Improving Security for FutureWireless Networks ThroughFriendly JammingbyMark. M. AdamsB. Eng., Royal Military College of Canada, 2015A THESIS SUBMITTED IN PARTIAL FULFILLMENT OFTHE REQUIREMENTS FOR THE DEGREE OFMASTER OF APPLIED SCIENCEinThe Faculty of Graduate and Postdoctoral Studies(Electrical and Computer Engineering)THE UNIVERSITY OF BRITISH COLUMBIA(Vancouver)May 2017c© Mark. M. Adams 2017AbstractAs the number of connected devices and the importance of mobile communications continueto increase, a greater emphasis must be placed on security. Due to the broadcast nature ofwireless communications, wireless networks are very exposed to eavesdropping. While thiscan be addressed above the physical layers using encryption, this still allows the attackerto receive the message and future work may allow decryption. Physical layer security isan approach to security which exploits the wireless channel to prevent the attacker fromdecoding the message. This thesis examines the use of friendly jamming, in which somenodes in a network broadcast white noise in order to degrade the channel between thelegitimate transmitter and the eavesdropper. We address two problems related to the use offriendly jamming to improve physical layer security.The first problem is routing a signal through a network while using the remaining nodesas jammers to secure the signal. This is solved as two convex problems of allocating powerto the jammers and routing the signal using those jammers to secure the transmission. Thisis shown to be a feasible method to increase security in a network.The second problem is estimating the self-interference channel (SIC) without using acalibration period for full-duplex jamming receivers. As the transmitter cannot transmitwhile the receiver estimates its SIC using a half duplex pilot signal, eliminating the calibrationperiod can represent a significant capacity gain. Estimating the channel while receiving thedesired signal causes it to act as an additional noise source, but this is shown to be overcomethrough the use of long estimation times. Our proposed scheme is able to increase the secrecycapacity of the system over that of calibration based estimation.iiLay SummaryAs wireless devices broadcast a signal which can be received by any nearby devices, wirelessnetworks are very exposed to eavesdropping. Physical layer security exploits the wirelesschannel to prevent the attacker from decoding the message. This thesis examines the use offriendly jamming, in which some nodes in a network act to impair the eavesdropper’s abilityto receive a message. We address two problems related to the use of friendly jamming toimprove physical layer security. The first problem is routing a signal through a networkwhile using the remaining nodes as jammers to secure the signal. This is shown to be afeasible method to increase security in a network. The second problem is estimating theself-interference channel (SIC) without using a calibration period for full-duplex jammingreceivers. Our proposed scheme is able to increase the secrecy capacity of the system overthat of calibration based estimation.iiiPrefaceThe following publications have resulted from the research presented in this thesis:• M. Adams and V. K. Bhargava, “Using Friendly Jamming to Improve Route Securityand Quality in Ad Hoc Networks,” 2017 Canadian Conference on Electrical and Com-puter Engineering (CCECE), Windsor, ON, 2017, pp. 442-447 (Linked to Chapter2)• M. Adams and V. K. Bhargava, “Use of the Recursive Least Squares Filter for OnlineSelf Interference Channel Estimation,” 2016 IEEE Vehicular Technology Conf. (VTC),Montreal, QC, 2016, pp. 1-4. (Linked to Chapter 3)Statement of AuthorshipI am the primary author for both the publications listed above. I have been responsibleto develop original ideas, derive mathematical solutions, and generate simulation resultsfor these publications. Prof. Vijay K. Bhargava, who is my research supervisor, providedvaluable guidance and directions in identifying the research problems, developing solutionmethodologies, and documenting the results. Some of the simulation results were obtainedusing the disciplined convex optimization software CVX developed by Grant, Boyd & Ye [1].ivTable of ContentsAbstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iiLay Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iiiPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ivTable of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vList of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiList of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiMathematical Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xList of Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiAcknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiDedication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.2 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.3 Introduction to Physical Layer Security . . . . . . . . . . . . . . . . . . . . 31.3.1 The Wiretap Channel . . . . . . . . . . . . . . . . . . . . . . . . . . 41.3.2 Secrecy Outage Probability . . . . . . . . . . . . . . . . . . . . . . . 7vTable of Contents1.3.3 Friendly Jamming . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81.4 Physical Layer Challenges for Full Duplex Communication . . . . . . . . . . 91.4.1 Related Research in Self Interference Cancellation . . . . . . . . . . 121.5 Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Routing and Jamming Power Allocation . . . . . . . . . . . . . . . . . . . 152.1 System Model and Problem Formulation . . . . . . . . . . . . . . . . . . . . 162.1.1 Link Secrecy Outage Probability . . . . . . . . . . . . . . . . . . . . 172.1.2 Route Secrecy Outage Probability . . . . . . . . . . . . . . . . . . . 182.1.3 Jamming Power Allocation . . . . . . . . . . . . . . . . . . . . . . . 192.1.4 Link Connection Outage Probability . . . . . . . . . . . . . . . . . . 212.1.5 Route Connection Outage Probability . . . . . . . . . . . . . . . . . 212.2 Optimization problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222.3 Simulation Studies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242.3.1 Security and Service Quality Trade-off . . . . . . . . . . . . . . . . . 252.3.2 Varying the number of eavesdroppers . . . . . . . . . . . . . . . . . . 272.3.3 Effect of friendly jamming . . . . . . . . . . . . . . . . . . . . . . . . 292.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313 Adaptive Filtering for Self Interference Channel Cancellation . . . . . . 333.1 System Model and Problem Formulation . . . . . . . . . . . . . . . . . . . . 343.2 Simulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373.2.1 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Conclusions and Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . 42Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44viList of Tables2.1 System Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253.1 System Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37viiList of Figures1.1 The Wiretap Channel model . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.2 The Rayleigh Fading Wiretap Channel model . . . . . . . . . . . . . . . . . 51.3 Direct and reflected self-interference paths . . . . . . . . . . . . . . . . . . . 101.4 Self-interference cancellation with a reference receiver . . . . . . . . . . . . . 111.5 Estimating the channel without a calibration period allows the system tooperate more efficiently [2] . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132.1 Unused nodes will be used to jam the eavesdroppers in each hop . . . . . . . 162.2 Minimizing the certainty equivalent margin corresponds well to minimizingthe secrecy outage probability . . . . . . . . . . . . . . . . . . . . . . . . . . 202.3 Emphasizing route quality forces a more direct route, while emphasizing se-curity routes away from the eavesdroppers . . . . . . . . . . . . . . . . . . . 262.4 Route outage probabilities for different values of the trade-off variable. In-creasing the focus on connection quality lowers the security performance . . 262.5 Emphasizing connection quality causes the number of links in the route toincrease . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272.6 Route outage probabilities for different numbers of eavesdroppers. Increasedeavesdropper density lowers both the security and service quality of the route. 282.7 Increasing the eavesdropper density causes the route to favour longer hops. . 282.8 Application of friendly jamming allows for a much more direct route thanusing the same routing metric without jamming . . . . . . . . . . . . . . . . 30viiiList of Figures2.9 Increasing jamming power significantly improves the route security perfor-mance, and marginally improves the connection quality . . . . . . . . . . . . 302.10 Increasing jamming power allows for a longer route . . . . . . . . . . . . . . 313.1 This system models a transmitter, and eavesdropper, and a single full-duplexjamming receiver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343.2 Estimating the self-interference channel without a calibration period allowsfor a significant increase in secrecy capacity . . . . . . . . . . . . . . . . . . 383.3 With both estimators using a fixed length, the online estimate is superior atshorter channel coherence times . . . . . . . . . . . . . . . . . . . . . . . . . 