Rethinking the Intercept Probability of Random Linear Network Coding
aa r X i v : . [ c s . CR ] A ug Rethinking the Intercept Probabilityof Random Linear Network Coding
Amjad Saeed Khan, Andrea Tassi and Ioannis Chatzigeorgiou
Abstract —This letter considers a network comprising a trans-mitter, which employs random linear network coding to encodea message, a legitimate receiver, which can recover the mes-sage if it gathers a sufficient number of linearly independentcoded packets, and an eavesdropper. Closed-form expressions forthe probability of the eavesdropper intercepting enough codedpackets to recover the message are derived. Transmission withand without feedback is studied. Furthermore, an optimizationmodel that minimizes the intercept probability under delay andreliability constraints is presented. Results validate the proposedanalysis and quantify the secrecy gain offered by a feedback linkfrom the legitimate receiver.
Index Terms —Network coding, fountain coding, physical layersecurity, secrecy outage probability, intercept probability.
I. I
NTRODUCTION
In the context of networks and protocols, network coding [1]has been widely recognized as an intriguing technique to im-prove network performance. It can considerably reduce trans-mission delay, processing complexity and energy consumption,and has the potential to significantly increase throughput androbustness [2]. Therefore, it has been studied for use in manyapplications, including large scale content distribution in peer-to-peer networks [3] and data transmission in sensor networksor delay tolerant networks [4]. Due to the broadcast natureof wireless channels, networks are vulnerable to securityattacks, such as wiretapping and eavesdropping. The problemof achieving secure communication in systems employingnetwork coding has recently attracted the attention of theresearch community in wireles networks. Ning and Yeung [5]first formulated the concept of secure network coding, whichavoids information leakage to a wiretapper. They imposed asecurity requirement, that is, the mutual information betweenthe source symbols and the symbols received by the wiretappermust be zero for secure communication. Based on a well-designed precoding matrix, Wang et al. [6] proposed a securebroadcasting scheme with network coding to obtain perfectsecrecy. Probabilistic weak security for linear network codingwas presented in [7], which devised network coding rules thatcan improve security depending on the adopted field size, thenumber of transmitted symbols and the ability of the attackerto eavesdrop on one or more independent channels.
This work was carried out under the auspices of COST Action IC1104 andthe support of EPSRC under Grant EP/L006251/1.A. S. Khan and I. Chatzigeorgiou are with the School of Computing andCommunications, Lancaster University, LA1 4WA, UK (e-mail: { a.khan9,i.chatzigeorgiou } @lancaster.ac.uk).A. Tassi is with the Department of Electrical and Electronic Engineering,University of Bristol, BS8 1UB, UK (email: [email protected]). Alice(A) Eve(E)Bob(B)
Figure 1. Block diagram of the system model, where ε B and ε E denote theerasure probabilities of the channels linking Alice to Bob and Alice to Eve,respectively. Recently, the intercept probability of fountain coding, whichis equivalent to random linear network coding for wirelessbroadcast applications, was formulated in [8]. Our work hasbeen inspired by the methodology in [8] but differs in twomajor points. Firstly, we have revisited the derivation of the in-tercept probability. More specifically, the decoding probabilityof a receiver has been taken into account in our calculations.Furthermore, key probability expressions have been revisedto accurately reflect (i) the effect of the size of the finitefield over which network coding is performed, (ii) the impactof a feedback link between the legitimate receiver and thetransmitter, and (iii) the fact that the number of transmittedcoded packets cannot be infinite in practice. The seconddifference is that [8] proposed an optimization model withrespect to the number of source packets composing a message.However, the number of source packets and, by extension,their length are often dictated by the provided service. Ourobjective is to minimize the intercept probability by optimizingthe number of transmitted coded packets, under delay andreliability constraints. As part of the optimization process, weprove that awareness of the existence of an eavesdropper isnot required by the transmitter and the legitimate receiver.II. S
YSTEM M ODEL
We consider a network configuration whereby a source(Alice) wishes to transmit a message to a legitimate destination(Bob) in the presence of a passive eavesdropper (Eve), asshown in Fig. 1. Before initiating the communication process,Alice segments the message into K source packets and em-ploys Random Linear Network Coding (RLNC) to generateand broadcast N ≥ K coded packets. The links connectingAlice to Bob and Alice to Eve are modeled as packet erasurechannels characterized by erasure probabilities ε B and ε E ,respectively. As per the RLNC requirements, Bob and Evecan recover the message only if they collect at least K linearlyindependent coded packets.Based on this setup and the general condition that ε B < ε E for physical layer security, we consider two network coded transmission modes, which we refer to as Feedback-aidedTransmission (FT) and
