of transmission schemes as follows. 1) Multiplexed Scheme: Now, consider the multiplexed scheme by fixing |Q| = 1. In this case, we can omit the time sharing parameter q for simplicity and the power allocation set becomes to A1 (P1u , P1x0 , P2u , P2x0 )|Ptu + Ptx0 ≤ Pt , for t = 1, 2 . (22)

We first define the multiplexed region as follows for some given power allocation. Definition 6: (GCMAC-E Multiplexed (CMA-MP) Region) For some r ∈ {1, −1} and power allocation A ∈ A1 , where A = (P1u , P1x0 , P2u , P2x0 ) , the multiplexed region R2G (r, A) is given by (21) (at the bottom of the page). Then the following rate region can be obtained for this multiplexed scheme. , where Corollary 5: RCMA-MP ⊆ RGCMAC-E ⎧ ⎫ ⎨ ⎬ RCMA-MP convex closure of R2G (r, A) . (23) ⎩ ⎭ r=±1,A∈A1

Proof: It is easy to prove that the region R2 in (10) is equivalent to R2G for a given p ∈ PG s.t. |Q| = 1 and A ∈ A1 by calculating each mutual information term in (10). In the next, we will define two computationally simple subregions to further simplify the above region. ⊆ RCMA-MP ⊆ RGCMAC-E , for Corollary 6: RCMA-MP m m = 1, 2, where the subregion RCMA-MP (RCMA-MP ) is 1 2 CMA-MP in (23) except defined in exactly the same fashion as R that we fix r = 1 (r = −1) and A ∈ A1,1 (A1,2 ). Here A1,1 = {A|A ∈ A1 , P1u = P2u } and A1,2 = {A|A ∈ A1 , h 1 P1u = h 2 P2u , P1x0 = P2x0 = 0}. Remark 5: The first subregion RCMA-MP corresponds to the 1 first partial beamforming strategy that aims to enhance the main channel and the decoding capability at the destination. corresponds to the second The second subregion RCMA-MP 2 beamforming strategy that aims to decrease the eavesdropping channel and the decoding capability at the eavesdropper. As shown in Section V, these two beamforming strategies are suitable for the weak and strong eavesdropping GCMAC-E channels, respectively. 2) Cooperative TDMA Scheme: Given 0 ≤ α1 ≤ 1 and α2 = 1−α1 , we first define a time-sharing power allocation as A2 (P1u (q), P1x0 (q), P2u (q), P2x0 (q)) for q = 1, 2| P2x0 (1) = P1x0 (2) = 0, α1 (P1u (1)+ P1x0 (1)) + α2 P1u (2) ≤ P1 , α1 P2u (1) + α2 (P2u (2) +P2x0 (2)) ≤ P2 .

(26)

Then, define a cooperative TDMA region as following. Definition 7: (GCMAC-E Cooperative TDMA Region (CMA-CT):) Let a = (α1 , α2 ) which satisfy 0 ≤ α1 ≤ 1

R2G (r, A) (R1 , R2 ) : R1 ≥ 0, R2 ≥ 0,

+

( h 1 P1u + r h 2 P2u )2 + h 1 P1x0 C + C2 − C R1 ≤ min C 1 + h 2 P2x0 +

x0 x0 ( h 1 P1u + r h 2 P2u )2 + h 2 P2x0 R2 ≤ min C P2 + C2 , C P2 + C1 + C2 − C 1 + h 1 P1x0 R1 + R2 ≤ min C P1x0 + P2x0 + C1 + C2 , C ( P1u + r P2u )2 + P1x0 + P2x0 + . −C ( h 1 P1u + r h 2 P2u )2 + h 1 P1x0 + h 2 P2x0

P1x0 + C1 ,

P1x0 + C1

(21)

XU et al.: RATE REGIONS FOR MAC WITH CONFERENCE AND SECRECY CONSTRAINTS

and α1 + α2 = 1. Then, for some r ∈ {1, −1} and power T allocation A ∈ A2 , the cooperative TDMA region RC 2 (r, A) is given by (24) (at the bottom of the page). T This region RC 2 (r, A) is obtained by a cooperative scheme based on the TDMA-like approach. Here we divide the N channel uses into two periods whose lengths are α1 N and α2 N, respectively. During the first period with α1 N channel uses, source 1 generates randomized codewords using power P1u (1) and P1x0 (1), while source 2 generates random dummy codewords using power P2u (1). Then the constraint of R1 in (24) can be obtained by fixing A ∈ A2 , p ∈ PG and R2 = 0 in (10). For the second period with α2 N channel uses, the two sources swap their roles and similar steps can be carried out, where the details are omitted here due to the symmetry. Based on this cooperative TDMA scheme and the above definition, the following rate region can be achieved. Corollary 7: RCMA-CT ⊆ RGCMAC-E , where RCMA-CT ⎧ convex closure of ⎪ ⎪ ⎪ ⎪ ⎨ ⎪ ⎪ ⎪ ⎪ ⎩ r = ±1, A ∈ A2 ,

