#### Abstract

The exploration of the physical layer characteristics of the wireless channel is currently the object of intensive research in order to develop advanced secrecy schemes that can protect information against eavesdropping attacks. Following this line of work, in this manuscript we consider a massive MIMO system and jointly design the channel precoder and security scheme. By doing that we ensure that the precoding operation does not reduce the degree of secrecy provided by the security scheme. The fundamental working principle of the proposed technique is to apply selective random rotations in the transmitted signal at the antenna level in order to achieve a compromise between legitimate and eavesdropper channel capacities. These rotations use the phase of the reciprocal wireless channel as a common random source between the transmitter and the intended receiver. To assess the security performance, the proposed joint scheme is compared with a recently proposed approach for massive MIMO systems. The results show that, with the proposed joint design, the number of antenna elements does not influence the eavesdropper channel capacity, which is proved to be equal to zero, in contrast to previous approaches.

#### 1. Introduction

The growing demand for capacity that wireless networks have experienced in recent years has resulted from the emergence of a new set of services, cheap devices, and useful applications that started to play a crucial role in the professional and social domains of people’s lives. The dependence of such services and applications increased in such a way that now they must be available anywhere, at any time, and in any circumstance. In addition to the flexible availability demand, some of these services require the exchange of private sensitive information, such as personal financial data, government-level classified information, or critical business reports. Due to the broadcast nature of the wireless channel, the protection of this kind of information in mobile networks is seen as a main system design parameter that must be carefully addressed. Since the release of the initial mobile standards, higher layer cryptographic protocols have been used as the main security platform to protect wireless communications from unintended receivers [1]. Although these protocols have found widespread acceptance, they rely on the assumption that an eavesdropper has computational resource limitations [2]. For instance, in asymmetric public key cryptosystems, the security level is supported by the assumption that the integer factorization of the product of two large prime numbers is a very intensive computational task taking into account current factorization techniques. However, in recent years, the advances in the field of number theory and the continuous increase in transistor integration levels are putting pressure on these types of protocols, forcing the use of larger key sizes, which in turn leads to a higher implementation complexity for cryptographic systems [3].

To complement the limitations of standalone cryptographic protocols [4, 5], the development of secrecy schemes that explore the physical layer characteristics of the wireless channel has been considered to efficiently improve information security in wireless networks. Physical layer security does not make any assumption regarding the level of computational capacity at the unintended receiver, being the secrecy provided by building on a channel advantage in relation to the eavesdropper [6]. The advancement of physical layer secrecy can be performed at two main levels: the coding domain and the signal level domain. In the coding domain, the target is to use error-correction codes that are designed to not only provide error detection but also implement some level of secrecy in a wiretap channel [7–10]. For signaling, techniques involving specific precoding designs, power allocation schemes, and cooperative jamming based on interference alignment (IA) [11, 12] and artificial noise injection have been defined in the literature [13–19].