Unaided Transmission (UT). In the FTmode, Alice broadcasts up to N coded packets but ceasestransmission as soon as Bob sends a notification over aperfect feedback channel acknowledging receipt of K linearlyindependent coded packets. In the case of UT, a feedbackchannel between Bob and Alice is not available, thereforeAlice broadcasts exactly N coded packets anticipating Bobto successfully recover her message. In both modes, thecommunication process is considered to be secure if Eve failsto reconstruct Alice’s message. In the rest of this letter, we willinvestigate the resilience of FT and UT to the interception of K linearly independent coded packets by Eve.III. P ERFORMANCE A NALYSIS
The physical layer security offered by the two transmissionmodes will be quantified by the probability that Eve willmanage to recover the message. To derive this probability,which is known as the secrecy outage probability or the intercept probability , we will first consider the general caseof point-to-point communication between Alice and a receiver D over an erasure channel with erasure probability ε D . Notethat D can be either Bob or Eve, i.e., D ∈ { B , E } . If Alicetransmits N ≥ K coded packets and the receiver retrieves n R coded packets, where K ≤ n R ≤ N , the probability thatthe receiver will successfully recover the K source packets isgiven by [9] P ( n R , K ) = K − Y i =0 h − q − ( n R − i ) i , (1)where q is the size of the finite field over which network codingoperations are performed. Let X be a random variable thatrepresents the number of transmitted coded packets for whichthe receiver can recover the K source packets. The CumulativeDistribution Function (CDF) of X describes the probabilitythat the receiver will recover the K source packets after n T coded packets have been transmitted, where K ≤ n T ≤ N .This CDF can be obtained by averaging (1) over all validvalues of n R , that is, F D ( n T ) = Pr { X ≤ n T } = n T X n R = K (cid:18) n T n R (cid:19) (1 − ε D ) n R ε n T − n R D P ( n R , K ) . (2)The probability that the receiver will recover the K sourcepackets when the n T -th coded packet has been transmitted, butnot earlier, is given by the Probability Mass Function (PMF)of X , which can be derived as follows: f D ( n T ) = Pr { X = n T } = ( F D ( n T ) − F D ( n T − , if K < n T ≤ NF D ( K ) , if n T = K. (3)Let us now return our focus to the considered networkconfiguration operating in the FT mode. Recall that Bob sendsan acknowledgement to Alice when he receives K linearlyindependent coded packets and can thus recover the source message. The intercept probability can be expressed as thesum of two constituent probabilities: P FTint ( N ) = P BE ( N ) + P E ( N ) . (4)The first term of the sum in (4), P BE ( N ) , denotes the probabil-ity that both Bob and Eve will recover the message. This canhappen if Bob decodes the message only after the n T -th codedpacket has been transmitted, while Eve has already recoveredthe message or recovers it concurrently with Bob. Invoking thedefinitions in (2) and (3), and considering all possible valuesof n T , we can express P BE ( N ) as P BE ( N ) = N X n T = K f B ( n T ) F E ( n T ) . (5)The second term of the sum in (4), P E ( N ) , represents theprobability that Eve will be successful in recovering the mes-sage but Bob will fail to decode it after Alice has transmittedthe complete sequence of N coded packets. Using the CDFof the number of coded packets delivered by Alice to Eve andBob, respectively, we can write P E ( N ) as follows: P E ( N ) = F E ( N ) [ 1 − F B ( N ) ] . (6)We should stress that (5) and (6) are exact only if the sequenceof coded packets delivered over the Alice-to-Bob link isindependent of the sequence delivered over the Alice-to-Evelink. This is a common hypothesis in the literature of broadcastnetworks, e.g., [8] and [10], and is valid for a non-vanishingproduct between the number of coded packets transmitted overa channel and the erasure probability of that channel [11]. Theaccuracy of (4) will also be demonstrated in Section V.In the case of UT, a feedback channel is not availablebetween Bob and Alice, therefore Alice transmits the completesequence of N coded packets uninterruptedly. Therefore, theintercept probability is simply equal to the probability that Evewill recover the message after Alice has transmitted N codedpackets. Using the definition of the CDF in (2), we obtain P UTint ( N ) = F E ( N ) . (7)Manipulation of the expression for P FTint ( N ) , as shown inAppendix A, and subtraction of P UTint ( N ) from it, yields P FTint ( N ) − P UTint ( N ) = − N X n T = K +1 f E ( n T ) F B ( n T − . (8)Expression (8) measures the loss in the intercept capabilityof Eve or, equivalently, the gain in secrecy by Bob, if Bobcan acknowledge the recovery of the source message to Aliceusing a feedback channel. Remark.