393.4 Online estimation outperforms calibration based estimation at all jammingsignal powers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393.5 Online estimation outperforms calibration based estimation at all jammingsignal powers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40ixMathematical NotationsWe represent matrices using boldface capital letters (e.g. A), vectors using boldfacesmall letters (e.g. a), and scalars using small letters (e.g. a). The transpose of a matrixA is represented as AT . The Hermitian transpose of a matrix A is represented as AH .An M ×M identity matrix is represented as IM and sometimes I when the dimensions areclear from the context. If a is a circularly-symmetric complex Gaussian vector with meanµ and covariance matrix Π, we represent its probability distribution as a ∼ CN (µ,Π). Afunction f in variables (x, y, z) is represented as f(x, y, z). When the variables (y, z) in fare assigned with values (y0, z0), the resulting function is represented as f(x; y0, z0). E{.}denotes expectation with respect to the random variable under context. The covariance ofa vector a is represented by cov(.) and the variance by var(.). |A| and ||A|| respectivelydenote the determinant and the vector 2-norm of the square matrix A.xList of Abbreviations5G : Fifth GenerationADC : Analog to Digital ConvertersBS : Base StationCOP : Connection Outage ProbabilityCSI : Channel State InformationFDD : Frequency Division Duplexingi.i.d : independent and identically distributedLTE : Long Term EvolutionMbps : Mega bits per secondMIMO : Multiple-input Multiple-outputML : Maximum LikelihoodMMSE : Minimum Mean Squared ErrorQoS : Quality of ServiceRLS : Recursive Lease SquaresSIC : Self Interference CancellationSINR : Signal to Interference plus Noise RatioSIR : Signal to Interference RatioSOP : Secrecy Outage ProbabilitySNR : Signal to Noise RatioTDD : Time Division DuplexingxiAcknowledgementsFirstly, I would like to thank my supervisor Professor Vijay K. Bhargava for his patience,knowledge, and generous financial support. I thank him for providing me with an excellentresearch atmosphere in his lab. This thesis would not have been possible without his support,guidance, and encouragement.Secondly, I am very fortunate and grateful to have excellent colleagues at the InformationTheory and Systems laboratory, who offered me genuine and friendly support to carry outmy research. I particularly thank Dr. Shankanaad Mallick for his discussions, feedback andcritical suggestions. I would also like to thank Surya Vara Prasad, Buddhika Nettasinghe,and Sudha Lohani for their friendship and support during my MASc research. I am alsothankful to them for proofreading my thesis.xiiDedicationTo my friends and familyfor all their help and support over the past yearsxiiiChapter 1Introduction1.1 MotivationCurrent cellular networks are supporting billions of communication devices, and that numberis only expected to increase in the coming years. With the increased use of applications suchas mobile video and the internet of things, there will be greater importance placed on spectralefficiency in order to provide more services to more devices without requiring the expensiveinvestment of increased bandwidth. The increased use of mobile devices also creates callsfor increased security. With more information being available over wireless communicationsfrom the extra connectivity of IoT and the shift to conduct more business and banking onphones, it becomes an increasingly attractive target for malicious eavesdroppers. Securingagainst attackers will be increasingly important to effective development of wireless networks.Due to the broadcast nature of wireless communications, wireless networks expose them-selves to eavesdropping attacks. Traditionally, this is addressed through public key cryptog-raphy as proposed in [3] such as RSA or AES. While these are currently effective at stoppingthe attacker from reading the plain text message, they still allow the attacker to receive themessage and future work could allow decryption. Another approach to security is physicallayer security, in which the wireless medium is exploited in order to prevent the attackerfrom receiving enough information to decode the message [4].In general, a transmitter and receiver are guaranteed secret communications if theirchannel is instantaneously better than the eavesdroppers channel. Due to fading, this meansthat in almost all scenarios some degree of secrecy can be achieved. The most common11.2. Objectivesmetrics for evaluating physical security are the ergodic secrecy capacity, which is analogousto channel capacity and the secrecy outage probability, which is the probability that theinstantaneous secrecy capacity is below a fixed rate.A problem with physical layer security in typical systems is that connection outage prob-ability is a decreasing function of power, and secrecy outage probability is increasing. Thisoften leads to a direct trade off where neither the security performance nor the service qual-ity of a system is satisfactory. An approach to address this is friendly jamming. In friendlyjamming, some nodes in a network will act as jammers, and broadcast noise to increase theinterference at any eavesdroppers [5] [6]. This improves the secrecy outage probability ofeach link without raising the connection outage probability.1.2 ObjectivesThe objective of this is thesis is to address two problems related to friendly jamming forphysical layer security. In chapter 2 we examine the problem of routing a signal through anetwork, using friendly jamming to secure its transmission and a routing metric designedto maximize the probability that the route is both connected and secure. While similarwork has been done for routing without friendly jamming [7][8], and for a jamming powerallocation on a fixed route[9], the combination of routing and jamming is novel. In chapter3, we examine the problem of self-interference channel cancellation for full-duplex jammingreceivers. We propose the use of online estimation in the presence of the desired signal forself-interference channel (SIC) cancellation in jamming receivers. While these techniqueshave been studied for bidirectional communications and provide a modest gain [2], they canprovide a more significant performance improvement in a security context as informationcannot be transmitted during a half duplex calibration period. Full-duplex jamming receiversare proposed in [10] under the assumption of a fixed level of self-interference cancellation.[11] considers the effect of the SIC estimate, but does the channel estimate in a period of21.3. Introduction to Physical Layer Securityunsecured half duplex operation. We demonstrate improved system secrecy capacity throughestimating the channel without the use of a half duplex calibration period. The remainderof this chapter provides background on physical layer security and challenges with self-interference cancellation for full-duplex communications.1.3 Introduction to Physical Layer SecurityPrivacy and security are an increasing area of concern as growth in wireless networks continueand growing proportions of communications are carried out over wireless. In traditionalapproaches to security, all security concerns are approached from above the physical layerusing cryptography with the physical layer providing only the link. Physical layer securityinstead approaches security as a link level concern, exploiting the randomness of the channelto provide security to the transmissions.The theoretical basis for physical layer security is the information-theoretic approach ofperfect secrecy, originally conceived by Shannon and improved by Wyner [12] [13]. Their pa-pers created the field, proving that their exist coding techniques which can grant robustnessto error as well as security in the wiretap channel. The downside of this original approach isthat it required the legitimate channel to have a strictly better channel than the eavesdrop-per in order to guarantee a positive secrecy capacity. However, recent improvements havedemonstrated that with fading present in the system, positive secrecy rates can be achievedeven if the eavesdropper has a better channel than the legitimate receiver [14], without eitherthe need for a feedback channel or sharing a secret between the transmitter and the receiver.However, even this approach suffers from the fact that practical codes for fading channelshave not yet been achieved, and so the associated capacities are only theoretical and do notreflect the reality of the channel security.31.3. Introduction to Physical Layer SecurityFigure 1.1: The Wiretap Channel model1.3.1 The Wiretap ChannelThe original consideration for physical layer security, and the foundation for most researchis the Gaussian wiretap channel shown in Fig. 1.1.This channel models the Alice Bob channel as an AWGN channel with noise power σ21,with an additional AWGN source of noise power σ22 between Alice and Eve. Alice (A)transmits at power P and Eve (E) and Bob (B) then receive the same transmission throughdifferent channels. The secure capacity of this channel is the difference in the capacity ofthe Alice-Bob channel and the Alice-Eve channel, as shown in [15].CAB =12log(1 + Pσ21)CAE =12log(1 + P(σ21+σ22))Cs = CAB − CAE(1.1)Note that this capacity is always positive in this model because the wiretap channel is adegraded copy of the main channel.Another model to consider is the Rayleigh fading wiretap channel shown in Fig. 1.2. Weassume that the main channel CSI is known to Alice and the eavesdropper channel CSI isknown to Eve. Additionally, in order to achieve the secrecy capacity in (1.7) we must assume41.3. Introduction to Physical Layer SecurityFigure 1.2: The Rayleigh Fading Wiretap Channel modelthat Alice has statistical knowledge of Eve’s CSI. This is a reasonable assumption for thecase where Eve is another user in the network. With these assumptions, there is alwayssome positive average capacity, even when the average SNR of the main channel is worsethan the eavesdropper channel. This demonstrates the possibility of exploiting fading inorder to secure communications, as shown in [14]. Alice transmits at power P . The fadingcoefficients of the Alice Bob and Alice Eve channel are given by Hb and He respectively, andtheir noise powers are Nb and Ne. Their corresponding channel gains are Gb = |Hb|2 andGe = |He|2. Their instantaneous SNRs are given byγb(i) =PGb(i)Nbγe(i) =PGe(i)Ne.