The use of massive MIMO technology is being considered by the research community as mandatory evolution of the conventional MIMO systems to address the capacity requirements of future 5G mobile networks [20–23]. Over the last years, intensive research efforts have been made to solve some practical constraints associated with the large-scale deployment of massive MIMO. However, aspects related to information security have been left aside for some time, and only recently have they begun to be discussed. In [24], pilot contamination attacks in a Time Division Duplex (TDD) multicell multiuser massive MIMO scenario were analyzed. With the use of the same uplink training sequence of a legitimate receiver (Bob), the eavesdropper (Eve) can force the contamination of the channel estimated at the base station, which, in a subsequent downlink beamforming phase, will allow the unintended receiver to improve their ability to tap the communication. To address this problem, the authors derived a closed form solution for optimal power allocation between the information signal and noise, considering a maximum ratio transmission (MRT) precoder plus artificial noise (AN) generation at the legitimate transmitter. A null-space (NS) based precoder that was designed to mitigate the effect of a pilot contamination attack was also suggested. Considering again the same multicell multiuser scenario of [24], the work in [25] compared the use of NS-based precoding and random shaping matrix precoding for AN generation in an MRT-based massive MIMO transmitter under the presence of a multiantenna eavesdropper. Considering the large computational complexity required to calculate the NS of large channel matrices, the authors in [25] verified that the use of random shaping matrices for AN precoding could offer a good solution in terms of performance/complexity tradeoff. The work in [26] shows that by combining the information signal with artificial generated noise, a positive secrecy capacity can be obtained, assuming that the number of antennas at the eavesdropper is smaller than the total number of antennas at the legitimate transmitter. In the first scenario, a multiple-antenna transmitter forces the generated AN to lie in the null space of the legitimate receiver channel. In a second scenario, a single-antenna node cooperates with single-antenna relays to simulate the effect of a multiple-antenna transmitter generating AN. An attempt to force an independent relation between the secrecy capacity and the number of antennas at the eavesdropper was proposed in [27] with the development of the original symbol phase rotated (OSPR) technique. The idea of the OSPR scheme is to use the phase of the reciprocal wireless channel to define random rotations on the original data symbols that are exchanged in the downlink direction between a massive MIMO base station (BS) and several single-antenna user terminals (UTs). Considering that the reciprocal channels are available at both sides of the legitimate link, the intended receiver has all the information required to revert the original random phase rotations applied at the legitimate transmitter, while at the eavesdropper side, assuming no collocation with the legitimate UTs, the random phase rotations cannot be reverted. In [27], the authors claim that, even in the presence of a powerful massive MIMO eavesdropper equipped with an infinite number of antenna elements, the OSPR technique achieves a positive secrecy rate. Using the same basic idea considered in [27], the authors in [28] applied the OSPR scheme in the uplink direction. Another approach that exploits the channel reciprocity to provide secrecy in wireless single-antenna systems was proposed in [29]. The authors in [29] suggested a secrecy scheme that uses the reciprocal channel phase to randomly define discrete jamming signals. In the first part of the work, in order to evaluate the baseline secrecy level of the scheme, the authors consider random combinations of data and jamming signals. In the second part, an efficient data and jamming signal combining algorithm was developed, which allowed verifying a significant improvement over the secrecy level of the baseline scheme.

In this paper, we propose to jointly design the security scheme and massive MIMO precoder. The target is to provide information secrecy in a multiuser massive MIMO scenario in the presence of a passive eavesdropper equipped with a large number of antenna elements. The joint design ensures that the precoding operation does not reduce the degree of secrecy provided by the security scheme and achieves a compromise between legitimate and eavesdropper channel capacities. The fundamental working principle of the joint scheme is to create equivocation at the unintended receiver by applying antenna selective random phase rotations in both the original data symbols and the precoder. To evaluate the merit of the proposed scheme, a comparison with a technique proposed in the literature [27] was performed by using the secrecy capacity as the metric in different multiuser massive MIMO configurations. The comparison showed that for the new proposed scheme the eavesdropper channel capacity is always zero, contrary to what occurs in the scheme proposed in [27], where some leakage of information was always verified. In summary, the main contributions of the presented work are outlined in the following two points:(a)Mathematical analysis of the existing OSPR scheme using the secrecy capacity as evaluation metric: This analysis identifies some of the limitations of the OSPR scheme, which include the nonintentional phase reversions in the OSPR symbols caused by the MRT precoder that leads to zero secrecy capacity for the OSPR scheme. Moreover, the mathematical analysis is confirmed by simulation.(b)Proposal of a joint design for the massive MIMO precoder and security scheme which removes the drawback of the OSPR scheme: We show analytically and by simulation that the proposed joint design forces the capacity of the eavesdropper channel always to zero, independently of the number of antennas at the eavesdropper. Furthermore, the zero channel capacity at the eavesdropper is obtained with minimal impact in the legitimate user’s channel.