In this letter, we assume that Alice has knowledge ofthe average channel conditions, characterized by the erasureprobability, between her and Bob. If Alice could sense the instantaneous channel quality and transmitted coded packetsonly when the channel quality warranted their error-free deliv-ery to Bob, as in [8], [12], the equivalent erasure probability ofthe link between Alice and Bob would be ε B = 0 . In that case,Alice could generate exactly K linearly independent codedpackets in a deterministic manner, as opposed to random, and ε B ε E I n t e r ce p t p r o b a b ili t y Unaided Transmission (UT)Feedback−aided Transmission (FT)Simulations
Figure 2. Comparison between analytical and simulation results for FT andUT, when ε E ∈ [0 . , . , ε B = { . , . , . , . , . } , K = 50 , ˆ N = 150 , q = 2 and ˆ P = 90 . forward them to Bob. As a result, the intercept probabilitywould reduce to (1 − ε E ) K regardless the transmission mode.This remark concurs with the conclusion of [8] that an arbitrar-ily small intercept probability can be achieved by increasingthe value of K , but at the cost of increased delay.IV. O PTIMIZATION M ODEL
This section aims to determine the optimum value of N , i.e.,the number of coded packet transmissions, that minimizes theintercept probability, provided that a hard deadline is met. Thishard deadline, denoted by ˆ N , represents the number of codedpacket transmissions that Alice is not allowed to exceed. Inaddition, the proposed optimization strategy permits Bob torecover the message with a target probability ˆ P . In the rest ofthis letter, both FT and UT will be optimized by the ResourceAllocation Model (RAM), which is defined as follows:(RAM) min N P int ( N ) (9)subject to F B ( N ) ≥ ˆ P (10) N ≤ ˆ N (11)where the objective function (9) represents the interceptprobability when N coded packets have been scheduled fortransmission. Constraint (10) ensures that the probability ofBob recovering the message is at least ˆ P , while constraint (11)imposes that the number of planned coded packet transmis-sions is less than or equal to ˆ N .The proof of the following proposition will contribute to thesolution of the RAM problem. Proposition 1.
The intercept probability P int ( N ) is a non-decreasing function of N , i.e., P int ( N ) ≤ P int ( N ) for all N ≤ N . (12) Proof:
One of the properties of CDFs is that they are non-decreasing functions and, as per (7), the intercept probabilityof UT is equal to a CDF. In the case of FT, the subtraction − . − . − . − . − . − . − . − . − . − . − . − . − . − . − . − . ε B ε E N ∗ Figure 3. Contour map (solid lines) depicting the loss in intercept probabilitycaused by the change from UT to FT, as a function of ε E and ε B . The valueof N ∗ (dashed line) as a function of ε B has been superimposed on the plot. of P int ( N ) from P int ( N ) for N ≥ N gives a sum ofnon-negative terms, as shown in Appendix B. Therefore, P int ( N ) − P int ( N ) ≥ , which concludes the proof.We can now proceed to Proposition 2 and provide a de-scription of the solution to the RAM problem. Proposition 2.
