Distributed source-relay selection scheme for vehicular relaying networks under eavesdropping attacks

The recent development of vehicular networking technologies brings the promise of improved driving safety and traffic efficiency. Cooperative communication is recognized as a low-complexity solution for enhancing both the reliability and the throughput of vehicular networks. However, due to the openness of wireless medium, the vehicular wireless communications (VWC) is also vulnerable to potential eavesdropping attacks. To tackle with this issue, we in this paper propose a novel user-cooperation scheme with anti-eavesdropping capabilities. Specifically, prior to any frame transmission, a source-relay pair is jointly selected to maximize the achievable secrecy rate. After that, the selected relay assists the source to deliver its data to the destination. The proposed selection scheme can be realized in a fully distributed manner, and the security is guaranteed without using any encryption techniques at the upper layers. The closed-form expressions for the secrecy outage probability and the intercept probability are derived, and the achievable diversity order is also analyzed. Simulation results show that the proposed scheme outperforms the competing counterparts in terms of both the secrecy outage probability and the average secrecy rate.

network that supports both the infrastructure-based and ad hoc communications.
The interests in vehicular networking dates back to late 1980s. Since then, the idea of leveraging wireless technologies for vehicular communications has fascinated researchers around the globe, and great efforts have been made to develop new architectures, protocols, algorithms, and applications for vehicular networks. Many governmental projects or plans have been set up to explore the potentials of vehicular wireless communications (VWC), including the VSC and VII in United States, the eSafety in Europe, and the ASV series in Japan [2]. From the industrial perspective, several standards have been created, among which the most important ones are the IEEE 802.11p and IEEE 1609 protocol suites. IEEE 802.11p specifies the physical layer (PHY) and medium access control (MAC) layer features such that the existing IEEE 802.11 can work in vehicular environments, and IEEE 1609 mainly deals with the multi-channel operation, routing, and security issues. The academic research in the field of VWC is also fruitful, ranging from the modeling of http://jwcn.eurasipjournals.com/content/2014/1/109 vehicular channels [3] to the development of MAC and routing algorithms [4][5][6][7]. Besides that, some field trials have also been carried out in many countries for objective performance evaluation [8].
So far, simple and basic solutions at almost all layers have been devised for vehicular communications. However, the unique features of vehicular networks make the design of efficient VWC protocols challenging. First, the vehicular networks are expected to support the mixture of both the realtime and non-realtime services. As a result, it is difficult to satisfy the diverse quality-of-service (QoS) requirements by simply adopting the existing techniques. Second, the fast movement of the vehicles makes the network topology and the vehicle density highly dynamic, and hence, the connectivity among the vehicles is hard to be guaranteed. Third, due to the existence of various obstacles along the roads, the propagation conditions for VWC is harsher than those for general mobile ad hoc networks. All these factors indicate the necessity for developing innovative wireless techniques to support the emerging applications in vehicular networks.
Among many candidates of VWC technologies, cooperative communication is widely regarded as a promising solution to enhance the performance of vehicular networks from various layers. The key idea of cooperative communication is to let the neighboring terminals relay information for each other. In this way, the spatial diversity gain as well as the spatial multiplexing gain can be harvested without the deployment of multiple antennas. The research in cooperative communications is pioneered by Sendonaris et al. [9]. In [10], several basic cooperative relaying protocols were proposed, and their outage performances were analyzed. Since these two seminal papers, a large body of literature has been devoted to the design, analysis, and implementation of cooperative schemes for various scenarios. In [11], the authors proposed a constellation reassignment scheme at the relay to minimize the symbol error rate at the destination node. In [12], a link adaptive regeneration strategy was developed for decode-and-forward (DF) systems. These works, however, are concerned about the simple scenario where there is only one source and one relay. For multiple-relay systems, advanced relaying mechanisms such as distributed spacetime coding [13], relay selection [14], network coding [15], and collaborative beamforming [16] were investigated to further benefit the cooperative systems. Based on the work in [14], the joint source-relay selection schemes were proposed in [17,18] for multi-source multi-relay networks to exploit both the cooperative diversity and the multi-user diversity.
