Securing mmwave Vehicular Communication Links with Multiple Transmit Antennas

Securing mmwave Vehicular Communication Links with Multiple Transmit Antennas Mohammed E. Eltayeb Department of Electrical and Electronic Engineering California State University, Sacramento Sacramento, USA mohammed.eltayeb@csus.edu Robert W. Heath, Jr. Department of Electrical and Computer Engineering The University of Texas at Austin Austin, USA rheath@utexas.edu Abstract This paper presents a low-complexity physical layer security technique for millimeter wave mmwave vehicular communication systems. The proposed technique exploits the large dimensional antenna arrays available in mmwave systems and the road reflected path to generate location dependent transmission. This results in coherent transmission to the legitimate receiver and interference that jams eavesdroppers with sensitive receivers along the same lane of travel. Theoretical and simulation results demonstrate the validity and effectiveness of the proposed technique and show that high secrecy throughput can be achieved when compared to conventional array transmission techniques. Index Terms Antenna arrays, Radio frequency, Array signal processing, Millimeter wave, Transmitters. I. INTRODUCTION Vehicular communication in the millimeter wave mmwave band has been recently proposed to realize multi-gbps data rates and support future intelligent transportation systems ITS applications []-[4]. This paradigm shift from classical lower frequency to higher frequency mmwave technologies introduces new security challenges that cannot be fully handled via traditional cryptographic means. For instance, in lower frequency systems, public cryptographic keys can be simply broadcasted over the wireless channel, however, in mmwave systems, the directionality of the mmwave channel dictates dedicated public key transmission to all network nodes. This imposes a great deal of overhead on the system. Moreover, these cryptographic techniques generally require an infrastructure for key management which might not be readily available for mmwave systems [5]. With the emergence of new time-sensitive ITS applications and the increasing size of the decentralized vehicular network, the implementation of traditional cryptographic techniques becomes complex and challenging. Motivated by these challenges, recent research investigated the use of keyless physical layer PHY security techniques to secure mmwave communication links [6]- []. These techniques rely on multi-antenna transmission to create interference or artificial noise within the null space of the legitimate receiver. Such interference will degrade the channel of potential eavesdroppers. Despite their effectiveness, the techniques proposed in [6]- [] require the eavesdropper to be physically located on non-receiver transmission directions and will fail if a malicious eavesdropper receives a reflected path from the target receiver. Moreover, the techniques proposed in [6] and [7] are based on digital beamforming, and therefore, are not suitable for mmwave systems. In vehicular environments, the legitimate receiver and the eavesdropper can have the same angle of departure AoD if the eavesdropper is located along the receiver s lane of travel. Additionally, an eavesdropper within the vicinity of the target receiver can intercept the communication link via a path reflected from the target receiver. Therefore, techniques that generate location based i.e. direction and distance encryption are of great interest to counter such scenarios and secure mmwave links. In this paper, we propose a location-based PHY security technique for vehicular networks. We exploit the large dimensional antenna arrays available in mmwave systems and the road reflected path to generate location based transmission. We consider the special case where a transmitter is communicating with a receiver in the presence of an eavesdropper along the same lane of travel as shown in Fig., i.e., both the receiver and the eavesdropper receive the direct path. To enhance the secrecy of the communication link, a few antennas are cophased along the direct path, while the remaining antennas are co-phased along the target receiver s road reflected path. These antennas are randomly selected with every symbol transmission. This random antenna selection generates random grating lobes in both the direct and the reflected paths, and results in noise-like signals in both paths. As we will show, by aligning the two paths to the target receiver, these noiselike