0 ≤ α1 ≤ 1, α1 + α2 = 1

⎫ ⎪ ⎪ ⎪ ⎪ ⎬

T RC 2 (r, A, a)⎪. (27) ⎪ ⎪ ⎪ ⎭

Proof: Here we utilize a time sharing random variable T can Q ∗ whose PMF is p(q) = αq for q = 1, 2. Then RC 2 be obtained from R2 in (10) for p ∈ PG s.t. Q = Q ∗ and A ∈ A2 by fixing R2 = 0 if Q = 1 and R1 = 0 if Q = 2. Remark 6: In the above cooperative TDMA scheme, we only require the helper source to add randomness via the correlative common randomized codebook for simplicity. However, the proposed cooperation coding scheme (Corollary 4) allows more general cooperation schemes. For example, each source can help the other through the independent private randomized codebook. In addition, the number of cardinalities in Q can be designed greater than 2. However, this simplified region in Corollary 7 still plays an important role as shown in the numeral results in the next section. Similar to Corollary 6, we will define two computationally simple subregions of RCMA-CT . ⊆ RCMA-CT ⊆ RGCMAC-E for m = Corollary 8: RCMA-CT m 1, 2, where the subregion RCMA-CT (RCMA-CT ) is defined in 1 2 exactly the same fashion as RCMA-CT in (27) except that we fix r = 1 (r = −1) and A ∈ A2,1 (A2,2 ). Here A2,1 = {A|A ∈ A2 , P1u (1) = P2u (1), P1u (2) = P2u (2)} and A2,2 = {A|A ∈ A2 , h 1 P1u (1) = h 2 P2u (1), h 1 P1u (2) = h 2 P2u (2), P1x0 (1) = P2x0 (2) = 0}.

T RC 2 (r, A, a)

1967

B. Outer Bound The following lemma gives the outer bound based on the Sato-type outer bound shown in Theorem 3 for this GCMAC-E. Lemma 9: An outer bond on the capacity of this GCMACE given by (17) can be expressed as RG (28) ROuter G O (ρ), −1

1961

Rate Regions for Multiple Access Channel With Conference and Secrecy Constraints Peng Xu, Zhiguo Ding, Member, IEEE, and Xuchu Dai

Abstract— This paper studies the impact of partial encoder cooperation on the secrecy of the multiple access channel (MAC) with an external eavesdropper. In particular, two encoders, connected by two communication links with finite capacities, wish to send secret messages to the common intended decoder in the presence of a passive eavesdropper. The inner and outer bounds on the secrecy capacity are derived for the discrete memoryless channel. The derived inner bound rate region is achievable by combining Willems’s coding for the MAC with partially cooperating encoders and Wyner’s random binning for the wiretap channel. Then, both the inner and outer bounds are extended to the Gaussian case and the corresponding rate regions are established. Several simple achievable transmission schemes are proposed for the Gaussian channel and the numerical results show that the partial encoder cooperation can increase the achievable rate regions. Index Terms— Information-theoretic secrecy, secrecy capacity region, partial encoder cooperation.

I. I NTRODUCTION

T

HE notion of information-theoretic security was introduced by Shannon in [1], where the transmission was assumed to be noiseless, and the confidential message was protected by using a key whose rate must be equal to the rate of data. Considering the noisy transmission, Wyner introduced the wiretapper channel in [2], where the signal received by the eavesdropper is a degraded version of the signal at the destination. Csiszár and Körner extended this degraded wiretapper channel to the general case and found the secrecy capacity in [3]. Recently, a variety of communication scenarios have been studied in order to find the corresponding secrecy capacities. Many of these channel models included an external eavesdropper in addition to the legitimate receivers, which

Manuscript received November 25, 2012; revised June 30, 2013 and September 4, 2013; accepted September 14, 2013. Date of publication September 20, 2013; date of current version November 11, 2013. The work of P. Xu and X. Dai was supported in part by the National Natural Science Foundation of China NSFC-61071094, in part by the National Basic Research Program of China (973 Program: 2013CB329004), and in part by the Intercollegiate Key Project of Nature Science of Anhui Province under Grant KJ2012A283. The work of Z. Ding was supported in part by the U.K. EPSRC under Grant EP/I037423/1 and in part by a EC-FP7 Marie Curie Outgoing International Fellowship. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Y.-W. Peter Hong. P. Xu and X. Dai are with the Department of Electronic Engineering and Information Science, University of Science and Technology of China, Hefei 230027, China (e-mail: [email protected]; [email protected]). Z. Ding is with the School of Electrical, Electronic, and Computer Engineering Newcastle University, Newcastle NE1 7RU, U.K. (e-mail: [email protected]). Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org. Digital Object Identifier 10.1109/TIFS.2013.2282913