If the RAM problem admits a solution, theoptimum solution is N ∗ = arg min n N ∈ [ K, ˆ N ] (cid:12)(cid:12) F B ( N ) ≥ ˆ P o . (13) Proof:
Let N ∗ denote the smallest value of N in theinterval [ K, ˆ N ] for which constraint (10) holds. If an integervalue smaller than N ∗ is selected, for example N ∗ − , theintercept probability will reduce, as per Proposition 1, butconstraint (10) will not be met. We thus conclude that N ∗ is the optimum solution to the RAM problem.Root-finding algorithms, such as the bisection method, canbe used on the right-hand side of (13) to determine if N ∗ exists and identify its value. Based on this analysis, we showedthat minimization of the intercept probability under delayand reliability constraints can be achieved by minimizing thenumber of transmitted coded packets. Thus, Alice should knowthe erasure probability of the channel between her and Bob butknowledge of the presence of an eavesdropper is not necessary .V. N UMERICAL AND A NALYTICAL R ESULTS
This section compares the derived analytical expressionswith simulation results, establishes their validity and obtainssolutions to the RAM problem for various channel conditions.Fig. 2 depicts the relationship between the intercept proba-bility and the quality of Bob’s and Eve’s channels, representedby ε B and ε E , respectively. For each point, the value ofthe N coded packet transmissions was optimized by RAMfor K = 50 source packets, ˆ N = 150 maximum allowablecoded packet transmissions, a field size of q = 2 and atarget probability of Bob recovering the source message equalto ˆ P = 90% . In simulations, Alice broadcasts the optimal number of coded packets determined by RAM. Instanceswhere Eve successfully recovers K linearly independent codedpackets are counted and averaged over realizations to ob-tain the intercept probability. We observe the close agreementbetween analytical and simulation results, which confirms thetightness of (4) and (7). Fig. 2 also shows that when thechannel quality between Alice and Eve is significantly worsethan the channel quality between Alice and Bob, the interceptprobability is close to zero for both FT and UT. As expected,the intercept probability increases when the two channelsexperience identical or relatively similar conditions but FToffers a clear advantage over UT. For example, for ε B = 0 . and ε E = 0 . , the intercept probability will reduce from to if the mode of operation switches from UT to FT. Thereduction in the intercept probability due to the adoption ofFT becomes pronounced when ε E drops below . .Fig. 3 quantifies the loss in intercept probability or, equiv-alently, the gain in secrecy that occurs by changing theoperational mode from UT to FT, as noted in (8). The optimumvalue of N , denoted by N ∗ , has also been plotted in Fig. 3(secondary y -axis on the right-hand side of the plot). Observethat as ε B increases from . to . , Alice increases the codedpacket transmissions from 54 to 59 in an effort to maintain theprobability of Bob recovering the source message at ˆ P = 90% .Notice the abrupt change in the intercept probability each timeRAM generates a new optimum value for N , based on ε B .A way to reduce the intercept probability, especially insettings where the values of ε B and ε E are similar, has beenhinted in the Remark. If Alice can measure the instantaneousquality of the channel between her and Bob and transmitscoded packets only when the measured quality is above anacceptable threshold, the effective value of ε B will be reducedand the intercept probability will drop at the expense of delay.VI. C ONCLUSION