The remainder of the paper is organized as follows: Section 2 defines the general system characterization and the secrecy metrics used in the numerical evaluations. Section 3 starts by a description of the OSPR scheme proposed in [27] followed by the mathematical analysis of this secrecy scheme that enables the identification of secrecy breaches, justifying therefore the need for new approaches. The security scheme proposed in this manuscript is formulated in Section 4. In Section 5, the numerical evaluation results are presented. Finally, the main conclusions are outlined in Section 6.

*Notations.* Boldface capital letters denote matrices and boldface lowercase letters denote column vectors. The operations , , , and represent the transpose, the Hermitian transpose, the conjugate, and the trace of a matrix, respectively. Consider a vector ; corresponds to a diagonal matrix with diagonal entries equal to vector . The norm of vector is defined as .

#### 2. System Model and Metrics

In this section, the system setup, as well as the evaluation metrics used to assess the schemes performance, is presented.

##### 2.1. System Model

Figure 1 depicts the general setup used in the schemes described in Sections 3 and 4. The system is a multiuser massive MIMO cell with single-antenna user terminals (UT), one base station (BS), and one passive eavesdropper (Eve) employing and antennas, respectively. The assumption of a passive eavesdropper means that this node listens to the communication and does not cause any intentional interference in the communication channel, making his presence and location uncertain to the legitimate transmitter. In this work, Eve wants to tap the information that is exchanged between the BS and the UTs. We consider TDD channel reciprocity and perfect channel estimations at the BS, which are acquired through an uplink training process. Additionally, we assume that Eve is not collocated with any of the UTs nodes, that is, independence between all the channel responses is verified. In Figure 1, , represents the data symbol of user . All the channel responses are modeled by zero mean and unity variance complex Gaussian fading coefficients with as the channel matrix between the BS and all of the UTs, where , , , denotes the entry at row and column of matrix . In this work, ideal RF up- and downconversion are assumed with all the baseband processing applied to an independent flat fading channel realization.

The vectors , , and , , are defined as the channel vector between BS and UT and between the BS antenna element and the UTs, respectively.

The matrix represents the channel responses between the BS and the eavesdropper, being the respective elements also modeled by complex Gaussian random variables with zero mean and unitary variance. The column vector , defines the channel between BS antenna element and the eavesdropper, where denotes its th element.

The signal transmitted by the BS is given bywhere is the precoding vector for UT and is a function of the data symbol and channel matrix . The transmission power is constrained to . More details on how to compute the precoding vector and the rotated data symbol are provided in Sections 3 and 4.

The signal received at UT is given bywhereas the one received at Eve is defined as ,where and are the zero mean white Gaussian noise with variance, and , at UT and Eve, respectively.

In the following, we assume that the BS has knowledge of the channel matrix and index , the UT only needs to know the channel , for example, the channel between himself and the selected BS antenna from which it extracts the respective channel phase , and Eve knows channel . To acquire channel at the BS, each UT sends an orthogonal pilot sequence to the BS in the uplink training phase. The index is selected at the BS uniformly at random from the set . Then, to acquire the reciprocal channel at UT , the BS broadcasts a reference signal using only antenna . The transmission of the broadcast reference signal at antenna element of the BS will allow the eavesdropper to obtain . We assume that the channel estimations are perfect, and in the case of the eavesdropper, considering no collocation with any of the UTs or BS, the random phase rotations are not available.

##### 2.2. Secrecy Metrics and Theorems

The secrecy evaluation of the schemes considered in this work was performed using the Fano inequality theorem in order to compute a bound on the secrecy capacity. In this subsection, the concept of secrecy capacity and the definition of the Fano theorem are briefly revised to ensure that the manuscript is self-contained.

###### 2.2.1. Secrecy Capacity

The secrecy metric used in the evaluation of the schemes presented in Sections 3 and 4 is the secrecy capacity, , which is formulated aswhere defines the mutual information between random variables and , with being the random variable that defines the data source, the random variable observed at the legitimate receiver, and the one observed by the eavesdropper; the target of each secrecy scheme is to maximize and minimize . The mutual information can be formulated as a function of the entropy. For instance, and have the following representations:where is the differential entropy of the source with and being the equivocations at the legitimate receiver and at the eavesdropper, respectively. Note that when the eavesdropper is not able to acquire any information on through the observation of , and , which is what we expect, that is, an eavesdropper with zero channel capacity.