follows the classical wiretap channels in [2] and [3]. With such an external eavesdropper in the system, secrecy rates have been developed for the multiple input multiple output (MIMO) wiretap channels in [4]–[6], multiple access wiretap channel (MAC-WT) in [7]–[9], the degraded compound multireceiver wiretap channel with two groups of users and a group of eavesdroppers [10], three-receiver broadcast channel with two eavesdroppers [11], [12], the relay-eavesdropper channel [13]–[15], the interference channel with an eavesdropper (IC-E) [16], [17], etc. Another set of channel models addressed the case that a node is the legitimate receiver for a certain information but also acts as an eavesdropper for the unintended messages in the system. This kind of work includes the multiple access channel with confidential messages (MACCM) [18]–[21], broadcast channel with confidential messages (BC-CM) [22]–[25], interference channel with confidential messages (IC-CM) [22], [26], etc. Moreover, the works in [27]–[29] considered an untrusted helper relay, where the cooperating node acted as a helper and an eavesdropper at the same time. Motivated by the potential of user cooperation to enhance the security level, many existing works have been carried out to characterize the effect of user cooperation for a variety of communication networks. It is important to recall that there are two types of user cooperation strategies, termed as the implicit cooperation and the explicit cooperation, respectively. The implicit cooperation strategy means that a helper node is to send dummy messages (or even pure noise) which are independent to the information bearing source messages in order to confuse eavesdroppers, such as cooperative jamming [8], the interference assisted scheme [14] and artificial noise (or channel prefixing) [17], [22]. The explicit cooperation strategy requires the helper user to send helping messages that are correlated to the intended messages, such as the decodeand-forward (DF) scheme for relay-eavesdropper channels [13] and cooperative coding schemes for cognitive channels (i.e. one user non-causally knows the other users’ messages) [9], [26]. Moveover, the work in [21] proposes another type of explicit cooperation for a generalized two-user MAC channel, where users can help each other by transmitting correlated messages through a one-way public channel. Different to these works, this paper is to design a hybrid cooperation scheme that requires the helper node to perform the explicit and implicit cooperation strategies simultaneously. Specifically, the helper node will send private dummy messages which are to confuse the eavesdropper, and also forward common source messages to the destination in order to improve the reception capability at the destination. The rates of

1556-6013 © 2013 IEEE

1962

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 12, DECEMBER 2013

Fig. 1.

Conferencing MAC with an eavesdropper (CMAC-E).

these two types of messages are determined by the capacities of the communication links between the two sources. In particular, compared to the implicit cooperation schemes in [8], [14], [17] and [22] based on sending independent dummy messages at different transmitters, the proposed cooperative scheme also considers explicit cooperation by coordinating two sources to transmit signals partially correlated to each other. Compared to the explicit cooperation schemes in [9], [13] and [26] that require the helper node to have a total knowledge of the other users’ messages, the proposed cooperative scheme considers a more practical cooperation scenario in which each helper node only needs to partially decode the other source’s messages. In addition, unlike the explicit cooperation scheme in [21] which aims only to enhance the reception capability at the destination, the proposed hybrid cooperative scheme also considers how to suppress the eavesdropping channel by sending private dummy messages. We further expand on the addressed channel model and the main contributions of this paper as follows. The focus of this paper is to deal with the partial cooperation for the MAC with an external passive1 eavesdropper. Such a partially cooperating channel model is termed as the conferencing MAC with an eavesdropper (CMAC-E), as shown in Fig. 1. Compared to the MAC-WT channel in [8], there is a conference between two sources which is formed by two communication links with finite capacities C1 and C2 . Compared to the generalized MAC channel in [21], the secure transmission problem considered in the addressed CMAC-E channel is also different due to the presence of the external eavesdropper. The practicality of the addressed CMAC-E can be illustrated by using the following simple example. Consider a wireless sensor network, in which there exist two sensors located nearby to each other but far from a data fusion center and an eavesdropper. Before sending the secret message to the fusion center, each sensor can communicate with each other via a short-range channel and send a part of its secret message to its partner without being intercepted by the remote eavesdropper. Note that we do not assume errorless communications via such short-range conference links, and the impact of the corresponding error events has been taken into consideration when the achievable rate region is developed. The non-secrecy case of this model has been introduced in [30] for a MAC with partial encoder cooperation without an eavesdropper. Furthermore, Willems established the capacity 1 Note that, an eavesdropper is termed as a passive one if it only listens without sending any information. Otherwise, it is termed as an active one, such as the eavesdroppers in the MAC-CM channels [18]–[21] which perform eavesdropping and transmit messages at the same time.

region of this model for the discrete memoryless case in [30] and Bross et al. established the capacity region for the corresponding memoryless Gaussian channel in [31]. Most recently, the work in [15] extended Willems’s channel [30] to a secret scenario with an external eavesdropper, where only one source has information bearing messages to be transmitted while the other is just a helping node without its own messages to be sent. Different to the model in [15], this paper considers a more general CMAC-E model in the sense that both the two sources have their own messages to be sent. The aim of this paper is to investigate the effect of the conference on secrecy for the CMAC-E channel, and demonstrate that the conference can enlarge the achievable rate region if compared with the achievable result for MAC-WT in [8] with independent inputs. First, we derive an achievable rate region for the general memoryless CMAC-E channel which is mainly based on the combination of Willems’s coding scheme in [30] and Wyner’s random binning in [2]. A key feature of the proposed secrecy achievable scheme is that it includes not only the implicit cooperation but also the explicit cooperation to facilitate the cooperative secure transmission. We also provide another achievable rate region with a simpler expression and demonstrate that two types of regions are exactly the same. Such a rate region can be viewed as a generalization of the one in [30] to a secrecy context, and some existing works can be viewed as special cases of this rate region. Next, a Sato-type outer bound is derived on the secrecy capacity, which is shown to be dominated by the conference capacity pair. The basic idea is mainly based on an enhanced channel where a genie gives the signal received at the eavesdropper to the intended decoder as side information and the fact that the secrecy capacity region depends only on the marginal transition probability. Finally, the results of the inner and outer bounds for the discrete memoryless channel are extended to the Gaussian CMAC-E based on the Gaussian codebooks and a combination of the bounding approaches in [5] and [31], respectively. Specifically, two transmission schemes are proposed for the Gaussian CMAC-E, which are termed as the multiplexed and cooperative time division multiple access (TDMA) schemes. The performance of such two transmission schemes are illustrated by the numerical results which demonstrate that the conference links between two encoders can help both sources to achieve larger secrecy rates. Even for the strong eavesdropping case, the proposed partial beamforming scheme can still enable each source to achieve a positive secrecy rate, whereas the achievable rate of each source for MAC-WT in [8] becomes zero. For some special cases, the proposed outer bound is quite close to the developed inner bound rate region. The remainder of this paper is organized as follows. In Section II, the system model is described for the CMAC-E. Section III states the inner and outer bounds on the secrecy capacity for the discrete memoryless CMAC-E channel. Section IV investigates a Gaussian CMAC-E, where several transmission and power allocation schemes are proposed and an outer bound rate region is established. Section V illustrates numerical results through some examples. Conclusions are provided in Section VI.