In vehicular networks, there are often a large number of vehicles that can serve as relays to facilitate both the V2V and V2I communications. Therefore, the application of cooperative relaying in vehicular communications is a natural choice. In [19], a dual-hop inter-vehicular transmission with relay selection was considered, and the outage performance as well as the achievable diversity order was analyzed. By incorporating a highway mobility model, the authors in [20] proposed a scheme for locating and selecting the optimal relay station for multi-hop vehicular networks. While [19] and [20] mainly focused on the PHY-layer issues, [5] dealt with the relay-aided MAC protocol design for vehicular communications. Specifically, by adaptively choosing the relay node and the cooperative mode, the proposed protocol can optimize the system throughput and extend the service range. In [21], the cross-layer routing was studied using cooperative relaying technique. Through investigations, the authors pointed out that cooperative transmission can yield more efficient routes than the competing counterparts in terms of both the reliability and the energy consumption. To fully characterize the performance of vehicular relay networks, [22] developed an analytical model and analyzed the access probability and the connectivity probability.
Although there are plenty of schemes proposed so far to take full advantages of cooperative communications to improve the link reliability, increase the achievable throughput, extend the service coverage, and lower the energy consumption, very few works address the security issue for relay-aided vehicular networks, which is also of vital importance due to the openness of wireless channels. Consider a vehicular network consisting of multiple source nodes, multiple relay nodes, and one destination node. The relays can help the sources to deliver their messages to the destination. However, these messages can also be overheard by some eavesdropper nearby the destination. Therefore, the developed relaying protocols should provide the anti-eavesdropping capabilities. Traditional approaches to securing communications rely heavily on the data encryption at the upper layers of the protocol stack. However, since data security is critically important, it is reasonable to incorporate the security measures at all layers, including the physical layer. Since the seminal work of [23] and [24], more and more attentions have been paid to PHY security from an information-theoretic point of view [25][26][27].
Recently, the secrecy problem in cooperative communications networks has emerged as a hot research topic. In [28], three cooperative schemes, namely, DF, amplify-andforward (AF), and cooperative jamming (CJ), are utilized to secure the source-destination communications. By allocating transmit power at the source and relays and determining the relay weights, the achievable secrecy rate is maximized subject to the total power budget. PHY security can also be realized via the appropriate selection of relay nodes. Following the idea of jamming, the authors in [29] proposed to select two relays to simultaneously serve the legitimate user and confuse the eavesdropper. http://jwcn.eurasipjournals.com/content/2014/1/109 For the same system model, [30] also adopts the relay selection and cooperative jamming to secure communications, but the jamming signal is sent from the destination rather than the selected relay. In our previous work [31], the security-embedded relay selection scheme is devised, where the selected relay transmits the superposition of the information-bearing signal and the artificial noise. We have shown through rigorous analysis that full diversity is achieved despite the existence of the eavesdropper. Although the injection of artificial noise is useful in improving the system security level, it also causes additional energy consumption. Aiming at this problem, [32] presents the AF-and DF-based optimal relay selection to maximize the secrecy rate, without using artificial noise. Common to the works [28][29][30][31][32] is that they all assume that there is only one eavesdropper within the considered area. In comparison, [33] studied the relay selection issue for dual-hop networks with multiple eavesdroppers.
Although the aforementioned works [28][29][30][31][32][33] have exhibited the potentials of physical-layer techniques in securing the wireless cooperative networks, all of them assumed that there is only one node having message to transmit. This assumption simplifies the protocol design and the performance analysis, but may not be realistic for vehicular networks. Different from these works, we in this paper consider a more practical scenario where there are multiple sources sharing the same pool of multiple relays. For this scenario, a source-relay selection strategy with anti-eavesdropping capabilities is proposed. The selected source-relay pair is the one that offers the maximum secrecy rate. A significant advantage of the proposed scheme is that it can be implemented in a distributed manner, which is attractive for vehicular networks.
The rest of this paper is organized as follows. Section 2 presents the system model and introduced the basic assumptions. In Section 3, we give a detailed description of the proposed source-relay selection scheme. In Section 4, we evaluate the system performance in terms of the secrecy outage probability, the intercept probability, and the achievable diversity order. Simulation results are shown in Section 5, from which the superiority of our scheme can be observed. Finally, we conclude our work in Section 6.