(1.2)and their average values areγ¯b(i) =PE[Gb]Nbγ¯e(i) =PE[Ge]Ne.(1.3)The secrecy capacity for a channel realization i is given as51.3. Introduction to Physical Layer SecurityCs(γb, γe) = log(1 + γb(i))− log(1 + γe(i)) if γb(i) > γe(i)0 otherwise. (1.4)The average secrecy capacity is the integral of all possible combinations of γb and γe weightedby their probabilities of occurringC¯s =∫ ∞0∫ ∞0Cs(γb, γe)p(γb)p(γe)dγbdγe. (1.5)Γb and Γe vary with |Hb|2 and |He|2, they follow exponential distributionspr(γb) =1γ¯be− γbγ¯bpr(γe) =1γ¯ee− γeγ¯e. (1.6)Therefore, (1.5) can be shown to beC¯s = F (γ¯b)− F ( γ¯bγ¯eγ¯b + γ¯e) (1.7)whereF (x) =∫ ∞0log2(1 + u)1xe−ux du.This capacity is applicable in the case that Alice has full knowledge of the main channelCSI and statistical knowledge of the eavesdropper channel CSI. This is realistic for scenarioswhere Eve is an active wireless user, and Alice can estimate the channel while Eve transmits.The key difference between the Rayleigh and AWGN channel models is that the Rayleighchannel allows for a positive secrecy capacity even when the average channel quality of the61.3. Introduction to Physical Layer SecurityAlice Bob channel is lower than the Alice Eve channel. This allows secure communicationby communicating only when there is an instantaneous positive secrecy capacity.1.3.2 Secrecy Outage ProbabilityThe secrecy performance of physical layer security schemes can also be evaluated usingsecrecy outage probability. Secrecy outage probability is used in two different ways, as it canrefer to either the probability that the secrecy capacity falls below a certain threshold, or asthe probability that there is a leakage of information to the eavesdropper while transmittingat a fixed rate. The first corresponds to the scenario where the transmitter is using a secrecycoding, and the latter corresponds to the situation where it is not. First we will consider theprobability that the secrecy capacity falls below a threshold τ .Pr(Cs < τ) = Pr(log(1+Γb1+Γe) < τ)= Pr(Γb > 2τ (1 + Γe)− 1)=∫∞0Pr(γe)(∫∞2τ (1+γe)−1 Pr(γb)dγb)dγe= γ¯bγ¯b+γ¯e2τe− 2τ−1γ¯b(1.8)in the case where τ is 0, this is justP (Cs < 0) =γ¯bγ¯b + γ¯e. (1.9)This outage probability represents the probability that the channel fading realizationcan not support any rate of secure communication. This outage probability is applicable tothe case where Alice has knowledge of Alice Bob and Alice Eve channels, and is using anappropriate variable coding to avoid leaking information. Therefore, this outage probabilityrepresents a stoppage of communication rather than a security leak. An alternative approachto secrecy outage probability is to consider the outage probability for the case of a fixed ratesecrecy coding. In this case the SOP is represented by the probability that Eves received71.3. Introduction to Physical Layer SecuritySNR is greater than the threshold to decode the message.SOP = Pr(γe > γth)SOPl = e−γeγ¯e(1.10)This is appropriate to the case with no knowledge of the Alice Bob or Alice Eve channel.In this scenario, Alice can do no better than setting her transmission rate to a constant level,and the secrecy outage probability represents the probability that Eves channel can decodeinformation sent at that rate.1.3.3 Friendly JammingFriendly jamming is a method used to degrade the quality of the eavesdropper’s link in orderto improve the physical secrecy performance. An FJ signal is essentially randomly generatednoise broadcast from the jammers to the eavesdroppers. Either multiple antennas or multipletransmitters can be used to nullify the FJ signal at the legitimate receiver to avoid loweringthe quality of the legitimate link. Friendly jamming can be done on many different scales.In multi hop communications, possible applications are choosing optimal positioning forjamming nodes, or optimal routes using jamming receivers. Chapter 2 examines the problemof routing a signal through a network using friendly jamming to secure the transmissions.In point to point communications, a full-duplex jamming receiver can be used to broadcastnoise at the eavesdropper, while using self cancellation methods to avoid jamming itself [10].Chapter 3 presents the use of online self-interference cancellation to provide a performanceincrease over calibration based estimation for full-duplex jamming receivers. The next sectionprovides background on full-duplex communications.81.4. Physical Layer Challenges for Full Duplex Communication1.4 Physical Layer Challenges for Full DuplexCommunicationIn-Band Full Duplex channel use has traditionally been considered impossible for commu-nications due to the strong self-interference between the transmitted and received signals,and so radios have traditionally operated in half duplex or out of band full-duplex. How-ever, recent research has been showing that with advances in self-interference cancellationtechnologies, IBFD communication can be achieved, and can offer many advantages to com-munication networks. In physical layer security, it is a key enabling technology for friendlyjamming, as it will allow receivers to simultaneously jam any eavesdroppers. For device todevice communication, or direct base station to user communication, IBFD has the potentialto double the bidirectional data rate. When used for relaying, IBFD will be able to increasespectral efficiency to match that of the half duplex direct communication case.The primary challenge involved with implementing IBFD stems from the self-interferencein the terminal, as the receiver will receive both the signal of interest and the signal thatit is transmitting. In [16] a conservative real world scenario with small cell base stationsand mobile handsets was considered, and it was found that the self-interference must besuppressed by 106 dB to meet the SNR in a half-duplex link. Broadly speaking, this inter-ference occurs in three domains: wireless propagation techniques, analog circuit techniques,and digital domain techniques.Propagation layer suppression aims to eliminate the transmitted signal from impingingon the receive antennas. The methods to achieve this cancellation depend on the number ofantennas in the system. If a single antenna is used for both transmission and reception, thena duplexer will be the only propagation layer SIC suppressor. While this is used effectivelyin applications such as continuous wave radar, and has been demonstrated to be usablein communications, it offers little to no performance benefits over multi-antenna systems[17]. The alternative is to use a separate transmit and receive antenna, and separate them91.4. Physical Layer Challenges for Full Duplex Communicationthrough physical techniques such as polarization, distance, and shielding, or digital onessuch as beam-forming. The disadvantage to this technique is that achieving high amountsof physical isolation will often suppress the transmitted signal by either directly requiring alowered effective gain or through limiting the degrees of freedom in adaptive beam-forming[18]. Additionally, a large amount of space is required to achieve a significant amount ofphysical isolation, and so IBFD has yet to be achieved in small form factor devices [16] [19].However, relay nodes are a great opportunity to employ full-duplex for the spectral efficiencygain. As they are part of the network infrastructure, size is much less of a concern as in userdevices, so physical isolation will be much more attainable.Figure 1.3: Direct and reflected self-interference pathsWhile physical domain self-interference cancellation can be effective, it is unable to elimi-nate the signal entirely. In order to achieve better isolation, it is typical to employ an analoginterference cancellation circuit. Analog domain cancellation techniques function throughtaking a tapped copy of the transmitted signal, adjusting its phase, gain and delay as nec-essary, and subtracting it from the received signal. Single tap equalizers are typically used,which allows the receiver to account for the direct path interference, but is generally unableto handle environmental effects such as nearby reflectors as shown in Fig. 1.3. It is alsopossible to deal with reflections through the use of adaptive analog circuits, but this willincrease the circuit complexity and require analog domain signal processing. In order to101.4. Physical Layer Challenges for Full Duplex Communicationdeal with the indirect SIC, it is most common to use digital domain cancellation techniques,through learning and exploiting the channel state information [16],[17].Figure 1.4: Self-interference cancellation with a reference receiverDigital domain self-interference channel works through taking an estimate of the self-interference channel, filtering the transmitted signal through the estimated channel, andsubtracting the result from the received signal. In general this is effective for reflectionsand other linear interference, but it cannot account for interference resulting from non-linearities in the transmit chain. In order to account for this, one option is to use a