XU et al.: RATE REGIONS FOR MAC WITH CONFERENCE AND SECRECY CONSTRAINTS

II. N OTATIONS AND S YSTEM M ODEL Throughout this paper, a sequence of random variables with time index i ∈ {1, . . . , N} is denoted as X N {X 1 , . . . , X N }. N−1 Similarly, for ∀n ≤ N, X n {X i , 1 ≤ i ≤ n}. And X ]n[ {X i , 1 ≤ i < n, and n < i ≤ N}. Also, the probability distribution of a random variables X (with alphabet X ) is denoted in the form of the shorthand p(x) Pr (X = x), x ∈ X . E(X) denotes the expectation of X, and |X | denotes the cardinality of the set X . Moreover, we define [x]+ max{0, x}, x¯ 1 − x, and C(x) = 12 log(1 + x). The considered partially cooperative multiple access communication model, termed as CMAC-E, has been shown in Fig. 1. Specifically, a discrete memoryless MAC with an eavesdropper denoted by (X1 × X2 , p(y1 , y2 |x 1 , x 2 ), Y1 × Y2 ) consists of two finite input alphabets (X1 and X2 ) at the two encoders (sources), two output alphabets (Y1 and Y2 ) at the decoder (destination) and the eavesdropper respectively, and a channel transmission probability distribution p(y1 , y2 |x 1 , x 2 ) where x t ∈ Xt , yt ∈ Yt for t = 1, 2. Besides, there are two communication links between the two encoders with finite capacities C1 and C2 , which forms a conference. The encoder of source t wishes to send a message Wt ∈ {1, . . . , Mt } to the destination in N channel uses, while keeping it secret from the eavesdropper. The eavesdropper is assumed to be passive and know perfectly the codebooks at the two source encoders. Each encoder is completely described by a set of K communication functions and an encoding function. The conference is therefore completely described by the two sets of K communication functions {h t,1 , . . . , h t,K }, t = 1, 2. Each function h t,k maps the secret message Wt and the sequence of previously received symbols into the kth symbol Vt,k , where Vt,k ranges over the finite alphabet Vt,k . The encoding function ft of source t maps Wt and what was learned from the conference into a codeword X tN . We can summarize this, for k = 1, . . . , K , as V1,k = h 1,k (W1 , Wd1 , V2k−1 ),

(1)

h 2,k (W2 , Wd2 , V1k−1 ), f 1 (W1 , Wd1 , V2K ), f 2 (W2 , Wd2 , V1K ),

(2)

V2,k = X 1N X 2N

= =

(3) (4)

where Wd1 and Wd2 are private independent random variables with arbitrary entropies, and are used to randomize the mapping between messages and codewords (stochastic encoders). Besides, the conference rates are bounded as K

log(|Vt,k |) ≤ NCt , t = 1, 2.

(5)

k=1

A code has two sets of K communication functions, two encoding functions and a decoding function g: (Wˆ 1 , Wˆ 2 ) = g(Y1N ), such that the error probability is 1 Pr g(Y1 ) N Pe = M1 M2 (w1 ,w2 )∈W1 ×W2 = (w1 , w2 )|(w1 , w2 ) sent . (6)

1963

The secrecy level is measured by the equivocation rate H (W1 , W2 |Y2N ). A rate pair (R1 , R2 ) is said to be achievable for this CMAC-E if for any > 0 there exists an (M1 , M2 , N, K , Pe ) code such that 1 N