signals converge to a constant at the target receiver and become a random variable at other locations. This randomizes the beam pattern at non-receiver locations and enhances the secrecy of the communication link. II. SYSTEM MODEL We consider a mmwave vehicular system with a transmitter and a receiver in the presence of a single or multiple eavesdroppers on the direction of transmission as shown in Fig.. We adopt a uniform linear array ULA with N T antennas along the y-axis with the array centered at the origin; nonetheless, the proposed technique can be adapted to other antenna structures. This can be done by, for example, varying the complex antenna weights to form coherent combining at

The conjugate operator on the reflected path is required to cancel the interference that results from the random antenna switching at the receiver. From and, the received signal at the target receiver after channel equalization becomes Fig.. An example of a transmitter communicating with a receiver in the presence of an eavesdropper. The transmitter generates interference artificial noise in non-receiver regions. the target receiver as described in the Section III. To transmit a data symbol sk = c k e jφ k, where k is the symbol index, c k and Φ k are the symbol s amplitude and phase, and E[ s ] =, sk is multiplied by a unit norm transmit beamforming vector fk = [f k f k... f NT k] C NT. The mmwave channel between the transmitter and the receiver is assumed to be a narrow band line-of-sight LoS with perfect synchronization. Due to the dominant reflected path from the road surface, a two-ray model is usually adopted in the literature to model LOS vehicular communication []-[]. Based on this model, the mmwave channel can be modeled using array manifold concepts as []-[4] h θ D, θ R = αd a θ D + αr a θ R, where θ D, θ R are the AoDs along the direct and reflected paths, α D and α R represent the mmwave channel gains including the path-loss along both the direct and the reflected paths. The nth entry of the array manifold vector aθ C NT is [aθ] n = sin θ, and λ is the wavelength. All receivers, including eavesdroppers, are assumed to have perfect channel knowledge and access to both their direct and reflected paths. e jn N T πd λ III. SECURE MILLIMETER WAVE TRANSMISSION In this section, we introduce a PHY security technique that jams potential eavesdroppers located along the direction of travel. Any of the techniques proposed in [8]- [] can be used to jam eavesdroppers on other directions. The proposed technique exploits both the direct and the road reflected path to design a beam pattern that coherently combines only at the target receiver, thereby creating location-based direction and distance transmission. To achieve this, a random subset of M antennas are selected to transmit the kth information symbol along the direct path while the reaming N T M antennas used to transmit the kth formation symbol along the reflected path. Based on this, the nth antenna phase shift when transmitting the kth symbol becomes { NT υ n k = n πd λ sinθ D, n I D k NT n πd λ sinθ R Φ k, n I R k where the size of the random subsets I D = M and I R = N T M, and Φ k is the kth transmit symbol phase. Based on the nth entry of the beamforming vector fk becomes f n k = NT e jυnk. To receive the information symbols, the target receiver combines the signal received on its direct path with the conjugate of signal received on its reflected path. yk, θ D, θ R = a θ D a θ R fksk + fksk + zk, where zk is the effective noise after channel equalization and normalization by the receive antenna gain. Expanding yk, θ D, θ R, the received signal at the target receiver becomes yk, θ D, θ R = m I Dk n I Rk N T sk e j N T m πd λ sinθd e j N T m πd λ sinθd + e j N T n πd λ sinθd e j N T n πd λ sinθr Φ k + N T s k m I Dk n I Rk e j N T m πd λ sinθr e j N T m πd λ sinθd + e j N T n πd λ sinθr e j N T n πd λ k sinθr Φ + z. Grouping similar elements we obtain yk, θ D, θ R = skm + s k e jηnθr ηnθd + N T n I Rk s k e jηmθr ηmθd + skn T M + z = NT m I Dk sk + s kγθ R, θ D + z, where η x θ = N T x πd λ sinθ, the random term artificial noise n I Rk ejηnθr ηnθd results from the random antenna switching, and the constant Γθ R, θ D = πd sinn T λ sinθr sinθ D NT sin πd sinθr sinθd. λ From, we observe that if the transmitted symbol is real, i.e. Φ k =, then s k = sk and the resulting beam pattern converges to N T + Γθ R, θ D, which is constant. If the transmitted symbol is complex, the term s k in the second part of introduces noise at the target receiver. There are two ways to deal with this. The first is to simply transmit the real and imaginary parts of the symbol in orthogonal timeslots. This of course will result in a.5 loss in the rate. The second way is to treat the term s kγθ R, θ D as noise at the receiver. This will result in a signal-to-noise-ratio SNR hit. Nonetheless, both strategies will improve the secrecy of