###### 2.2.2. Fano Inequality

In this work, the* Fano inequality theorem* [30] is used to compute a bound on the secrecy capacity of the schemes presented in Sections 3 and 4. The* Fano *inequality allows us to relate the probability of error with the equivocation rate; therefore, by using the error probability, an upper bound on and can be obtained.

Theorem 1 (Fano’s inequality, [30]). *For any estimator considering the Markov chain, with , an upper bound on the equivocation is defined aswith being the binary entropy given by*

Using* Fano’s* theorem, lower bounds on the capacities of the legitimate receiver and eavesdropper channels are obtained.

#### 3. Secrecy Capacity Analysis of the OSPR Scheme

As mentioned before, this work provides a comparative analysis between the proposed scheme and the OSPR technique suggested in [27]. The purpose of this section is to briefly describe the OSPR scheme in which the fundamental working principle is to use the TDD reciprocal channel phase as a common source between the BS and UTs to define random phase rotations in the original data symbols. Furthermore, we show that the eavesdropper channel capacity is always positive, and for the special case of an infinite number of antennas at the eavesdropper and a single user terminal, the capacity is one; that is, the secrecy capacity is zero.

##### 3.1. Precoding

Before the computation of the massive MIMO precoder, the OSPR security scheme uses the reciprocal channel random phases , , to rotate the original data symbols , . The result of this rotation is

After the rotation of the original data symbols, the transmitted signal , as described in (2), is computed by applying the MRT precoder,directly to the rotated data, . The design of the MRT precoder is performed separately from the OSPR scheme without taking into account their combined behavior. As described in the following, some nonintentional phase reversions in the OSPR symbols are caused by the MRT precoder. This nonjoint design will lead to information leakage to the eavesdropper.

##### 3.2. Decoding

To evaluate the security performance of the scheme suggested in [27], in this work, we consider that Eve applies a maximum ratio combining (MRC) equalizer to the received signal in order to estimate . Using as the equalizer vectorthe eavesdropper obtains

After applying to the received signal , the obtained estimative, , is directly demodulated. Regarding the decoding process at the user terminals, the received signal is directly demodulated after reverting the random phase rotations applied at the original symbols.

As demonstrated in the next point, the use of will allow an eavesdropper with unlimited number of antennas to drive the secrecy capacity to zero, especially when only one UT is accessing the network.

##### 3.3. Analysis

In this subsection, we analyze the secrecy capacity of the OSPR scheme. Using as a power normalization factor,from (2), (4), (10), (11), and (12), it follows thatIf we consider the limiting case of an eavesdropper with an infinite number of antenna elements, thenwhere the last equality follows from the independence of random variables and . Similarly, it follows thatwhere and following from the independence of the random variables and . Equations (14), (15), and (16) lead to the simplification defined byDefining as the positive constantthe signal simplifies toAnalyzing , it is possible to realize that, for one user terminal and considering a PSK constellation for , it follows that . Then, the eavesdropper can obtain all of the information, that is, . As may be verified from (19) and the definition of and (see (13) and (18)), the secrecy level of the OSPR scheme proposed in [27] is reached not by the OSPR random phase rotation applied at the original data symbols but because the eavesdropper has no knowledge of and because the increasing interference that results when the number of user terminals accessing the network begins to grow.

#### 4. Proposed Joint Scheme

To address the security faults of the OSPR scheme suggested in [27], in this work, we propose to jointly design the massive MIMO precoder and the security scheme. As demonstrated in this section, for the proposed joint precoder and security scheme, the resulting eavesdropper channel capacity is zero even for the limiting case of an eavesdropper with an infinite number of antennas. Regarding the capacity of the legitimate channel, as confirmed in Section 5.2, the degradation imposed by the joint design tends to zero for a number of antenna elements at the BS much larger than the number of user terminals, that is, for a massive MIMO scenario.