Mt ≥ 2 N Rt , t = 1, 2; Pe ≤ , 1 and R1 + R2 − H (W1, W2 |Y2N ) ≤ (7) N for a sufficiently large N. Note that the above secrecy requirement on the full message set also ensures the secrecy of individual message, i.e. N1 I (W1 , W2 ; Y2N ) ≤ implies that 1 N N I (Wt ; Y2 ) ≤ for t = 1, 2. The secrecy capacity region of this CMAC-E is the closure of the set of all achievable rate pairs (R1 , R2 ), denoted as CCMAC-E . III. D ISCRETE M EMORYLESS CMAC-E: I NNER AND O UTER B OUNDS In this section, the inner and outer bounds on the secrecy capacity for the discrete memoryless CMAC-E will be presented, respectively. A. Inner Bound Before the presentation of the inner bound, we first make some definitions as following. Definition 1: Let P denote the set of all joint distributions of the random variables Q, U, X 1 , X 2 that factor as p(q, u, x 1 , x 2 ) = p(q) p(u|q) p(x 1|q, u) p(x 2|q, u). (8) Note that X 1 − (U, Q) − X 2 is a Markov chain. Here Q is a time-sharing parameter; the variable U corresponds to the common message obtained via the conference links; conditioned on U and Q, the channel inputs X 1 and X 2 can be generated. Definition 2: Given C1 , C2 and a joint distribution p ∈ P, the rate region R1 ( p) on the rate pair (R1 , R2 ) is given by R1 ( p) (R1 , R2 ) : R1 ≥ 0, R2 ≥ 0, R1 ≤ I (X 1 ; Y1 |X 2 , U, Q) + C1 , R1 ≤ [I (X 1 ; Y1 |X 2 , U, Q) + []+ − I (X 1 ; Y2 |U, Q)]+ R2 ≤ I (X 2 ; Y1 |X 1 , U, Q) + C2 , R2 ≤ [I (X 2 ; Y1 |X 1 , U, Q) + []+ − I (X 2 ; Y2 |U, Q)]+ R1 + R2 ≤ [I (X 1 , X 2 ; Y1 |U, Q) + []+ − I (X 1 , X 2 ; Y2 |U, Q)]+ R1 + R2 ≤ [I (X 1 , X 2 ; Y1 |U, Q) − I (X 1 , X 2 ; Y2 |U, Q) + F ()(I (U ; Y1 |Q) − I (U ; Y2 |Q))]+ ,

(9)

where = C1 + C2 − I (U; Y2 |Q) and F is a unit step 0, if < 0 function of , i.e. F () = . 1, if ≥ 0 When ≥ 0, the common information obtained from the conference links is significant, and the achievable rate region R1 ( p) is obtained by a coding scheme integrating Willems’s coding [30] and Wyner’s random binning [2], which will be further discussed in the next subsection. When < 0, since the eavesdropper can completely decode the common message, the information obtained from the conference links is useless.

1964

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 12, DECEMBER 2013

In this case, we simply disable the conference links and R1 ( p) is obtained using independent channel inputs [7], [8]. Definition 3: Given C1 , C2 and a joint distribution p ∈ P, the rate region R2 ( p) on the rate pair (R1 , R2 ) is given by R2 ( p) (R1 , R2 ) : R1 ≥ 0, R2 ≥ 0, R1 ≤ I (X 1 ; Y1 |X 2 , U, Q) + C1 ,

Fig. 2.

R1 ≤ [I (X 1 ; Y1 |X 2 , U, Q)+C1 +C2 −I (U, X 1 ; Y2 |Q)]+ R2 ≤ I (X 2 ; Y1 |X 1 , U, Q) + C2 , R2 ≤ [I (X 2 ; Y1 |X 1 , U, Q)+C1 +C2 −I (U, X 2 ; Y2 |Q)]+ R1 + R2 ≤ [I (X 1 , X 2 ; Y1 |U, Q) + C1 + C2 −I (X 1 , X 2 ; Y2 |Q)]+

R1 + R2 ≤ [I (X 1 , X 2 ;Y1 |Q)− I (X 1 , X 2 ;Y2 |Q)]+ .

(10)

The expression of this new rate region, R2 ( p), is much simpler than that of R1 ( p), since the unit step function F has been removed . When ≥ 0, it is obvious that the two rate regions are the same. Furthermore, when we consider the union sets for all the joint distributions, we can prove that p∈P R1 ( p) is equivalent to p∈P R2 ( p), as shown in Appendix B. Based on the above definitions, an achievable secrecy rate region and its equivalent expression can be given as following. Theorem 1: The secrecy rate region given below is achievable for the CMAC-E with the conference capacity pair (C1 , C2 ), ˜ CMAC-E R1 ( p) ⊆ CCMAC-E . R p∈P

Proof: The achievable coding scheme are outlined in the ˜ CMAC-E next subsection and the proof of the achievability of R are provided in Appendix A. We can further simplify the above achievable region in the following lemma. Lemma 2: For a given capacity pair (C1 , C2 ), define a new rate region RCMAC-E as given RCMAC-E p∈P R2 ( p), and we can show that the two rate regions are equivalent, i.e. R˜ CMAC-E = RCMAC-E . Proof: refer to Appendix B. In the following sections, we will use the rate region RCMAC-E instead of R˜ CMAC-E for simplicity. B. Outline of the Achievable Coding Scheme in Theorem 1 To achieve the secrecy rate region in Theorem 1, the two encoders use a coding scheme that blends Willems’s coding [30] method and Wyner’s random binning method [2]. The encoder at source t (t = 1, 2) first splits the secret message wt into two independent secrecy messages wc,t and w p,t . Then encoder t randomly generates the dummy x and w x to mix with messages w messages wc,t c,t and w p,t p,t respectively, which utilizes the basis of the random binning method in [2]. In the conference, the two encoders exchange

x , w x ). Encoder structure, where w0 = (wc,1 , wc,2 , wc,1 c,2

x x the messages (wc,1 , wc,1 ) and (wc,2 , wc,2 ) which form a x x ). Knowing common message w0 = (wc,1 , wc,2 , wc,1 , wc,2 w0 and the time sharing sequence q = (q1 , . . . , q N ), both encoders map the common message into a codeword u(w0 ) generated according to the probability distribution p(u|q) =

N i=1 p(u i |qi ). Then, using the superposition coding scheme in the form of Willems’s coding [30], encoder t maps the common message w0 and the private message (w p,t , w xp,t ) into a codeword xt (w0 , w p,t , w xp,t ) generated according to