the communication link when compared to conventional techniques which focus on direction-only encryption not location. The received signal at an eavesdropper with a sensitive receiver located along the same direction of the target receiver with AoDs θ D, θ θ R, since the reflected path is unique to the target receiver, can be derived in a similar manner as yk, θ D, θ = s k N T m I Dk Me jφ k + e jηnθr ηnθd + n I Rk e jηmθ ηmθd + e jηnθ ηnθr + z E,4 n I Rk where z E is the effective noise at the eavesdropper and it is is assumed to be much lower than the effective noise at the target receiver i.e. z E << z. From 4 we observe that the signal received at an arbitrary location along the transmit direction becomes a random variable that is a function of the subsets I D k and I R k and the AoD of the reflected path, and converges to a constant only when θ = θ R, i.e. at the location of the target receiver only. IV. PERFORMANCE EVALUATION In this section, we evaluate the performance of the proposed mmwave secure transmission technique in terms of secrecy throughput. For mathematical tractability, we assume that all communication takes place during a coherence interval T in which the channel is assumed to be constant. This assumption allows us to account for the distortion caused by the artificial noise and derive the secrecy throughput. Further, we assume that the transmitter transmits real symbols only, i.e. half the time will be used for communicating the real part and the remaining time for communicating the imaginary parts of the communication symbols. This allows us to evaluate the performance of the system irrespective of the underlying modulation technique used at the transmitter. Based on these assumptions, the secrecy throughput R bits/channel use becomes R = [log + γ r log + γ e ] +, 5 where the factor accounts for time consumed for communicating the imaginary part of sk, γ r is the SNR at the target receiver, γ e is the SNR at the eavesdropper, and a + denotes max{, a}. We derive the secrecy throughput of the proposed technique and consider the following scenarios: i eavesdropper intercepts communication via the direct path only, ii eavesdropper intercepts communication via the reflected path only, and iii eavesdropper intercepts communication via both the direct and reflected paths. From, the SNR at the receiver can be expressed as γ r = N T σ + Γθ R, θ D, 6 where σ is the effective noise variance at the target receiver. Let the random variable β Ixkθ, θ = n I ej N T n πd λ sinθ sinθ xk, then from 4, the SNR at an eavesdropper intercepting communication via the direct path becomes σ e,d γ e,d = N T M + E[β IRkθ D, θ R ] N T var[β IRkφ D, θ R ] + σe,d, 7 is the effective noise variance at the eavesdropper. The SNR expression in 7 accounts for the average beamforming gain at the eavesdropper and the randomness or variance of the resulting beam pattern, which is noise to the eavesdropper. The SNR at an eavesdropper intercepting communication via the reflected path see third and fourth terms of 4 can be expressed in a smilier manner as N γ e,r = T E[β IRkθ R, θ+β IDkθ D, θ] N T var[β IRkθ R, θ+β IDkθ D, θ] + σe,r 8 E[β IRkθ R, θ] +E[β IDkθ D, θ] = var[β IRkθ R, θ]+var[β IDkθ D, θ]+n T σe,r, 9 where σe,r is the effective variance and 7 follows since β IRkθ R, θ and β IDkθ D, θ are independent. Finally, the SNR at an eavesdropper intercepting communication via the direct and the reflected paths see 4 can be expressed as γ e = M + E[β IRkθ D, θ R ] +E[β IDkθ D, θ] + E[β IRkθ R, θ] var[β IRkθ D, θ R + β IDkθ D, θ +β IRkθ R, θ] + N T σ e where σe = σe,d + σ e,r is the total effective noise variance at the eavesdropper, and the variance of the beam pattern at the eavesdropper is var[β IRkθ D, θ R + β IDkθ D, θ + β IRkθ R, θ] = var[β IRkθ D, θ R ] + var[β IDkθ D, θ] + var[β IRkθ R, θ] since the individual random patterns are independent. To complete the SNR derivations, we need to derive the mean and variance of the random variables β IRkθ D, θ R, β IRkθ R, θ R, and β IDkθ D, θ. We undertake this in the following lemma. Lemma : For large number of antennas N T, the random variable β Ixkθ, θ, where I x k = M, and θ θ, converges to a Gaussian random variable with mean E[β Ixkθ, θ ] = M sin πd N T λ sinθ sinθ N T sin πd λ sinθ sinθ, and variance var[β Ixkθ, θ ] = M MNT. Proof : See Appendix I. From Lemma, the beam pattern variance at an eavesdropper when intercepting communication via the direct path only, the reflected path only, and both paths becomes var[β IRkφ D, θ R ] = M MNT,