##### 4.1. Precoding

In the proposed joint scheme, the design of the MRT precoder was accomplished by considering the random rotations applied to the original data symbols by the security scheme. The computation of the precoding vector, , for UT is done as follows:In the vector above, the phase of the precoding coefficient for antenna element , the antenna selected randomly to extract the phases rotations, is changed from to . The transmission signal, , is again defined asThrough this modification of the MRT precoder, reversions of phase rotations created by the combination of the MRT and OSPR are avoided.

##### 4.2. Decoding

In the case of the user terminals, the decoding at the legitimate receiver is performed as follows. Consider that antenna element is selected at the BS to extract the random phase rotations. Let be defined as the interference term from the other user terminals; then, signal received at UT is given byAt the user terminal, , the equalization is done computing as defined belowAfter applying to , the estimated value of is directly hard or soft demodulated to obtain the original data. On the eavesdropper side, as shown in the next section, the channel capacity is always zero for any applied decoder.

Further, as shown in the remainder of this subsection, when the number of antenna elements at the BS grows to infinity, a legitimate user can acquire all of the information; that is, the legitimate channel capacity is maximum.

Starting by considering an infinite number of antenna elements at the BS, that is, , the following simplifications can be performed in the received equalized signal :Applying (25) to (22) and (26) to (23), the estimated signal, , can be simplified in (27) as

Because is a positive constant, from (27), it is possible to conclude that all of the information regarding the source can be obtained from when the number of antennas at the BS grows to infinity.

##### 4.3. Analysis

The main target of any secrecy scheme is to enforce the independence between the source and the signal observed by the eavesdropper. If the independence between these signals is verified, a zero capacity for the eavesdropper channel is achieved; that is, the mutual information between the source and the eavesdropper received signal is zero.

In the remainder of this section, we mathematically demonstrate that, for the proposed joint massive MIMO precoder and security scheme, the mutual information between the source and the eavesdropper received signal is zero.

Consider the worst possible scenario, which is a noiseless eavesdropper channel. For this case, the received signal, , at the eavesdropper isAs previously defined, is equal to the original data symbol but with a random phase rotation ofThen, it follows thatNow, let us define and as follows:Then, the received signal at the eavesdropper can be rewritten asNote that is a function of but is independent of . Due to the uniform distribution of , any possible fixed value of can be generated by any , , considering a PSK constellation. Therefore, without the knowledge of , the random variable is independent of . As and are both independent of , the set defines a multidimensional constellation point observed by Eve and that point can be generated with equal probability by any possible set of data symbols , . If each constellation point observed by Eve can be generated with equal probability by any possible set of data symbols, then and the source are fully independent and, as a consequence, the mutual information between them is zero.

#### 5. Evaluation Results

The numerical results regarding the secrecy capacity of the schemes defined in Sections 3 and 4 are presented in this subsection considering a QPSK constellation. For all of the results, the mutual information is measured in bits per channel use (Bpcu) in the interval . This means that when the capacity reaches the value of one, all the information from the source is obtained. However, if the mutual information is equal to zero, no information is extracted from the observed signal.

##### 5.1. OSPR Scheme

The eavesdropper channel capacity for the OSPR scheme defined in [27] was evaluated using the lower bound provided by the* Fano inequality theorem* for several network parameters. The curves in Figure 2 describe the capacity of the eavesdropper noiseless channel computed as a function of the number of antenna elements at Eve, assuming that only one UT is accessing the network, that is, no interuser interference. The results show that for a fixed number of antenna elements at Eve, the capacity of the eavesdropper channel can be reduced by increasing the number of antennas at the legitimate transmitter. However, for a fixed number of elements at the legitimate transmitter, the secrecy capacity of the OSPR scheme reduces to zero if the number of antennas at the eavesdropper grows to infinity, thus confirming the mathematical analysis performed in Section 3.3.