System model
As is shown in Figure 1, we consider a V2I communications scenario where K vehicles (source nodes) want to deliver their confidential messages to the RSU (the destination), which is located beyond the transmission range of the vehicles, and thus, the direct links between the sources and the destination do not exist. However, there are M trusted vehicles that do not have message to transmit and can serve as relay nodes to help the sources.
Meanwhile, near the destination, there exists a malicious node (eavesdropper) that tries to intercept the information intended for the destination. The sources, the relays, the destination, and the eavesdropper are denoted by S k , (k = 1, 2, . . . , K), R m , (m = 1, 2, . . . , M), D, and E, respectively. It is noted that K ≥ 1, i.e., there might be several sources having data to transmit at any time instant. To avoid the inter-vehicle interferences and reduce the implementation complexity, we employ a TDMA-based scheduler which selects a single source-relay pair to access the channel during one scheduling unit (the selection criterion will be given in the next section). To facilitate the presentations, we denote the selected source and selected relay as S k * and R m * , respectively. After the scheduling is completed, the transmission is carried out in a two-phase manner. Specifically, S k * transmits its data to R m * in the first phase, and R m * re-transmits the received signal to D using standard AF protocol [10] in the second phase. The destination as well as the eavesdropper can hear the transmission from R m * and will perform decoding at the end of the second phase. Here, we assume that the first phase is secure and the information leakage only occurs during the second phase, which is attributed to the fact the the eavesdropper is near the destination and outside the transmission range of the first hop. It is further assumed that the channel state information (CSI) pertaining to the eavesdropper's channels is available at the legitimate nodes. This assumption is commonly adopted in the PHYsecurity literature such as [26], [28], and [32], and can be satisfied in cases where the eavesdropper is active and its transmission can be monitored.
Each node is equipped with a single antenna and operates in a half-duplex mode. All channels are assumed to be independent and modeled as flat block fading, which remain constant within one frame (a two-phase duration) and vary independently from frame to frame. The channel coefficient between node i and node j is represented by h ij , which is a complex circularly symmetric Gaussian variable with mean zero and variance μ ij . That is, h ij ∼ CN(0, μ ij ). The average transmit powers at the selected source and the selected relay are denoted by P S and P R respectively, and we assume P S = P R = P for simplicity. The additive noise at each receiver is modeled as a complex Gaussian variable with mean zero and variance N 0 . The notation ρ = P/N 0 is used to represent the average signal-to-noise-ratio (SNR) of the system.

Selection criterion
As is mentioned above, a single source-relay pair is selected for any frame transmission. According to the principle of the AF protocol and the considered system model, the kth (1 ≤ k ≤ K) source's received SNR at the http://jwcn.eurasipjournals.com/content/2014/1/109

Roadside Unit
Roadside Unit

Multi-hop Scenario for Vehicles to connect to RSU
T where γ s k r m = P|h s k r m | 2 /N 0 and γ r m d = P|h r m d | 2 /N 0 are the instantaneous received SNR at the mth relay from the kth source and at the destination from the mth relay, respectively. Similarly, the received SNR at the eavesdropper can be calculated as well by simply replacing γ r m d in (1) by γ r m e , where γ r m e = P|h r m e | 2 /N 0 is the instantaneous SNR of the link R m → D. Therefore, the instantaneous secrecy rate, defined as the difference between the achievable rate of the source-destination link and that of the source-eavesdropper link, can be formulated as where [x] + = max(0, x). In order to minimize the secrecy outage probability, defined as the probability that the instantaneous secrecy rate falls below a target secrecy rate, our criterion is to select such a source-relay pair (k * , m * ) that can maximize the secrecy rate in (2). That is, With this criterion, the achievable secrecy outage probability can be expressed as where R S represents the target secrecy rate, and v = 2 2R S . Since R S is positive, v should be larger than 1.
If the global CSI is available at some node, e.g., the RSU, the criterion in (3) can be implemented in a centralized manner. However, it is non-trivial to obtain the CSI of all the involved links, especially for the networks with a large number of nodes. This motivates us to develop the distributed algorithm with low complexity, the details of which will be given in the next subsection.