Normalized Beam Pattern Variance.8.7.6.5.4.. Combined eaves Combined eaves theory Reflected eaves Reflected eaves theory Direct Eaves Direct eaves theory Combined receiver Secrecy Throughput bits/channel use.5.5.5.5 8 6 4 4 48 56 64 7 8 9 Angle Direction degrees 5 a Direct path b Combined. 4 6 48 64 8 96 8 Subset Size M Fig.. Numerical and normalized theoretical values eq. -5 of the beam pattern variance at both the target receiver and the eavesdropper versus the transmission subset size M; N T = 8, θ D =, θ R = 4, and the eavesdropper AoD along the reflected path θ E = 5. Secrecy Throughput bits/channel use Proposed Proposed theory Conventional 8 6 4 4 48 56 64 7 8 9 Angle Direction degrees var[β IRkθ R, θ]+var[β IDkθ D, θ] = M MNT,4 var[β IRkθ D, θ R ] + var[β IDkθ D, θ] + var[β IRkθ R, θ] = M MNT, 5 respectively. Applying Lemma and 6- to 5, the secrecy throughput can be derived for each case. V. NUMERICAL RESULTS AND DISCUSSIONS In this section, we demonstrate that the proposed technique can achieve low secrecy throughput at the target receiver while enforcing higher secrecy throughput in undesired locations. We consider a system that operates at 6 GHz with a bandwidth of 5 MHz and an average transmit power of 7dBm. A standard two-ray log-distance path loss model with exponent is used to model the mmwave communication channel. Unless otherwise specified, the number of transmit antennas is set to 8 antennas, d λ =.5, the distances and receive antenna gains are set to achieve an effective noise variance σ =. at the receiver, and σe = 5 at the eavesdropper. The receiver and the eavesdropper are assumed to share the same AoD for the direct path. To study the effect of the subset size on the variance of the beam pattern at an eavesdropper, we plot the numerical and theoretical values of the resulting beam pattern variance in Fig.. We consider three scenarios. The first assumes that the eavesdropper intercepts communication via the shared direct path only, the second assumes that eavesdropper intercepts communication via the reflected path only and the third assumes that the eavesdropper intercepts communication via Fig.. Secrecy throughout of an eavesdropper when using the proposed PHY technique and conventional array transmission for two scenarios with θ D =, θ R = 4, N T = 8, and M = 64. Scenario a eavesdropper intercepts communication using its direct path only. Scenario b eavesdropper intercepts communication using both the direct and the reflected paths. Both the eavesdropper and the target receiver share the same AoD along the direct path. both the direct and the reflected path. For all scenarios, the figure shows that the beam pattern variance, which is a measure of artificial noise, is zero at M = and M = 8, i.e. when the transmitter transmits on either the direct or the reflected path. The reason for this is that when the transmitter uses all of its antennas to transmit on either path, there will be no random grating lobes on either path. In this case, an eavesdropper with a sensitive receiver can intercept communication from either the main lobe or the sidelobe. The figure also shows that there is an optimal subset size that maximizes the beam pattern variance which is occurs at M = NT. At this value of M, there is an equal amount of artificial noise generated by the random grating lobes on both the direct and reflected paths. Since both the target receiver and eavesdropper share the same AoD of the direct path, the beam pattern variance will be lower when the eavesdropper uses the direct path only to intercept communication and highest when it uses both the reflected and direct path as the eavesdropper receives artificial noise on both path. This is confirmed by the Fig.. The beam pattern variance is zero at the target receiver since the proposed technique ensures that both the direct and the reflected paths combine coherently and cancel-out interference on the direct and reflected paths. In Fig., we present results on the secrecy throughput of the proposed technique for an eavesdropper and compare it against conventional array transmission without PHY encryption.