referencechain based canceler, where a tap of the transmitted signal is passed through a referencereceiver, in order to capture non-linearities caused by power amplifiers, as shown in Fig. 1.4.Estimation can be done in several different ways. Traditionally, it is accomplished throughthe use of pilot signals in short periods of half duplex operation. While this is effectivefor channel cancellation, it lowers the total throughput of the system, particularly for lowchannel coherence times where the channel must be estimated frequently. An option whichis currently being examined is estimating the channel during full-duplex operation. Whilethe estimate length must be much longer, it is possible to achieve the same level of SICcancellation as the pilot signals case without requiring periods of half duplex operation,111.4. Physical Layer Challenges for Full Duplex Communicationincreasing the total throughput [17].While self-interference cancellation can work to dramatically lower the level of self-interference that is present in the transceiver, it is unable to eliminate it entirely [17]. Thismeans that in practice, the efficiency gain of two is an upper bound, with real world com-munication links often operating far below that. In channels with poor self-interferencecancellation communication in half duplex operation can actually be faster than full-duplex.When considering this effect, systems which can dynamically switch between half and full-duplex communication under different channel conditions will be faster over a long termaverage than those which operate only in full-duplex [2].1.4.1 Related Research in Self Interference CancellationThere is a significant amount of ongoing research for physical layer IBFD communication.The primary physical domain self-interference cancellation research focus is improving theanalog SIC for small form factor devices. In [20], electrical balance duplexers which can beimplemented on a chip are examined as a possibility to produce a duplexer which is effectiveenough for use in communications. Active analog RF cancellation circuits operating infrequency bins instead of delay taps are examined in [21] as a way to improve cancellationperformance to compensate for the loss of separation between antennas.Digital domain self-interference cancellation is also seeing a large amount of ongoing re-search. One of the primary research focuses is improving the bandwidth efficiency of thechannel estimate. As the channel estimate accuracy is essential to the performance of IBFD,and there is a trade off between spending time estimating the channel versus constantlytransmitting, improving the efficiency of the estimate can have significant performance im-provements. In [22], an efficient expectation maximization estimator is proposed that canestimate the channel with less bandwidth costs than least squares estimates, at the cost ofphase ambiguity. A set of constraints are also proposed under which the phase ambiguitycan be resolved.121.5. OutlineFigure 1.5: Estimating the channel without a calibration period allows the system to operatemore efficiently [2]A second area of channel estimation is estimating the channel in the presence of the de-sired signal rather than during a half duplex calibration period. Such a method is proposed in[2], in which the estimate is carried out using least squares estimation during full-duplex com-munication. This scheme is illustrated in Fig. 1.5 They demonstrate that by using very longestimates the achievable SNR is in the same range as estimating during a short calibrationperiod. This presents modest improvements when full-duplex is used for communications,as useful information is still transmitted during the calibration period. When full-duplex isinstead used for jamming receivers, the gains are much more significant as the informationsent during the calibration period is a noise signal which does not send any information. [10]examines the use of full-duplex receivers as jammers, but does not consider the use of onlineestimation for the self-interference cancellation. In chapter 3, we examine the use of onlineestimates for full-duplex jamming receivers rather than calibration periods, and demonstratea significant performance gain.1.5 OutlineIn chapter 2 we address a problem in routing a signal through a network with friendlyjamming. While friendly jamming in a network context and secrecy aware routing have bothbeen studied, there is a lack of work which combines the routing and jamming. The problem131.5. Outlineis framed as a convex optimization problem, and simulated on random networks to analyzethe performance. It is shown to be an effective measure to increase security in a network.In chapter 3 we examine the use of self-interference channel estimation under the pres-ence of the desired signal in the context of friendly jamming. SI channel estimation whileconcurrently receiving the desired signal has been studied in a full-duplex communicationcontext, but has not been analyzed for the application of full-duplex jamming receivers.Unlike in previous works, this means that the SI estimation pilot signal is not transmittinguseful information, so the potential performance gains by eliminating the pilot signals aregreater for jamming receivers than for traditional applications.14Chapter 2Routing and Jamming PowerAllocationIn this chapter, we examine the problem of wireless routing with friendly jamming, usingconnection outage probability and secrecy outage probability as performance metrics. Whilethe physical security is extensively studied for single links and single relay scenarios, only afew papers have considered physical layer security in multi link networks. The authors in [8]look at the problem of secure routing under a secrecy outage probability (SOP) constraint.They find the route that minimizes the use of network resources while meeting the SOPconstraint. This is the simplest way to apply physical secrecy as it can be added as anadditional constraint in current routing methods. In [7], the authors look at the problemof jointly minimizing the SOP and connection outage probability over the route. They usea flexible route metric that can trade off between SOP and connection outage probability(COP) based on the security needs of the user. The impact of friendly jamming is studiedin [9] and [23] which consider placing jammers into a network. Through careful selectionof the friendly jamming locations, they can jam the eavesdroppers while having a null atlegitimate receivers, significantly increasing the capacity of the route. In [9] the authorsstudy the problem of determining the most power efficient use of friendly jamming to meet aset secrecy constraint. In [24] the authors look at selecting jammers to increase the secrecycapacity along a given route, but do not examine how to select the route. In [25], the authorsderive an optimal selection policy for both relays and jammers in a single hop relay network.The considered routing problem in [26] is similar to the one we consider in this chapter,152.1. System Model and Problem Formulationhowever the authors did not use of friendly jamming to improve the security performance.We examine the problem of finding the best route through a wireless network under friendlyjamming, jointly using SOP and COP as the route metric with friendly jamming to securethe transmissions.2.1 System Model and Problem FormulationFigure 2.1: Unused nodes will be used to jam the eavesdroppers in each hopThe considered system consists of N nodes and E eavesdroppers (Eves) uniformly dis-tributed over an area. At each message hop, the transmitter Alice will send the messageto receiver Bob while the remaining nodes transmit noise to jam all Eves. The jammingnodes will act as a distributed multi-input multi-output system in order to maximize theirjamming of the eavesdroppers while ensuring that they do not also jam the legitimate re-ceiver. This system is illustrated in Fig. 2.1 with A as the transmitter, B as the receiver,and other nodes acting as jammers. The legitimate nodes are assumed to know the locationof the eavesdroppers. This is applicable to the scenario where eavesdroppers and nodes aremembers of the same network, and the concern is data confidentiality between users. Thesystem is considered to be under Rayleigh fading conditions, with the system limited bySignal to Interference and Noise ratios (SINR).162.1. System Model and Problem Formulation2.1.1 Link Secrecy Outage ProbabilityIn this section, we derive the probability of a secrecy outage on the link l. The secrecy outageprobability of a single link is the probability that one of the eavesdroppers will have a SINRabove a threshold to decode the message.SOPl = Pr(maxe(γe) > γth) (2.1)γe =glefleplN0 +∑j∈Jgjefjepj(2.2)This is shown in (2.1) and (2.2), where gle and fle are the path loss and Rayleigh fadingcoefficient between the transmitter of link l and the eavesdropper e respectively, pl is thelink transmit power, and gje, fje, pj representing the same for each jammer j in the set ofall possible jammers J . In this representation, all nodes not part of the current link arebeing used to secure the transmission of the message, increasing message security at thecost of lowering network throughput. The eavesdroppers SINR can be safely assumed to beinterference limited, so ignoring N0 in the SINR (2.2), (2.1) can be rewritten asSOPl = Pr(maxe(gleflepl∑j∈Jgjfjpj) > γth) (2.3)The probability of a secrecy outage between link l and eavesdropper e in Rayleigh fadingconditions is expressed in analytical form as shown in [27] asSOPle =∏j∈J11 +γthgjepjglepl(2.4)The link will