Low-complexity distributed scheme
The proposed low-complexity design is based on the observation of (3) With the above observation in mind, we can divide the overall selection procedure into three steps. First, every http://jwcn.eurasipjournals.com/content/2014/1/109 relay node independently evaluates its eligibility for cooperation. After that, each eligible relay selects an appropriate source to maximize its contribution to the achievable secrecy rate. In this way, all the candidate source-relay pairs are generated. Finally, a single pair with the maximum γ (k,m) e2e is screened out from the candidate pairs to access the channel. The details of these steps are given in the following: • Step 1: Generating the Set of Eligible Relays. For any relay node R m , it can be deduced from (3) that if γ r m d < γ r m e , then γ (k,m) e2e will be less than 1, irrespective of the source index k. In other words, the system will be in outage if this relay node is selected to access the channel, no matter which source is chosen to form the pair. Further, when γ r m d ≥ γ r m e , the secrecy outage probability, with R m being the selected relay, can be expressed as where (a) stems from the fact that b+1 a+1 < b a for a < b. If γ r m e < γ r m d < vγ r m e , we have vγ r m e 1 + γ r m d − γ r m d 1 + γ r m e > 0 and γ s k * r m γ r m d − vγ r m e < 0. Therefore, the probability provided by (6) equals to 1, implying that the outage event definitely occurs if we choose such a relay to cooperate. Summarizing the discussions above, we can conclude that to support the target secrecy rate, the selected relay has to satisfy the following condition: In other words, if the channel gains regarding R m does not meet (7), R m cannot be selected. In steps 2 and 3, we will only focus on the eligible relays satisfying (7). It should be emphasized that the eligibility determination process requires the knowledge of γ r m d and γ r m e at R m . However, this can be guaranteed because we have assumed that both the RSU and the eavesdropper are active entities which will transmit control information or messages, and the corresponding channel gains can be estimated at the relays using the pilots from the received signals.
• Step 2: Source Selection at Eligible Relays. After step 1 has been finished, all the relays satisfying (7) broadcast flag signals to declare its eligibility for cooperation. Upon receiving the flag signals, all the sources will send an ACK to respond. With the received ACKs, any eligible relay R m can estimate γ s k r m for all ks. After that, R m supposes itself to be the selected relay and chooses the 'best' source which can contribute most to γ (k,m) e2e . To elaborate on how to find such a source node, a lemma will be introduced first.

Lemma 1. The function
where γ 1 and γ 2 are two constants with γ 1 being larger than γ 2 , is an increasing function of γ .
Proof. By taking the derivative of f (γ ) with respect to γ , we can obtain which is obviously larger than 0 for γ 1 > γ 2 . Therefore, f (γ ) is an increasing function of γ .
Based on this lemma, the 'best' source for R m , i.e., S k * (m) , should be the one with the following property: It is no doubted that step 2 also enjoys a distributed implementation since the source selection is performed at the eligible relays, and there is no information exchange among different relay nodes. • Step 3: Distributed Source-Relay Pair Selection. Upon the completion of step 1 and step 2, we can formulate the expression for the maximum achievable secrecy rate by utilizing the mth relay as To select the optimal source-relay pair, we adopt the method based on the distributed timer [14]. Specifically, http://jwcn.eurasipjournals.com/content/2014/1/109 after calculating C m S , each eligible relay R m will start its timer with the initial value inversely proportional to C m S . Therefore, the relay with the largest C m S , namely R m * , has its timer expired first. R m * then broadcasts the flag signal and the rest of the relays will back off after receiving the flag signal. Noticing the fact that the 'best' source for R m * has already been determined to be S k * (m * ) in step 2, we now have the selected sourcerelay pair. Remark 1. The proposed source-relay selection scheme has two advantages. First, it can be realized in a distributed way, yielding a low implementation complexity. This is of practical significance for vehicular networks. Second, the distributed method, despite of its simplicity, is an optimal solution in the sense that it can select the 'best' source-relay pair to minimize the system secrecy outage probability.