N p(x i |u i , qi ) using u(w0 ). Finally, source t p(x|u, q) = i=1 transmits the codeword xt (w0 , w p,t , w xp,t ) in N channel uses. This encoding process is shown in Fig. 2. Now some remarks are provided as follows. Remark 1: The inner bound rate region R˜ CMAC-E and CMAC-E are already convex thanks to the auxiliary random R variable Q which represents a time-sharing parameter. Furthermore, if we use the channel prefixing technique (e.g. [3], [17]), the performance of the proposed scheme may be further enhanced. However, such a channel prefixing method is not considered in this paper due to the intractable evaluation of its performance. Remark 2: Compared to Willems’s coding in [30], we mix the messages that need to be decoded at the intended destination with some dummy messages. In particular, the common (private) message consists of not only the common (private) secrecy message but also the common (private) dummy message. Note that these dummy messages can provide the necessary randomness into the channel to confuse the eavesdropper and protect the secrecy messages. Remark 3: Beyond the explicit cooperation via directly transmitting the other source’s message, the proposed cooperative encoding scheme also allows the sources to help each other by adding more randomness into the channel. This is because there is a freedom in the allocation of randomness at the two sources (e.g. refer to Eq. (39) and (40) in Appendix A). In addition to adding more independent randomness via the private dummy message [8], each source can also help the other by adding more correlative randomness via the common dummy message.

C. Some Special Cases We use our results on CMAC-E to unify some existing channel models as follows. 1) Partially Cooperating MAC: In [30], Willems has characterized the capacity for the partially cooperating MAC without a secrecy constraint, denoted as R pc which can be

XU et al.: RATE REGIONS FOR MAC WITH CONFERENCE AND SECRECY CONSTRAINTS

Definition 5: Given C1 , C2 and some p˜ ∈ K, the region R O ( p) ˜ is given by: ˜ R O ( p) (R1 , R2 ) : R1 ≥ 0, R2 ≥ 0,

expressed as R pc

(R1 , R2 ) : R1 ≥ 0, R2 ≥ 0,

1965

p(u) p(x 1 |u) p(x 2 |u)

p(u) p(x 1|u) p(x 2 |u)

R1 ≤ I (X 1 ; Y1 |U X 2 ) + C1 ,

R1 ≤ I (X 1 ; Y˜1 |X 2 , U ) + C1 , R2 ≤ I (X 2 ; Y˜1 |X 1 , U ) + C2 ,

R2 ≤ I (X 2 ; Y1 |U X 1 ) + C2 , R1 + R2 ≤ min{I (X 1 , X 2 ; Y1 |U ) (11) + C1 + C2 , I (X 1 , X 2 ; Y1 )} . If we disable the eavesdropper node by setting Y2 = ∅ in R2 defined in (10), the rate region RCMAC-E in Lemma 2 reduces to Willems’s capacity region R pc . Here the timesharing variable Q in (10) is useless since R pc is already convex. 2) Multiple Access Channel With an Eavesdropper: The multiple access channel with an eavesdropper (MAC-E), i.e. the MAC-WT in [8], is another special case of the CMAC-E if we disable the conference links by setting C1 = C2 = 0 and U = ∅ in (10). Then, the rate region RCMAC-E in Lemma 2 reduces to RMAC-E shown in [8], i.e. R2 ( p, C1 = 0, C2 = 0). (12) RMAC-E = p∈P s.t. U =∅

3) Cognitive Multiple Access Channel With an Eavesdropper: In [9], Simeone and Yener considered a cognitive multiple access channel with an eavesdropper (cgMAC-E). In the cgMAC-E, encoder 1 is cognitive in the sense that it knows a priori the messages (including both the secrecy message and dummy message) of encoder 2. If C1 = 0 and C2 is sufficiently large, one can verify that the CMAC-E reduces to the cgMAC-E since encoder 2 can reclassify its private message as the common message (i.e. U = X 2 ) and sent it via the communication link from encoder 2 to encoder 1. In this case, the rate region RCMAC-E in Lemma 2 reduces to the following achievable rate region R2 ( p, C1 = 0, C2 sufficiently large). RcgMAC-E = p∈P s.t. U =X 2

(13) It is straightforward to show that RcgCMAC-E is exactly equivalent to the achievable rate region in Proposition 2 in [9] if we further apply the channel prefixing as shown in Appendix in [9]. D. Outer Bound In this subsection, we provide a Sato-type outer bound on the capacity region. Definition 4: K denotes the class of CMAC-Es pY˜1 ,Y˜2 |X 1 ,X 2 that have the same marginal distributions pY1 |X 1 ,X 2 (y1 |x 1 , x 2 ) and pY2 |X 1 ,X 2 (y2 |x 1 , x 2 ), i.e., pY˜t |X 1 ,X 2 (yt |x 1, x 2 ) = pYt |X 1 ,X 2 (yt |x 1 , x 2 ) for t = 1, 2 and all x 1 , x 2 and y1 , y2 .

(14)

R1 + R2 ≤ I (X 1 , X 2 ; Y˜1 |U, Y˜2 )

+ C1 + C2 ,

R1 + R2 ≤ I (X 1 , X 2 ; Y˜1 |Y˜2 ) .