Secrecy Throughput bits/channel use 6 5 4 N T = 8, 64 Proposed theory Proposed Secrecy Throughput bits/channel use 6 5 4 = =. =. =.4 =.8 4 6 8 4 Subset size M 4 6 8 4 Subset size M Fig. 4. Numerical and theoretical values of the secrecy throughput versus the transmit subset size M for different number of transmit antennas; θ D =, θ R = 4, and the eavesdropper AoD along the reflected path is θ E = 5. Fig. 5. Evaluation of the secrecy throughput in the presence of beam alignment errors; θ D =, θ R = 4, θ E = 5, and N T = 8. With the target receiver located along θ R = 4, two scenarios are considered for the eavesdropper: a eavesdropper intercepts communication using the direct path only Fig. a, and b eavesdropper intercepts communication using the both the direct and reflected paths Fig. b. In the first scenario, Fig. a shows that non-zero secrecy throughput is achieved irrespective of the eavesdropper s location. This results since the proposed technique introduces a jamming signal, which results from the random antenna switching when communicating on the reflected path, on the direct path, thereby improving the secrecy of the shared direct path. In the second scenario, Fig. b shows that non-zero secrecy throughput is achieved at all location, except at θ E = 4. Hence, the secrecy throughput is zero only at the location of the target receiver at θ R = 4, which is not realistic in practice. At θ E = 4, the proposed technique ensures that interference in both the direct and the reflected path converge to coherently combine and converge to a constant. This results in high SNR at the target location only. For both situations, Fig. shows that the proposed technique provides higher secrecy throughput when compared to conventional array transmission. Conventional array transmission does not encrypt or jam communication on either paths, hence resulting in the zero secrecy throughput shown in Fig.. Furthermore, the figure shows that the analytical results in Section IV are in agreement with the numerical simulation results. This allows us to gain further insights in the impact of key parameters like the N T and M on the achievable secrecy throughput. In Fig. 4 we study the effect of the transmission subset size M on the secrecy throughput when the eavesdropper intercepts communication via the direct path only. Unlike Fig. which shows that M = NT maximizes the beam pattern randomness on the direct path, Fig. 4 shows that higher secrecy throughput can be achieved when almost all antennas are used to communicate along the reflected path. Lowering the subset size M lowers the beamforming gain on the direct path, which is shared by the eavesdropper, while ensuring some randomness on the direct path as well. The secrecy throughput deteriorates when the beamforming gain exceeds the artificial noise signal ampplitude at the eavesdropper. Note that changing the subset size has no effect on target receiver since both direct and reflected beams coherently combine at the target receiver irrespective of the subset size M. Finally in Fig. 5, we investigate the impact of imperfect beam alignment, due to AoD estimation errors or change in the vehicle location, on the secrecy throughput. As stated in Section III, the proposed technique requires both the direct and the reflected beams to be perfectly aligned to the target receiver in order for the beams to converge to a constant. When the beams are not perfectly aligned, the resulting pattern at the target receiver will not converge to a constant. This generates artificial noise at the target receiver as well as the eavesdropper, and results in a hit in the secrecy throughput. This is confirmed in Fig. 5 for different beam alignment errors = θ R ˆθ R, where θ R is the true AoD along the reflected path and ˆθ R is the estimated AoD. Fig. 5 shows that higher secrecy throughput compared to conventional techniques can be achieved even in the presence of small alignment errors, e.g. =.. The secrecy throughput, however, quickly deteriorates as the alignment error increases. Therefore, it is important to implement a mechanism that ensures perfect alignment at target receiver to maintain the secrecy of the communication link. VI. CONCLUSIONS In this paper, we proposed a PHY layer security technique for secure mmwave vehicular communication. The proposed