Secrecy outage probability
The secrecy outage probability (SOP) is widely adopted as a performance metric to evaluate the PHY-security protocol in wireless fading channels. As previously mentioned, it is defined as the probability that the instantaneous secrecy rate falls below a target secrecy rate R S > 0. By noticing that the M γ m e2e 's are independent random variables, the SOP can be expressed as Pr γ m e2e < v (12) By combining (5) and (10), γ m e2e can be expressed as where γ s k * (m) r m = max 1≤k≤K γ s k r m .
Therefore, denoting γ s k * (m) r m , γ r m d , and γ r m e by X, Y , and Z, respectively, the probability Pr γ m e2e < v can be calculated as where f X (x) is the probability density function (PDF) of the random variable X. The intractability of the PDF of γ m e2e makes it rather difficult to calculate the accurate result of the integral in the second part of (14). Therefore, we resort to the approximation γ 1 γ 2 1+γ 1 +γ 2 ≈ min{γ 1 , γ 2 }, which is rather tight for large values of γ 1 and γ 2 [34]. Then, the second part of the right-hand side of (14), denoted by I, is approximated as Combining (14) and (15), the approximate expression for the probability Pr γ m e2e < v can be given by For the considered Rayleigh fading channels, γ ij follows the exponential distribution with the rate parameter λ ij = ρμ ij −1 . Therefore, I 1 in (16) can be obtained as On the other hand, X = γ s k * (m) r m is the maximum of K independently and non-identically distributed exponential random variables. According to the order statistics, I 2 in (16) can be simplified as × λ r m e e −λ rme z dz × λ r m d e −λ rmd y dy, (18)  where we have utilized the multinomial expansion identity given by [35], e.q. (7). After some tedious calculations, I 2 can be finally simplified as Substituting (17) and (19) into (16), the closed-form expression for Pr γ m e2e < v is obtained, and the SOP of the system can also be derived by substituting this result into (12). However, we omit these expressions here due to space limitation. In the next section, we will show through simulations that the derived theoretical result is tight enough for medium to high SNR values.

Intercept probability
The intercept probability, which is also a key metric in evaluating the performance of PHY-layer security schemes, is defined as the probability that the capacity of the legitimate link falls below that of the wiretap link [32]. Mathematically speaking, the intercept probability can be expressed as According to the expression for γ m e2e in (13), the event γ m e2e < 1 is equivalent to Therefore, Pr γ m e2e < 1 can be calculated as where X = γ s k * (m) r m , Y = γ r m d , and Z = γ r m e . The probability in the second integral in (22) can be rewritten as Pr which is always zero for y > z. By inserting this result into (22), we have Combing (24) with (20), the exact expression for the intercept probability can be given by

Diversity order
In order to gain some useful insights into the system performance, we proceed to analyze the achievable diversity order. Since the the intercept probability is not a function of the average SNR, the traditional definition of diversity order is not applicable here. Instead, we adopt the definition of generalized diversity order given in [32], which is formulated as where κ de = μ sd /μ se is known as the main-toeavesdropper ratio (MER), defined as the ratio of the average channel gain of the source-destination link to that of the source-to-eavesdropper link.
To simplify the discussions, we assume that there is only one source node. Denoting μ r m d = μ sd α r m d and μ r m e = μ se α r m e , the intercept probability in (25) can be rewritten as where we have introduced α m to represent α rmd α rme . http://jwcn.eurasipjournals.com/content/2014/1/109 Based on the calculations above, the diversity order can be derived as