(15)

Theorem 3: The following region is a Sato-type outer bound on the capacity region of the CMAC-E with conference capacity pair (C1 , C2 ): CCMAC-E ⊆ ROuter R O ( p). ˜ (16) K p∈ ˜ K

Proof: The outer bound is obtained by assuming an enhanced channel condition where a genie gives the signal Y2 at the eavesdropper to the intended decoder as side information for decoding (W1 , W2 ). Furthermore, as shown in (6) and (7), the secrecy capacity region of the CMAC-E depends only on the marginal distributions pY1 |X 1 ,X 2 and pY2 |X 1 ,X 2 and does not depend on any further structure of the joint distribution pY1 ,Y2 |X 1 ,X 2 . Therefore, all the CMAC-Es in K (defined in Definition 4) have the same secrecy capacity region, which results in the intersection in Theorem 3. The details of the proof steps are provided in Appendix C. Remark 4: Since it is assumed that the decoder has a complete access to the signal received at the eavesdropper, the outer bound is generally loose. However, for some special cases, the outer bound shown in Theorem 3 can be close to the achievable rate region. We can take the degraded cgMAC-E (Section III-C) for example, i.e. C1 = 0, C2 is sufficiently large and (X 1 , X 2 ) − Y1 − Y2 is a Markov chain. In this case, one can check that the outer bound in Theorem 3 is equivalent to the secrecy rate region RcgMAC-E by setting Q = ∅ in (13). IV. S ECURITY FOR THE G AUSSIAN CMAC-E In this section, the results of the inner and outer bounds for the discrete memoryless CMAC-E developed in the previous section will be extended to the Gaussian CMAC-E (GCMAC-E) scenario. In addition, two transmission schemes, termed as the multiplexed and cooperative TDMA schemes, will be proposed, and their performance will be investigated in the next section by using the numerical results. A. Inner Bound The achievable scheme for the discrete memoryless CMAC-E can further be applied to the GCMAC-E scenario in the standard form [8] Y1 = X 1 + X 2 + N1 ,

Y2 = h 1 X 1 + h 2 X 2 + N2 ,

(17)

1966

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 12, DECEMBER 2013

where N1 , N2 ∼ N (0, 1) are the Gaussian noises and the average transmit powers at the two sources are constrained by N N 1 1 E[(X 1,n )2 ] ≤ P1 , E[(X 2,n )2 ] ≤ P2 . N N n=1

(18)

n=1

Note that the weak and strong eavesdropping GCMAC-Es correspond to the cases that h t < 1, h t > 1 for ∀t ∈ {1, 2}, respectively. Furthermore, a special weak eavesdropping channel, called the stochastically degraded GCMAC-E, corresponds to the case that h 1 = h 2 < 1 [7]. Denote p(q) as the probability mass function (PMF) on the time sharing parameter, and let A( p(q)) denote the set of all the power allocations A( p(q)) (P1u (q), P1x0 (q), P2u (q), P2x0 (q), ∀q ∈ Q| [Ptu (q) + Ptx0 (q)] p(q) ≤ Pt , for t = 1, 2 . q∈Q

(19) Then define a set of joint Gaussian distributions: PG p| p ∈ P, (P1u (q), P1x0 (q), P2u (q), P2x0 (q)) ∈ A( p(q)), ∀q ∈ Q, r ∈ {1, −1}, U (q) ∈ N (0, 1), X 1,0 (q) ∼ N (0, P1x0 (q)), X 2,0 (q) ∼ N (0, P2x0 (q)), X 1 (q) = P1U (q)U (q) + X 1,0 (q), (20) X 2 (q) = r P2U (q)U (q) + X 2,0 (q) , where r is used to determine the covariance of X 1 (q) and X 2 (q) to be positive or negative. Using this set of distributions, the achievable rate region in Lemma 2 can be given as GCMAC-E convex closure of Corollary 4: R GCMAC-E . R ( p) ⊆ C 2 p∈PG To be more specific, we will consider two simple types of transmission schemes as follows. 1) Multiplexed Scheme: Now, consider the multiplexed scheme by fixing |Q| = 1. In this case, we can omit the time sharing parameter q for simplicity and the power allocation set becomes to A1 (P1u , P1x0 , P2u , P2x0 )|Ptu + Ptx0 ≤ Pt , for t = 1, 2 . (22)

We first define the multiplexed region as follows for some given power allocation. Definition 6: (GCMAC-E Multiplexed (CMA-MP) Region) For some r ∈ {1, −1} and power allocation A ∈ A1 , where A = (P1u , P1x0 , P2u , P2x0 ) , the multiplexed region R2G (r, A) is given by (21) (at the bottom of the page). Then the following rate region can be obtained for this multiplexed scheme. , where Corollary 5: RCMA-MP ⊆ RGCMAC-E ⎧ ⎫ ⎨ ⎬ RCMA-MP convex closure of R2G (r, A) . (23) ⎩ ⎭ r=±1,A∈A1