have an outage if any of the eavesdroppers gets a signal. The probability of asecrecy outage on the link is then172.1. System Model and Problem FormulationSOPl = 1−∏e∈E(1−∏j∈J11 +γthgjepjglepl) (2.5)Optimizing the link transmit power pl is outside the scope of this analysis and so it is heldas a fixed constant. Optimal jamming power pj is determined in subsection 2.1.3. (2.5) canthen be used to compute the SOP for all links prior to routing.2.1.2 Route Secrecy Outage ProbabilityThe route r will have a secrecy outage if any link in it has a secrecy outage. This is equivalentto the probability that the maximum eavesdropper γle between the link and any eavesdropperin the route is greater than than the security threshold γthSOPr = Pr(maxl∈r[maxe∈E(γle)] > γth) (2.6)or equivalently 1 minus the probability that all links are secureSOPr = 1− Pr(maxl∈r[maxe∈E(γle)] < γth) (2.7)which can be written using the SOPl which were computed in the previous section asSOPr = 1−∏l∈L(1− SOPl)) (2.8)orSOPr = 1−∏l∈r∏e∈E(1− (∏j∈J11 +γthgjepjglepl)) (2.9)in general. This probability is used to weight the cost of each route.182.1. System Model and Problem Formulation2.1.3 Jamming Power AllocationIn order to jam the eavesdroppers without interfering with the legitimate network, the jam-mers will act as a distributed MIMO system. By synchronizing their clocks, and calibratingfor the varying delays between nodes, they will employ a cooperative friendly jammingprotocol as in [3] in which they nullify their signals at the legitimate receiver. They cansynchronize their clocks using a wireless synchronization protocol such as source sync [28].This will account for varying transmission times and channel coefficients between Bob andthe jamming nodes. This is possible as long as the number of jammers exceeds the numberof legitimate receivers. The necessary condition for the jamming signal to be nullified isgiven by the following relation between the received signal y, the jamming signal vector wand the channel vector Hr between the legitimate receiver at Bob and the jammersy = Hrw = 0 (2.10)with m a random complex scalar with absolute value 1 sent in the sync header. Using thechannel gain matrix between the eavesdroppers and jammers He, the jamming weights wj aredetermined to minimize the secrecy outage probability of the link l, subject to a total powerconstraint Pmax and an individual jamming power constraint P0. The optimal probabilitycan be obtained by solving the following optimization problem with pj = w2j and gje = |hje|2:minimizepj1−∏e∈E(1−∏j∈J11 +γthgjepjglepl) (2.11)This objective is non-convex in the jamming power. In order to solve the problem, we insteadconsider the certainty equivalent margin (CEM),maxe∈E(gleplγth∑j∈J|hejwj|2 ) (2.12)192.1. System Model and Problem Formulationwhich is the ratio of the best eavesdropper SINR to the threshold for interception. This isa convex problem and varies closely with the optimization target in 2.11 [27] according tothe bounds11 + CEM≤ 1− SOP ≤ 1− e −1CEM . (2.13)These bounds are within approximately 10% of the actual value of 1 − SOP for desirablevalues of the SOP as shown in Fig. 2.2Certainty Equivalent margin0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 11-SOP0.50.550.60.650.70.750.80.850.90.951Lower BoundUpper BoundFigure 2.2: Minimizing the certainty equivalent margin corresponds well to minimizing thesecrecy outage probabilityHence, we solve the following optimization problem instead:minimizewjmaxe∈E(gle∑j∈J|hejwj|2 ) (2.14)subject to202.1. System Model and Problem FormulationHrw = 0maxjw2j ≤ P0∑j∈Jw2j ≤ Pmax(2.15)This problem is convex and so can be solved through convex optimization techniques.2.1.4 Link Connection Outage ProbabilityAs shown in [9], the friendly jammers will synchronize their signals in order to nullify thesignal at the legitimate receiver. Having done this, the signal to noise ratio in the link l willbe only a function of pl, gl and the noise N0.COPl = Pr(glplN0< γth) (2.16)in Rayleigh fading conditions, this COP is determined asCOPl = 1− e−γthN0plgl (2.17)2.1.5 Route Connection Outage ProbabilityThe route r will have a connection outage if any of the links l ∈ r have an outage,COPr = Pr(minl∈rglplN0< γth) (2.18)which can be rewritten as 1 minus the probability that all links are connected.212.2. Optimization problemCOPr = 1−∏l∈r(1− COPl)COPr = 1−∏l∈r(1− Pr(glplN0< γth))COPr = 1−∏l∈re− γthN0plgl(2.19)2.2 Optimization problemThe optimization problem considered is the minimization of the probability of having eithera route secrecy outage or a route connection outage. This can be equivalently written as themaximization of the probability that the route is both connected and secure, where r is amember of the set of all possible routes Rmaximizer∈R(1− COPr)(1− SOPr) (2.20)which is given bymaximizer∈R∏l∈L(1− COPl)∏l∈L(1− SOPl) (2.21)or written in fullmaximizer∈R∏l∈LeSNRthN0plgl∏l∈L∏e∈E(1− (∏j∈J11 +γthgjepjwjglepl)) (2.22)Using the link SOP and COP determined in (2.17) and (2.5), which are both positive con-stants less than 1 for any given l, this is the maximization of a monomial, and so is ageometric program. In many cases, connection and security will not be equally important.Therefore, the variable θ is introduced in order to trade off between the SOP and COP vari-ables. Letting Prconnected = 1−COPr and Prsecure = 1− SOPr, This new objective function222.2. Optimization problemis given asmaximizer∈R(Prconnected)θ(Prsecure)1−θ (2.23)As θ approaches 0 this problem is equivalent to maximizing the security of the route,and as θ goes to 1 it is equivalent to maximizing the connection probability. Taking thelogarithm to convert this monomial into an LP givesmaximizer∈Rθ log(1− COPr) + (1− θ) log(1− SOPr)= θ∑l∈L(log (1− COPl)) + (1− θ)(∑l∈Llog(1− SOPl)) (2.24)which can be solved efficiently. This is a routing problem in the selection of the set L, witheach link having an associated log secrecy outage probability and log connection outageprobability as its weight. While only a single path is considered in the analysis, this is solvedas a multipath routing problem. This is a product of the use of secrecy outage probabilities,in which a single bit being leaked is considered as a secrecy outage, and it cannot be mitigatedby transmitting redundant copies. Due to this, the secrecy outage minimization will forcethe program to converge to a single path solution. While multipath routing is convenientfor general communications, the security impacts are not well studied so we take advantageof this feature to more easily solve the single path routing problem. This greatly reducescomputation time compared to running a mixed integer program for single path routingalgorithms.The considered optimization variable is the routing matrix R. Each element ra,b corre-sponds to the portion of the data flow routed on the link la,b between node a and node b.Let COPa,b be the connection outage probability between a and b, similarly SOPa,b. This232.3. Simulation Studiesoptimization problem is expressed in full in (2.25).The entire process for determining the network routing is then to first determine thejamming powers Pj for each link using (2.14), then to determine the link secrecy outageand connection outage probabilities SOPa,b in (2.5) and COPa,b in (2.17), then to use theseprobabilities to solve the final routing problem. The full optimization problem is expressedbelow:maximizeRθ∑a∈N∑b∈N(ra,b log (1− COPa,b)) + (1− θ)(∑a∈N∑b∈N(ra,b log (1− SOPa,b))) (2.25)subject tora,b ≤ 1ra,b ≥ 0∑a∈Nra,b −∑c∈Nrb,c =1, if b is the destination−1, if b is the source0, otherwise.(2.26)2.3 Simulation StudiesThis problem was simulated on a random network consisting of 30 nodes and 12 eavesdrop-pers. The nodes are uniformly distributed across the entire area of the 10 by 10 grid, whilethe eavesdroppers are normally distributed around the grids center. The message is sentfrom 0,0 to 10,10 to ensure it passes all eavesdroppers. The channel between each node ismodeled by path loss and Rayleigh fading. The simulations show 3 separate comparisons.The first is the effect of changing the trade off variable θ, the second is the effect of changingthe density of eavesdroppers, and the third is the impact of the friendly jamming.242.3. Simulation StudiesTable 2.1: System ParametersNetwork Parameter Valueγth 1Transmit Power 10 WNoise Power 0.01 WTotal Jamming Power 120 WMaximum Jammer Power 20 WNumber of nodes 12Number of Eavesdroppers 4θ 0.5Network Size10m x 10m2.3.1 Security and Service Quality Trade-offThe trade off variable θ is swept from 0.1 to 1, showing the differences in chosen routes. As θis chosen to tend towards higher security, the route will move to a less direct path to increasethe distance from transmitters to eavesdroppers, at the cost of longer hops increasing theconnection outage probability. The impact of the jamming is to allow the routing to ignoreeavesdroppers which are close to a large number of friendly nodes, as the jamming powerwill force Eves SINR below the required threshold for interception.Fig. 2.3 illustrates the effect of different values of θ on the chosen route. θ = 1 showsthe route for minimization of the connection outage probability, without regard for secrecy.The remaining routes are decided using θ to trade off between the secrecy and connectionoutage probabilities. Note how the route moves from an indirect route at the edge of theenvironment away from clusters of eavesdroppers, towards a more direct path with shorterhops as θ approaches 1. It is also visible that the jamming causes the route to avoid isolatedeavesdroppers, while routing relatively close to eavesdroppers that are surrounded by friendlynodes. Fig. 2.4 and Fig. 2.5 show simulation results using the parameters in table 2.1 and 4eavesdroppers, with θ swept from 0 to 0.95.252.3. Simulation Studies0 2 4 6 8 100246810NodesEavesdroppersθ =0.1θ =0.5θ =1Figure 2.3: Emphasizing route quality forces a more direct route, while emphasizing securityroutes away from the eavesdroppersθ0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1Probability0.920.930.940.950.960.970.980.991Effect of Sweeping θ on SOP and COPPConnectedPSecureFigure 2.4: Route outage probabilities for different values of the trade-off variable. Increasingthe focus on connection quality lowers the security performance262.3. Simulation Studiesθ0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1Number of Hops11.522.533.5Effect of Sweeping θ on Number of HopsFigure 2.5: Emphasizing connection quality causes the number of links in the route toincrease2.3.2 Varying the number of eavesdroppersFig. 