Simulation results and discussions
In this section, we present the simulation results to validate the proposed source-relay selection scheme. In the following simulations, all the nodes (including the sources, the relays, the destination, and the eavesdropper) are distributed in a 2-D plane. The direct links of S k → D and S k → E are assumed to be absent for all k's, and the the channel gains are modeled according to the system model in Section 2. To be specific, h ij ∼ CN 0, μ ij , where μ ij = d −θ ij with d ij being the distance between any node pair (i, j) and θ being the path loss exponent. In our simulations, θ is fixed as 3. Unless otherwise stated, the target secrecy rate R S is set to be 0.1 bit/s/Hz, and the notation 'SNR' is used to represent the ratio of P versus N 0 , i.e., ρ in the previous sections.
In Figures 2 and 3, we consider the system with three sources and two relays, i.e., K = 3 and M = 2. These nodes are uniformly generated in the circle with center (0,0) and radius 1. The destination and the eavesdropper are located at (2,0) and (2,2), respectively. Figure 2 shows the SOP-SNR curves for the proposed anti-eavesdropping selection scheme and the conventional joint sourcerelay selection scheme [17]. The theoretical result is also given to verify the correctness of the analysis in Section 4.1. From Figure 2, it can be seen that by taking the security constraints into account, the proposed scheme brings non-negligible gains compared to the conventional scheme, which only considers the channel qualities regarding the legitimate links. In addition, there is an excellent match between the theoretical curve and the simulated one for medium to high SNR values, implying the soundness of the theoretical analysis.
In Figure 3a, we compare the ergodic secrecy capacity of the proposed scheme (C 1 ) and that of the conventional scheme (C 2 ). To illustrate the capacity loss incurred by the secrecy constraint, we calculate the ergodic capacity for the system without eavesdroppers (C 0 ) and present the differences C 0 − C 1 and C 0 − C 2 in Figure 3b a . One can observe from Figure 3a that the proposed scheme outperforms the conventional scheme in terms of the secrecy capacity. However, the secrecy capacities of both the two schemes almost saturate as the SNR tends to infinity. This is because that as SNR gets larger, the achievable rate of the legitimate link as well as the eavesdropper link increases. Comparably, without the existence of the eavesdroppers, the system capacity increases linearly with SNR, which is due to the multi-user diversity gain [17]. This explains the phenomenon in Figure 3b, which clearly reflects the capacity penalty to support the secrecy constraints. Figure 4 plots the system intercept probability as a function of the MER κ de . In this figure, we assume K = 1 and fix SNR to be 20 dB. The source node and destination node are located at (0,0) and (2,0), respectively. The location of the eavesdropper is determined according to the value of κ de . Other simulation parameters are the same as those for producing the results in Figures 2 and  3. From Figure 4, it can be seen that for various values of M, the theoretical results exactly match the simulated ones, indicating the correctness of the performance analysis in Section 4.2. In addition, the slopes of the curves illustrate that the diversity order of M is achieved by our protocol, which is in accordance with the analysis in Section 4.3.
In Figures 5, 6, 7 and 8, the impact of some key parameters on the system secrecy performance will be examined. In these figures, we locate the K = 3 sources   values are considered. As expected, when the target rate increases, the SOP increases as well.
In Figure 6, the effect of the power allocation ratio on the achievable SOP is investigated. Specifically, given the total transmit power P tot , we allocate αP tot to the selected source, and (1 − α)P tot to the selected relay. As α changes from 0 to 1, the SOP as a function of α is shown in Figure 6. Here, we plot a set of SOP curves, each corresponding to a specific SNR value. It should be pointed out that in Figure 6, the notation 'SNR' represents the ratio of the total transmit power for two phases versus N 0 , which is different from the previous figures. An important observation from Figure 6 is that in order to optimize the system performance, α should be neither too large nor too small. The reasons can be briefly given as follows. If α is too  large, the relay-destination link will be in poor channel quality, which significantly limits the achievable rate at the destination. On the other hand, if α is too small, implying that more power is allocated to the relay node, the eavesdropper will benefit from the improved quality of the relaying channel, which also decreases the secrecy rate. From Figure 6, we can also find that the system performance is satisfactory for α = 0.5. Therefore, the equal power allocation scheme, which is assumed in our work, is near-optimal despite its simplicity. Figure 7 shows the relationship between the eavesdropper's location and the intercept probability. From this figure, we can observe that the intercept probability increases significantly when the eavesdropper moves towards the relay nodes. This is obvious because the closer the eavesdropper to the relays, the better the channel quality of the relay-eavesdropper link. Figure 8 presents the secrecy outage probability versus the eavesdropper's location. As expected, the impact of the eavesdropper's location on the SOP is similar to that on the intercept probability.

Conclusions
In this paper, a joint source-relay selection scheme is proposed for vehicular networks under eavesdropping attacks. The proposed scheme maximizes the instantaneous secrecy rate of the system and, hence, can minimize the achievable secrecy outage probability. We present the selection criterion and also give a low-complexity method to realize this criterion in a distributed manner. The system performance is analyzed in terms of the secrecy outage probability, the intercept probability, and the achievable diversity order. Finally, the effectiveness of the proposed scheme and the correctness of the theoretical analysis are verified through extensive simulations. http://jwcn.eurasipjournals.com/content/2014/1/109 There are several interesting issues worthy of further investigations. For example, in this work, we assume that the channel gains regarding the eavesdropper's link is available, which may not be realistic for some scenarios where the eavesdroppers are passive entities. Besides that, it will be of practical significance to generalize the proposed work to the systems with multiple eavesdroppers and (or) multiple destinations.