We derived accurate expressions for the intercept probabilityof a network, where a transmitter uses random linear networkcoding to broadcast information. Both unaided transmissionand feedback-aided transmission were investigated and thesecrecy gain achieved by the latter approach was computed.We presented a resource allocation model to minimize theintercept probability, while satisfying delay and reliabilityconstraints, and showed that the legitimate receiver is notrequired to have knowledge of the presence of an eavesdrop-per. Theoretical and simulation results identified the channelerasure probabilities for which feedback-aided transmissionoffers a lower intercept probability than unaided transmissionwhen the proposed resource allocation model is applied.A
PPENDIX
A. Reformulation of the intercept probability of FT
Based on the definition of the PMF in (3), the expressionfor P BE ( N ) in (5) can be expanded as follows: P BE ( N ) = F B ( K ) F E ( K ) − F B ( K ) F E ( K + 1) + F B ( K + 1) F E ( K + 1) − . . . − F B ( N − F E ( N ) + F B ( N ) F E ( N ) . If we create pairs from each two consecutive terms, with theexception of the last term, and invoke again the definition ofthe PMF, we obtain P BE ( N ) = " − N X n T = K +1 f E ( n T ) F B ( n T − + F B ( N ) F E ( N ) . In (6), we established that P E ( N ) = F E ( N ) − F B ( N ) F E ( N ) .Using (4), the intercept probability of FT can be expressed as: P FTint ( N ) = F E ( N ) − N X n T = K +1 f E ( n T ) F B ( n T − . (14) B. Proof of Proposition 1 for the case of FT
In order to prove Proposition 1 for the FT mode, it sufficesto set ∆ = P int ( N ) − P int ( N ) and show that ∆ ≥ for all N ≥ N . Using (14), we find that ∆ = F E ( N ) − F E ( N ) − N X n T = N +1 f E ( n T ) F B ( n T − . (15)Terms − F E ( i ) and F E ( i ) for i = N + 1 , . . . , N − , whichcancel each other out, are added to F E ( N ) − F E ( N ) and give F E ( N ) − F E ( N ) = ( F E ( N ) − F E ( N − . . .. . . + ( F E ( N + 1) − F E ( N ))= N X n T = N +1 f E ( n T ) . (16)If we substitute (16) into (15), we obtain ∆ = N X n T = N +1 f E ( n T ) (cid:2) − F B ( n T − (cid:3) which is a sum of non-negative terms and is, thus, ∆ ≥ .R EFERENCES[1] R. Ahlswede, N. Cai, S. R. Li, and R. W. Weung, “Network informationflow,”
IEEE Trans. Inf. Theory , vol. 46, no. 4, pp. 1204–1216, Jul. 2000.[2] R. Bassoli, H. Marques, J. Rodriguez, K. W. Shum, and R. Tafazolli,“Network coding theory: A survey,”
IEEE Commun. Surveys Tuts. ,vol. 15, no. 4, pp. 1950–1978, 2013.[3] C. Gkantsidis and P. R. Rodriguez, “Network coding for large scalecontent distribution,” in
Proc. IEEE INFOCOM , Miami, Mar. 2005.[4] S. Katti, S. Gollakota, and D. Katabi, “Embracing wireless interference:Analog network coding,” in
Proc. ACM SIGCOMM , Kyoto, Aug. 2007.[5] C. Ning and R. W. Yeung, “Secure network coding,” in
Proc. IEEE ISIT ,Lausanne, Jun. 2002.[6] X. Wang, W. Guo, Y. Yang, and B. Wang, “A secure broadcasting schemewith network coding,”
IEEE Commun. Lett. , vol. 17, no. 7, pp. 1435–1438, Jul. 2013.[7] M. Adeli and H. Liu, “On the inherent security of linear networkcoding,”
IEEE Commun. Lett. , vol. 17, no. 8, pp. 1668–1671, Aug. 2013.[8] H. Niu, M. Iwai, K. Sezaki, L. Sun, and Q. Du, “Exploiting fountaincodes for secure wireless delivery,”
IEEE Commun. Lett. , vol. 18, no. 5,pp. 777–780, May 2014.[9] O. Trullols-Cruces, J. Barcelo-Ordinas, and M. Fiore, “Exact decodingprobability under random linear network coding,”
IEEE Commun. Lett. ,vol. 15, no. 1, pp. 67–69, Jan. 2011.[10] E. Kurniawan, S. Sun, K. Yen, and K. F. E. Chong, “Network codedtransmission of fountain codes over cooperative relay networks,” in
Proc.IEEE WCNC , Sydney, Apr. 2010.[11] A. S. Khan and I. Chatzigeorgiou, “Performance analysis of randomlinear network coding in two-source single-relay networks,” in
Proc.IEEE ICC workshops , London, Jun. 2015.[12] Z. Guan, T. Melodia, and G. Scutari, “To transmit or not to transmit?Distributed queueing games in infrastructureless wireless networks,”