2.6 and Fig. 2.7 show the effect of adding additional eavesdroppers into the system.These simulations were done using the values in table 2.1, with θ set at 0.5 in each route.The number of eavesdroppers is swept from 1 to 12. As the number of eavesdroppers isincreased, the SOP of each link increases. The routing algorithm compensates by routingto favour security. The effect is that the route SOP and COP both decrease as the numberof eavesdroppers is increased as seen in Fig. 2.6. This means that the route moves to avoidclusters of eavesdroppers, and the hops become longer as demonstrated in Fig. 2.7.272.3. Simulation StudiesNumber of Eavesdroppers0 2 4 6 8 10 12Probability0.820.840.860.880.90.920.940.960.981Effect of Number of Eavesdroppers on SOP and COPPConnectedPSecureFigure 2.6: Route outage probabilities for different numbers of eavesdroppers. Increasedeavesdropper density lowers both the security and service quality of the route.Number of Eavesdroppers0 2 4 6 8 10 12Number of Hops11.21.41.61.822.22.42.62.8Effect of Number of Eavesdroppers on Route LengthFigure 2.7: Increasing the eavesdropper density causes the route to favour longer hops.282.3. Simulation Studies2.3.3 Effect of friendly jammingIn this subsection, the same network is used to compare the generated routes with andwithout friendly jamming. Both routes are generated using the same routing metric, anddiffer only in their calculation of link SOPs. In all links, the SOP will be much higher withoutfriendly jamming than with it. However, the effect is not uniform, as eavesdroppers which arelocated near nodes will be jammed much more effectively, while more isolated eavesdropperswill not have a high jamming power reducing their SINR. Fig. 2.8 shows the different routechoices with and without using friendly jamming. The route without jamming leaves eachlink SOP as a function only of the difference to the nearest eavesdropper, as there is no wayto lower their SINR. The lack of jamming causes the route to take a very indirect path inan effort to better avoid the eavesdroppers. Conversely, the route with friendly jamming isable to be much more direct, as any eavesdroppers which are located near a node can beeasily jammed in order to greatly limit their ability to intercept a transmission. Additionally,the security performance of our scheme with friendly jamming is greatly improved over theproposed scheme in [26] without friendly jamming. Fig. 2.9 shows the effect of the totaljamming power on the route SOP and COP. Increasing the jamming power improves boththe SOP and COP, as the lowered SOP allows the signal to take a route that favours theconnection quality. This is also seen in the increased route length shown in Fig. 2.10.292.3. Simulation Studies0 5 10 15 20 250510152025NodesEavesdroppersJamming routeNon-Jamming RouteFigure 2.8: Application of friendly jamming allows for a much more direct route than usingthe same routing metric without jammingJamming Power (W)20 40 60 80 100 120 140 160Probability0.50.550.60.650.70.750.80.850.90.951Effect of Jamming Power on SOP and COPPConnectedPSecureFigure 2.9: Increasing jamming power significantly improves the route security performance,and marginally improves the connection quality302.4. ConclusionJamming Power (W)20 40 60 80 100 120 140 160Number of Hops11.21.41.61.822.22.4Effect of Jamming Power on Route LengthFigure 2.10: Increasing jamming power allows for a longer route2.4 ConclusionThis chapter considered the problem of routing a signal through a wireless area networkwith concern for both SOP and COP of the route. The typical trade off is that increasingpower to lower the COP will increase the SOP of the link. However, through the useof friendly jamming, we are able to lower the SOP of a route without raising its COP.This is desirable as it helps lower the need to compromise quality of service to improvesecurity. We then considered the problem of routing through a wireless area network whilejointly minimizing the secrecy outage probability and connection outage probability, a tuningvariable θ to weight the COP and SOP to the needs of a user. The jamming powers aredetermined to place nulls at friendly receivers while maximizing the power to eavesdroppers.Using the jamming powers, the route metrics are derived, and the problem is framed as aconvex optimization problem. The performance of the route is demonstrated under differentdensities of eavesdroppers, and different values of θ. It is also compared with the same312.4. Conclusionrouting problem without the assistance of friendly jamming, and achieves better securityperformance. The next chapter considers the problem of self-interference channel estimationfor full-duplex jamming receivers.32Chapter 3Adaptive Filtering for SelfInterference Channel CancellationThe objective of this chapter is to analyze the performance of estimating the self-interferencechannel (SIC) in the presence of the desired signal in the context of friendly jamming. Thishas the potential to significantly increase the secrecy capacity in systems containing full-duplex jamming receivers. Full-duplex jamming receivers are proposed in [10] which ignoresthe SIC estimate, and extended in [11] using half duplex estimation periods in which unse-cured information is transmitted. In order to maximize the total system throughput, it isdesirable to complete the SIC estimate without the use of a half duplex pilot signal. In [17]and [2], the authors examine schemes in which the SIC is estimated under interference fromthe desired signal through the use of very long sets of received data to achieve comparableresults to pilot signal based estimation. In the context of in-band full-duplex communica-tions this is able to provide only a slight performance gain, as the half duplex transmissionperiods still send information. When the receivers transmitted signal is a jamming signal,the half duplex period instead represents a period of no transmission as no informationwill be transmitted. In this context, eliminating the half duplex periods represents a moresignificant performance increase.333.1. System Model and Problem FormulationTransmitter ReceiverAWGNRayleigh Self Interference ChannelAWGN Eavesdropper+Figure 3.1: This system models a transmitter, and eavesdropper, and a single full-duplexjamming receiver3.1 System Model and Problem FormulationThe objective of this chapter is to compare the use of RLS based continuous channel es-timation under self-interference with the use of pilot signals for estimation in the contextof friendly jamming. Our system model is shown in Fig. 3.1. It consists of a transmitter,an eavesdropper, and a full-duplex jamming receiver. The channels from the transmitter toboth the receiver and the eavesdropper are modeled as AWGN channels for simplicity. Theself-interference channel is modeled as a Rayleigh fading channel which is similar to previouswork in this area [2] [29]. In most current writing on Self Interference Channel cancellation,the SIC estimate is completed through the use of a pilot signal and the off-line least squaresestimation formula given by:Θ = (Ψ′WΨ)−1Ψ′WY (3.1)where Ψ represents the LxN matrix of N transmissions of the known jamming signal intoan L-tap channel, W the weighting factor matrix for each input, and Y the received signalholding N observations. |Theta is then the estimated channel between the full-duplex jam-343.1. System Model and Problem Formulationming receiver and itself. This equation is the off-line version of the least squares estimator,and is computationally expensive as it requires a matrix inversion. Least squares estimationcan instead be performed recursively, which is primarily used as it is less computationallyexpensive to compute than the standard least squares estimate. The recursive form of theleast squares estimate is shown below, where ψn and ψn+1 represent the current L previoustransmitted signals and the previous set of signals, yn+1 the new received signal, and θn thecurrent estimate.