Proof: It is easy to prove that the region R2 in (10) is equivalent to R2G for a given p ∈ PG s.t. |Q| = 1 and A ∈ A1 by calculating each mutual information term in (10). In the next, we will define two computationally simple subregions to further simplify the above region. ⊆ RCMA-MP ⊆ RGCMAC-E , for Corollary 6: RCMA-MP m m = 1, 2, where the subregion RCMA-MP (RCMA-MP ) is 1 2 CMA-MP in (23) except defined in exactly the same fashion as R that we fix r = 1 (r = −1) and A ∈ A1,1 (A1,2 ). Here A1,1 = {A|A ∈ A1 , P1u = P2u } and A1,2 = {A|A ∈ A1 , h 1 P1u = h 2 P2u , P1x0 = P2x0 = 0}. Remark 5: The first subregion RCMA-MP corresponds to the 1 first partial beamforming strategy that aims to enhance the main channel and the decoding capability at the destination. corresponds to the second The second subregion RCMA-MP 2 beamforming strategy that aims to decrease the eavesdropping channel and the decoding capability at the eavesdropper. As shown in Section V, these two beamforming strategies are suitable for the weak and strong eavesdropping GCMAC-E channels, respectively. 2) Cooperative TDMA Scheme: Given 0 ≤ α1 ≤ 1 and α2 = 1−α1 , we first define a time-sharing power allocation as A2 (P1u (q), P1x0 (q), P2u (q), P2x0 (q)) for q = 1, 2| P2x0 (1) = P1x0 (2) = 0, α1 (P1u (1)+ P1x0 (1)) + α2 P1u (2) ≤ P1 , α1 P2u (1) + α2 (P2u (2) +P2x0 (2)) ≤ P2 .

(26)

Then, define a cooperative TDMA region as following. Definition 7: (GCMAC-E Cooperative TDMA Region (CMA-CT):) Let a = (α1 , α2 ) which satisfy 0 ≤ α1 ≤ 1

R2G (r, A) (R1 , R2 ) : R1 ≥ 0, R2 ≥ 0,

+

( h 1 P1u + r h 2 P2u )2 + h 1 P1x0 C + C2 − C R1 ≤ min C 1 + h 2 P2x0 +

x0 x0 ( h 1 P1u + r h 2 P2u )2 + h 2 P2x0 R2 ≤ min C P2 + C2 , C P2 + C1 + C2 − C 1 + h 1 P1x0 R1 + R2 ≤ min C P1x0 + P2x0 + C1 + C2 , C ( P1u + r P2u )2 + P1x0 + P2x0 + . −C ( h 1 P1u + r h 2 P2u )2 + h 1 P1x0 + h 2 P2x0

P1x0 + C1 ,

P1x0 + C1

(21)

XU et al.: RATE REGIONS FOR MAC WITH CONFERENCE AND SECRECY CONSTRAINTS

and α1 + α2 = 1. Then, for some r ∈ {1, −1} and power T allocation A ∈ A2 , the cooperative TDMA region RC 2 (r, A) is given by (24) (at the bottom of the page). T This region RC 2 (r, A) is obtained by a cooperative scheme based on the TDMA-like approach. Here we divide the N channel uses into two periods whose lengths are α1 N and α2 N, respectively. During the first period with α1 N channel uses, source 1 generates randomized codewords using power P1u (1) and P1x0 (1), while source 2 generates random dummy codewords using power P2u (1). Then the constraint of R1 in (24) can be obtained by fixing A ∈ A2 , p ∈ PG and R2 = 0 in (10). For the second period with α2 N channel uses, the two sources swap their roles and similar steps can be carried out, where the details are omitted here due to the symmetry. Based on this cooperative TDMA scheme and the above definition, the following rate region can be achieved. Corollary 7: RCMA-CT ⊆ RGCMAC-E , where RCMA-CT ⎧ convex closure of ⎪ ⎪ ⎪ ⎪ ⎨ ⎪ ⎪ ⎪ ⎪ ⎩ r = ±1, A ∈ A2 ,

0 ≤ α1 ≤ 1, α1 + α2 = 1

⎫ ⎪ ⎪ ⎪ ⎪ ⎬

T RC 2 (r, A, a)⎪. (27) ⎪ ⎪ ⎪ ⎭

Proof: Here we utilize a time sharing random variable T can Q ∗ whose PMF is p(q) = αq for q = 1, 2. Then RC 2 be obtained from R2 in (10) for p ∈ PG s.t. Q = Q ∗ and A ∈ A2 by fixing R2 = 0 if Q = 1 and R1 = 0 if Q = 2. Remark 6: In the above cooperative TDMA scheme, we only require the helper source to add randomness via the correlative common randomized codebook for simplicity. However, the proposed cooperation coding scheme (Corollary 4) allows more general cooperation schemes. For example, each source can help the other through the independent private randomized codebook. In addition, the number of cardinalities in Q can be designed greater than 2. However, this simplified region in Corollary 7 still plays an important role as shown in the numeral results in the next section. Similar to Corollary 6, we will define two computationally simple subregions of RCMA-CT . ⊆ RCMA-CT ⊆ RGCMAC-E for m = Corollary 8: RCMA-CT m 1, 2, where the subregion RCMA-CT (RCMA-CT ) is defined in 1 2 exactly the same fashion as RCMA-CT in (27) except that we fix r = 1 (r = −1) and A ∈ A2,1 (A2,2 ). Here A2,1 = {A|A ∈ A2 , P1u (1) = P2u (1), P1u (2) = P2u (2)} and A2,2 = {A|A ∈ A2 , h 1 P1u (1) = h 2 P2u (1), h 1 P1u (2) = h 2 P2u (2), P1x0 (1) = P2x0 (2) = 0}.

T RC 2 (r, A, a)

1967

B. Outer Bound The following lemma gives the outer bound based on the Sato-type outer bound shown in Theorem 3 for this GCMAC-E. Lemma 9: An outer bond on the capacity of this GCMACE given by (17) can be expressed as RG (28) ROuter G O (ρ), −1