The main conclusion for this first set of results is that when just one UT is accessing the network, the OSPR scheme cannot avoid the driving of the secrecy capacity to zero if the eavesdropper has an unlimited number of antenna elements.

Next, to evaluate the scheme proposed in [27] in a more realistic scenario, Figure 3 describes the capacity of the eavesdropper channel when more than one UT is present. The eavesdropper capacity curves in Figure 3 show that by increasing the number of users in the network, the capacity of the eavesdropper channel decreases, which allows the improvement of the secrecy level of the system, as verified in the analysis performed at the end of Section 3.3. However, for a reduced number of users, the OSPR technique cannot avoid the leakage of information from the legitimate link to the eavesdropper.

##### 5.2. Proposed Joint Scheme

To compare the performance of the proposed scheme with the OSPR solution defined in [27], the secrecy capacity for the joint technique was evaluated again using the* Fano inequality theorem*, which provides a lower bound on the legitimate channel capacity and, in this case, is equal to the secrecy capacity.

The first evaluation was performed by assuming just one user terminal accessing the network, considering and , being the results presented in Figure 4. The numerical results in Figure 4 show that for the joint design, the secrecy capacity is maximum in the high SNR regime; therefore, contrary to what occurs with the OSPR technique, the eavesdropper cannot get any information exchanged between the BS and the user terminal in this case, even by employing a massive antenna array with 512 antenna elements.

For the joint solution, the secrecy capacity does not depend on the number of antenna elements at the eavesdropper, with the capacity of the eavesdropper channel being always zero.

In the results presented in Figure 5, the mean secrecy capacity was evaluated by fixing the number of antenna elements at the eavesdropper to 64. In this case, the number of antennas at the BS was defined as with the number of user terminals being equal to . The analysis of the results in Figure 5 shows that by increasing the number of user terminals in the network, the secrecy capacity achieves lower values.

However, the cause of this reduction is the degradation of the legitimate channel capacity due to the additional interference of other user terminals, with the eavesdropper channel capacity being always zero, as mentioned before and as shown mathematically in Section 4.3. Another point that should be observed is that increasing the number of antenna elements at the BS, the secrecy capacity improves due to the multiple access orthogonalization. To assess the capacity degradation in the legitimate channel for the proposed scheme, a comparison between the capacity of a regular massive MIMO MRT precoding technique and the proposed scheme is done in Figure 6. The curves in Figure 6 were obtained for 8 user terminals and a number of antenna elements at the base station, which is defined by . The results show that when the number of elements at the base station is much larger than the number of user terminals accessing the network, the degradation of the legitimate channel capacity goes to zero. Therefore, the proposed joint scheme adds security to the massive MIMO system with negligible capacity loss when compared to the same massive MIMO system without any security measure.

#### 6. Conclusion

In this work, we proposed a joint scheme to add security to massive MIMO systems. In the proposed approach, the channel precoder and security scheme are jointly designed. The joint design assures that the secured data does not become unsecure after passing through the channel precoder. As mathematically demonstrated, the simple concatenation of the two blocks, channel precoder, and security scheme, without considering the coupling between them, results in the leakage of information from the source to the eavesdropper, which can lead to the complete recovery of the transmitted data. Nevertheless, the OSPR scheme does not reduce the capacity of the legitimate link. In contrast, in the proposed joint approach, the capacity of the eavesdropper channel is zero, and the capacity of the legitimate link is only very slightly reduced. As a result, the secrecy capacity of the proposed joint scheme is much higher than the one where the channel precoder and security schemes are simply concatenated without considering the coupling between the two parts.

#### Conflicts of Interest

The authors declare that they have no conflicts of interest.

#### Acknowledgments

This work is supported by the European Regional Development Fund (FEDER), through the Competitiveness and Internationalization Operational Program (COMPETE 2020) of the Portugal 2020 framework, and by FCT/MEC through national funds, under Projects SWING2 POCI-01-0145-FEDER-016753 and UID/EEA/50008/2013.