θn+1 =θn + PnΨn+1λ+ ψ′n+1Pnψn(yn+1θn) (3.2)Pn+1 =Pn + PnΨn+1Ψ′n+1Pnλ+ ψ′n+1Pnψn(3.3)An additional benefit of RLS is that it is able to be ran online to track a time varyingchannel, as long as the channel coherence time is longer than the effective asymptotic lengthof the algorithm, given byLeff =11− λ (3.4)This allows the algorithm to be ran constantly and track the channel continuously [30]As shown in [29], the variance of the channel estimate will be given byvar(hˆ) =σ2n + σ2rNsPref(3.5)where σ2n is the noise power, σ2r is the desired signal power and Pref is the power of thetransmitted signal. Ns is the number of samples in the estimate, or in the case of RLS, Nswill be the effective asymptotic length of the algorithm. When the signal is estimated in aseparate calibration period, the residual power will be given byvar(hˆ) =σ2nNcPref(3.6)so the required number of samples for a given estimate quality is reduced by a factor of1 + σ2rσ2n. However, the requirement for longer estimation lengths when estimating the channel353.1. System Model and Problem Formulationwithout a calibration period is acceptable as data is still being transmitted. The associatedSINRs are calculated under the assumption that the self-interference signal is Gaussian. Thisis a good assumption in the jamming receiver scenario, where the receiver is broadcastingwhite noise to the eavesdroppers, and is a common assumption and provides realistic resultsin the full-duplex communication scenario [17] [2]. The SINR is thenγ =σ2rσ2n + var(hˆ)Pref(3.7)The effective data rate for the bidirectional data stream under RLS cancellation can beexpressed asCrls = log2(1 + γN) (3.8)where N represents the estimation length, and γN is the SNR achieved with that esti-mation length. Similarly, if pilot signals are used for calibration the capacity will be givenbyCc = (1− NcTcFs) log2(1 + γNc) (3.9)with Nc set to match the SINR for RLS case asNc =N1 + σ2rσ2n. (3.10)This equation models the fact that the receiver is not receiving any information while it isestimating its self-interference channel. (1− NcTcFs) is the proportion of time that the receivercan receive, and log2(1 + γNc) is its rate with an Nc sample estimate. As in chapter 1.3, thesecrecy capacity will be the difference in capacity of the transmitter-eavesdropper channeland the legitimate channel. The channel capacity from the transmitter to the eavesdropperis given as363.2. SimulationCte = log2(1 +σ2teN0 + σ2je) (3.11)where σ2te is the received signal power at the eavesdropper from the transmitter, and σ2je isthe received jamming power. Then,SCrls = Crls − log2(1 +σ2teN0 + σ2je) (3.12)andSCc = Cc − log2(1 +σ2teN0 + σ2je) (3.13)3.2 SimulationNumerical calculations were performed to compare the theoretical performance of onlineRLS channel estimation with pilot based estimation in a security context. These calculationswere performed for 2 cases, the first representing SIC cancellation down to a fixed SINR, andthe second representing SIC cancellation using a fixed estimation length. Finally, the twoschemes are compared at different jamming powers. The metric to evaluate their performanceis the secrecy capacity of the system.Table 3.1: System ParametersNetwork Parameter ValueNoise power 0.01 mWReceived Desired Signal Power 1 mWTransmitted Jamming Power 50 mWEavesdropper received signal power 1 mWEavesdropper path loss coefficient 0.01As shown in Fig. 3.2, using RLS over pilot based estimation will provide a slight gain indata rate at a given desired SINR. In this simulation the RLS length is given by TcFs, andthe equivalent length for the LS estimation is TcFs1+σ2rσ2n. The data rate gain for RLS estimation373.2. SimulationSelf Interference Channel Coherence Time (s) ×10-31 2 3 4 5 6 7 8 9 10Capacity (bps/Hz)2.92.9533.053.13.153.23.253.33.353.4Effect of Self Interference Channel Coherence Time on Secrecy CapacityOnline EstimateCalibrated EstimateFigure 3.2: Estimating the self-interference channel without a calibration period allows fora significant increase in secrecy capacityis caused by the need for the pilot based system to operate in half duplex mode during thechannel estimation. It provides a constant rate gain expressed byRRLS = Rpilot1 + γdγd(3.14)This demonstrates that estimation in full-duplex communication modes will not cause a lossof data rate in the system if the desired SNR is held constant.In Fig. 3.3 both estimators are working with a fixed length of 50 samples. The RLS estimatedoes not vary with the channel coherence time, as the coherence time is longer than theestimator length in all cases. The calibrated estimate performs poorly at low coherencetimes, and increases in performance as the coherence time increases. In this scenario, theRLS estimation can be seen to have a significant data rate advantage with low channelcoherence times. It’s ability to track the channel constantly provides a significant gain overthe LS estimator at low channel coherence times as the pilot signal transmission takes a largerproportion of the total channel time when the estimation must be performed frequently.383.2. SimulationSelf Interference Channel Coherene Time (s) ×10-31 2 3 4 5 6 7 8 9 10Secrecy Capacity (bps/Hz)1.522.533.544.55Effect of Self Interference Channel Coherence Time on Secrecy CapacityOnline EstimateCalibrated EstimateFigure 3.3: With both estimators using a fixed length, the online estimate is superior atshorter channel coherence timesSelf Interference Channel Coherence Time (s) ×10-41 2 3 4 5 6 7 8 9 10Capacity (bps/Hz)1.41.61.822.22.42.62.833.2Secrecy Capacity at Short Coherence TimesOnline EstimateCalibrated EstimateFigure 3.4: Online estimation outperforms calibration based estimation at all jamming signalpowers393.2. SimulationFig. 3.4 shows the effect of short coherence times on the secrecy capacity. In this sim-ulation, the calibration based estimate length is set to provide a fixed SINR. The onlineestimate matches this SINR if possible, and uses a length equal to the coherence time if itis not. When the coherence time is too short, the online estimate is unable to take enoughsamples to match the achieved SINR for the calibration based estimate. In these scenarios,estimating with a pilot signal can be more efficient even though there is no transmissionduring the estimate.Jamming Power (mW)10 20 30 40 50 60 70 80 90 100Capacity (bps/Hz)4.64.654.74.754.84.854.9Effect of Jamming Power on Secrecy CapacityOnline EstimateCalibrated EstimateFigure 3.5: Online estimation outperforms calibration based estimation at all jamming signalpowersIn Fig. 3.5, the online and calibrated estimator are compared at varying jamming powers.The increased jamming power lowers the SINR at the eavesdropper, while not affecting theSINR at the legitimate receiver. This is due to the fact that the estimation quality increaseswith the self-interference power. This assumption is reasonable only as long as the analogto digital converter is able to receive both the self-interference signal and the desired signal,so in practice there would be limits on the maximum jamming power.403.2. Simulation3.2.1 ResultsThis analysis was able to demonstrate the performance advantage of online channel esti-mation over calibration based estimates for friendly jamming. The numerical simulationsconfirmed the ability of the online estimate to provide a significant gain over pilot basedestimation in all channel conditions if the SINR of each estimate is matched, and over shortchannel coherence times if the estimation length is held constant. If the channel coherencetime is too short to allow the achievable SINRs to be matched, then the calibration basedestimate can outperform the online estimate. Additionally, as the online estimate does notrequire a calibration period it is simpler to implement for higher level protocols.41Chapter 4Conclusions and Future WorkThis thesis has addressed two problems relating to the use of friendly jamming for physicallayer security: (1) an optimal power allocation and routing through a network, and (2) theuse of online channel estimations for self-interference cancellation in full-duplex jammingreceivers.In Chapter 2, the use of friendly jamming to improve security performance was exam-ined. An optimal jamming power allocation scheme was derived to determine the secrecyperformance in each link. Using the determined secrecy and connection outage probabili-ties, and a tuning variable θ to weight the importance of connection outage probability andsecrecy outage probability to the needs of a user, the signal was routed through the networkto maximize the probability that the route was connected and secure. The performance ofthe route is demonstrated under different densities of eavesdroppers, and different values ofthe trade-off variable between security and connection outage probability. The routing andjamming problem was also compared with the same routing problem without the assistanceof friendly jamming. It was found to have good performance when the number of nodesin the network is greater than the number of eavesdroppers, and acceptable performancewhen they are the same. Future work in this area should examine the routing and jammingproblems at the network level rather than per signal, in order to increase power efficiencyand reduce congestion.In Chapter 3, the effectiveness of using recursive least squares (RLS) for continuous self-interference channel (SIC) estimation without pilot signals was analyzed. Results showedthat RLS without a calibration period is able to increase the system’s secrecy capacity in42Chapter 4. Conclusions and Future Workall jamming powers and channel coherence times if the estimate length is allowed to vary. Ifthe estimate length is fixed, estimating the SIC without a calibration period still provides ahigher secrecy capacity at short channel coherence times. The online estimate proved to bemost accurate with a long effective filter length, and provides the greatest efficiency gain overcurrent methods with a short channel coherence time. It provides a way to take advantageof having no fixed calibration period by continuously tracking the channel while consumingrelatively few computational resources. Future work in this area should include the use ofpurpose built algorithms for SIC estimation over RLS.43Bibliography[1] M. Grant and S. Boyd, “CVX: Matlab software for disciplined convex programming,version 2.1,” http://cvxr.com/cvx, Mar. 2014.