technique takes advantage of the large antenna arrays at the mmwave frequencies to jam eavesdroppers with sensitive receivers. This enhances the security of the communication link between a transmitter and a legitimate receiver. The findings of this paper suggest that by exploiting the road reflected path, location dependent transmission can be achieved. This makes the proposed security technique favorable in vehicular environments where an eavesdropper can have access to the direct path either by directly intercepting it or via a reflected or back scattered path. APPENDIX I The random variable β Ixkθ, θ with I x k = M can be rewritten as β Ixkθ, θ = m I xk ejm N T πd λ sin θ sin θ. Since the entries of the set I x k, are randomly selected for each data symbol, β Ixkθ, θ can be simplified to β Ixkθ, θ = N T n= Q N jn T ne πd λ sinθ sinθ, where Q n is a Bernoulli random variable and Q n = with probability M N T, and Q n = with probability M N T. For sufficiently large N T, β Ixkθ, θ becomes a sum of IID complex random variables. Invoking the central limit theorem, β Ixkθ, θ converges to a complex Gaussian random variable. The mean of β Ixkθ, θ can be written as E[β Ixkθ, θ ] = E [ NT = E[Q n ] Q n e jn N T πd λ sinθ sinθ ] n= N T e jn N T πd λ sinθ sinθ n= = M sin N T πd λ sinθ sinθ N T sin πd λ sinθ sinθ, 6 where in 6 E[Q n ] = M N T. The variance of β Ixkθ, θ can be derived as follows var[β Ixkθ, θ ] = var [ NT n= N T = var[q n ] Q n e jn N T πd λ sinθ sinθ ] n= = M N T M N T N T = M where var[q n ] = M N T M N T. [ e jn N T πd λ sinθ sinθ ] MNT, 7 [] M. Motro, T. Kim, R. Kalantari, et al., Communications and Radar- Supported Transportation Operations and Planning, Technical Report - 6877-, TX-DoT, 7. [4] P. Kumari, N. Gozalez-Prelcic, and R. Heath Jr, Investigating the IEEE 8.ad standard for millimeter wave automotive radar, in Proc. IEEE Vehicular Technology Conf., Boston, 5. [5] M. Raya, P. Papadimitratos, and J. Hubaux, Securing vehicular communications, in IEEE Wireless Commun., vol., no. 5, pp.8-5, Oct. 6. [6] S. Goel, and R. Negi, Guaranteeing secrecy using artificial noise, IEEE Trans. Wireless Communn., vol. 7, no. 6 pp. 8-89, 8. [7] A. Yener and S. Ulukus, Wireless physical-layer security: lessons learned from information theory, Proc. IEEE, vol., no., pp. 84-85, 5. [8] N. Valliappan, A. Lozano, and R. Heath, Antenna subset modulation for secure millimeter-wave wireless communication, IEEE Trans. Commun., vol. 6, no. 8, pp. -45, Aug.. [9] M. Eltayeb, J. Choi, T. Al-Naffouri, and R. Heath, Enhancing Secrecy with Multi-Antenna Transmission in Millimeter Wave Vehicular Communication Systems, IEEE Trans. Veh. Technol., vol. 66, no. 9, pp. 89-85, Sept. 7. [] M. Eltayeb, J. Choi, T. Al-Naffouri, and R. Heath, On the security of millimeter wave vehicular communication systems using random antenna subsets, in Veh. Technol. Conf., Montreal, Canada, Sept. 6. [] W. Schafer, A new deterministic/stochastic approach to model the intervehicle channel at 6 GHz, in Veh. Technol. Conf., Secaucus, NJ, May 99, pp. -5. [] R. Schneider, D. Didascalou, and W. Wiesbeck, Impact of road surfaces on millimeter-wave propagation, IEEE Trans. Veh. Technology, vol. 49, no. 4, pp. 4-, Jul.. [] M. Boban, J. Barros, and O. Tonguz, Geometry-based vehicle-tovehicle channel modeling for large-scale simulation, IEEE Trans. Veh. Technol., vol. 6, no. 9, pp. 446-464, Nov. 4. [4] M. Akdeniz, Y. Liu, M. Samimi, S. Sun, S. Rangan, T. Rappaport, and E. Erkip, Millimeter wave channel modeling and cellular capacity evaluation, IEEE J. on Selected Areas in Commun., vol., no. 6, pp. 64-79, June 4. [5] H. L. Van Trees, Optimum array processing detection, estimation, and modulation theory, part IV, st ed. WileyInterscience, Mar.. REFERENCES [] J. Choi, N. Gonzalez-Prelcic, R. Daniels, C. Bhat, and R. Heath, Millimeter wave vehicular communication to support massive automotive sensing, IEEE Commun. Mag., vol. 54, no., pp. 6-67, Dec. 6. [] V. Va, and R. Heath Jr., Basic relationship between channel coherence time and beamwidth in vehicular channels, in IEEE 8nd Veh. Technol. Conf., Boston, Sept. 5.