[2] D. Korpi, T. Riihonen, and M. Valkama, “Achievable rate regions and self-interferencechannel estimation in hybrid full-duplex/half-duplex radio links,” in 49th Annu. Conf.on Information Sciences and Systems (CISS), March 2015, pp. 1–6.[3] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Trans. Inf. Theory,vol. 22, no. 6, pp. 644–654, Nov 1976.[4] M. Bloch, J. Barros, M. R. D. Rodrigues, and S. W. McLaughlin, “Wireless information-theoretic security,” IEEE Trans. Inf. Theory, vol. 54, no. 6, pp. 2515–2534, June 2008.[5] E. Tekin and A. Yener, “The general Gaussian multiple-access and two-way wiretapchannels: Achievable rates and cooperative jamming,” IEEE Trans. Inf. Theory, vol. 54,no. 6, pp. 2735–2751, June 2008.[6] R. Zhang, L. Song, Z. Han, and B. Jiao, “Physical layer security for two-way untrustedrelaying with friendly jammers,” IEEE Trans. Veh. Technol., vol. 61, no. 8, pp. 3693–3704, Oct 2012.[7] Y. Xu, J. Liu, Y. Shen, X. Jiang, and T. Taleb, “Security/qos-aware route selection inmulti-hop wireless ad hoc networks,” in IEEE Int. Conf. on Communications (ICC),May 2016, pp. 1–6.44Bibliography[8] S. Tomasin, “Routing over multi-hop fading wiretap networks with secrecy outage prob-ability constraint,” IEEE Commun. Lett., vol. 18, no. 10, pp. 1811–1814, Oct 2014.[9] R. Eletreby, H. Rahbari, and M. Krunz, “Supporting phy-layer security in multi-linkwireless networks using friendly jamming,” in IEEE Global Communications Conf.(GLOBECOM), Dec 2015, pp. 1–6.[10] G. Zheng, I. Krikidis, J. Li, A. P. Petropulu, and B. Ottersten, “Improving physicallayer secrecy using full-duplex jamming receivers,” IEEE Trans. Signal Process., vol. 61,no. 20, pp. 4962–4974, Oct 2013.[11] T. X. Zheng, Q. Yang, Y. Zhang, H. M. Wang, and P. Mu, “Physical layer security indistributed wireless networks using full-duplex receiver jamming,” in IEEE GlobecomWorkshops, Dec 2016, pp. 1–6.[12] C. Shannon, “Communication theory of secrecy systems,” Bell Syst. Tech. J., vol. 28,pp. 656–715, 1948.[13] A. D. Wyner, “The wiretap channel,” Bell Syst. Tech. J., vol. 54, no. 3, pp. 1355–1367,1978.[14] P. K. Gopala, L. Lai, and H. E. Gamal, “On the secrecy capacity of fading channels,”IEEE Trans. Inf. Theory, vol. 54, no. 10, pp. 4687–4698, Oct 2008.[15] S. Leung-Yan-Cheong and M. Hellman, “The Gaussian wire-tap channel,” IEEE Trans.Inf. Theory, vol. 24, no. 4, pp. 451–456, Jul 1978.[16] A. Sabharwal et al., “In-band full-duplex wireless: Challenges and opportunities,” IEEEJ. Sel. Areas Commun., vol. 32, no. 9, pp. 1637–1652, Sept 2014.[17] K. Akcapinar and O. Gurbuz, “Full-duplex bidirectional communication under self-interference,” in 13th Int. Conf. on Telecommunications (ConTEL), July 2015, pp. 1–7.45Bibliography[18] S. Venkatasubramanian, K. Haneda, and K. Yamamoto, “System-level performance ofin-band full-duplex relaying on m2m systems at 920 mhz,” in IEEE 81st VehicularTechnology Conf. (VTC Spring), May 2015, pp. 1–5.[19] M. Duarte and A. Sabharwal, “Full-duplex wireless communications using off-the-shelfradios: Feasibility and first results,” in Conf. Rec. of the 44th Asilomar Conf. on Signals,Systems and Computers (ASILOMAR), Nov 2010, pp. 1558–1562.[20] L. Laughlin, M. Beach, K. Morris, and J. Haine, “Electrical balance duplexing for smallform factor realization of in-band full duplex,” IEEE Commun. Mag., vol. 53, no. 5, pp.102–110, May 2015.[21] M. Ghoraishi, W. Jiang, P. Xiao, and R. Tafazolli, “Subband approach for wideband self-interference cancellation in full-duplex transceiver,” in Int. Wireless Communicationsand Mobile Computing Conf. (IWCMC), Aug 2015, pp. 1139–1143.[22] A. Koohian, H. Mehrpouyan, M. Ahmadian, and M. Azarbad, “Bandwidth efficientchannel estimation for full duplex communication systems,” in Int. Conf. on Commu-nications (ICC), June 2015, pp. 4710–4714.[23] G. Zheng, I. Krikidis, J. Li, A. P. Petropulu, and B. Ottersten, “Improving physicallayer secrecy using full-duplex jamming receivers,” IEEE Trans. Signal Process., vol. 61,no. 20, pp. 4962–4974, Oct 2013.[24] H. Huang, X. Zhang, X. Hu, P. Zhang, and Y. Li, “An optimal jammer selection forimproving physical-layer security in wireless networks with multiple jammers,” in 2016Int. Wireless Communications and Mobile Computing Conf. (IWCMC), Sept 2016, pp.719–724.[25] H. Hui, A. L. Swindlehurst, G. Li, and J. Liang, “Secure relay and jammer selection forphysical layer security,” IEEE Signal Process. Lett., vol. 22, no. 8, pp. 1147–1151, Aug2015.46Bibliography[26] J. Yao, S. Feng, X. Zhou, and Y. Liu, “Secure routing in multihop wireless ad-hocnetworks with decode-and-forward relaying,” IEEE Transactions on Communications,vol. 64, no. 2, pp. 753–764, Feb 2016.[27] S. Kandukuri and S. Boyd, “Optimal power control in interference-limited fading wire-less channels with outage-probability specifications,” IEEE Trans. Wireless Commun.,vol. 1, no. 1, pp. 46–55, Jan 2002.[28] H. H. H. Rahul and D. Katabi, “Sourcesync: A distributed wireless architecture forexploting sender diversity,” in Proc. ACm SIGCOMM, New Delhi, India, May 2010,pp. 171–182.[29] D. Korpi, L. Anttila, and M. Valkama, “Impact of received signal on self-interferencechannel estimation and achievable rates in in-band full-duplex transceivers,” in 48thAsilomar Conf. on Signals, Systems and Computers, Nov 2014, pp. 975–982.[30] E. Eweda and O. Macchi, “Convergence of the RLS and LMS adaptive filters,” IEEETrans. Circuits Syst., vol. 34, no. 7, pp. 799–803, Jul 1987.47
- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- Improving security for future wireless networks through...
Open Collections
UBC Theses and Dissertations
Featured Collection
UBC Theses and Dissertations
Improving security for future wireless networks through friendly jamming Adams, Mark M. 2017
pdf
Page Metadata
Item Metadata
Title | Improving security for future wireless networks through friendly jamming |
Creator |
Adams, Mark M. |
Publisher | University of British Columbia |
Date Issued | 2017 |
Description | As the number of connected devices and the importance of mobile communications continue to increase, a greater emphasis must be placed on security. Due to the broadcast nature of wireless communications, wireless networks are very exposed to eavesdropping. While this can be addressed above the physical layers using encryption, this still allows the attacker to receive the message and future work may allow decryption. Physical layer security is an approach to security which exploits the wireless channel to prevent the attacker from decoding the message. This thesis examines the use of friendly jamming, in which some nodes in a network broadcast white noise in order to degrade the channel between the legitimate transmitter and the eavesdropper. We address two problems related to the use of friendly jamming to improve physical layer security. The first problem is routing a signal through a network while using the remaining nodes as jammers to secure the signal. This is solved as two convex problems of allocating power to the jammers and routing the signal using those jammers to secure the transmission. This is shown to be a feasible method to increase security in a network. The second problem is estimating the self-interference channel (SIC) without using a calibration period for full-duplex jamming receivers. As the transmitter cannot transmit while the receiver estimates its SIC using a half duplex pilot signal, eliminating the calibration period can represent a significant capacity gain. Estimating the channel while receiving the desired signal causes it to act as an additional noise source, but this is shown to be overcome through the use of long estimation times. Our proposed scheme is able to increase the secrecy capacity of the system over that of calibration based estimation. |
Genre |
Thesis/Dissertation |
Type |
Text |
Language | eng |
Date Available | 2017-05-25 |
Provider | Vancouver : University of British Columbia Library |
Rights | Attribution-NonCommercial-NoDerivatives 4.0 International |
DOI | 10.14288/1.0347621 |
URI | http://hdl.handle.net/2429/61768 |
Degree |
Master of Applied Science - MASc |
Program |
Electrical and Computer Engineering |
Affiliation |
Applied Science, Faculty of Electrical and Computer Engineering, Department of |
Degree Grantor | University of British Columbia |
GraduationDate | 2017-09 |
Campus |
UBCV |
Scholarly Level | Graduate |
Rights URI | http://creativecommons.org/licenses/by-nc-nd/4.0/ |
AggregatedSourceRepository | DSpace |
Download
- Media
- 24-ubc_2017_september_adams_mark.pdf [ 724.5kB ]
- Metadata
- JSON: 24-1.0347621.json
- JSON-LD: 24-1.0347621-ld.json
- RDF/XML (Pretty): 24-1.0347621-rdf.xml
- RDF/JSON: 24-1.0347621-rdf.json
- Turtle: 24-1.0347621-turtle.txt
- N-Triples: 24-1.0347621-rdf-ntriples.txt
- Original Record: 24-1.0347621-source.json
- Full Text
- 24-1.0347621-fulltext.txt
- Citation
- 24-1.0347621.ris
Full Text
Cite
Citation Scheme:
Usage Statistics
Share
Embed
Customize your widget with the following options, then copy and paste the code below into the HTML
of your page to embed this item in your website.
<div id="ubcOpenCollectionsWidgetDisplay">
<script id="ubcOpenCollectionsWidget"
src="{[{embed.src}]}"
data-item="{[{embed.item}]}"
data-collection="{[{embed.collection}]}"
data-metadata="{[{embed.showMetadata}]}"
data-width="{[{embed.width}]}"
async >
</script>
</div>
Our image viewer uses the IIIF 2.0 standard.
To load this item in other compatible viewers, use this url:
http://iiif.library.ubc.ca/presentation/dsp.24.1-0347621/manifest