Secrecy-Enhanced Data Dissemination Using Cooperative Relaying in Vehicular Networks

Due to the potentials in promoting the driving safety and easing the traffic congestion, vehicular networks, especially vehicle-to-vehicle (V2V) communications, have recently been receiving much attention. The data dissemination protocol for V2V applications should not only provide end-to-end transmissions with low error probability and high throughput but also offer antieavesdropping capabilities. To achieve this goal, we in this paper propose a secrecy-enhanced relaying protocol for vehicular environments. Based on the network topology and the velocity of the moving vehicles, the proposed scheme first generates the relay candidate set, from which a single relay is then selected opportunistically to assist the source. By using the superposition coding strategy, the selected relay jointly sends the source message and the artificial interference to enable secure communications. We derive the tight closed-form expressions for the upper and lower bounds of the secrecy outage probability, based on which we analyze the diversity order of the system. The method to generate the interference signal is introduced, and the choice of superposition weight factor is also given. The analytical and simulation results show that the proposed relay-aided protocol yields a better performance than the competing alternatives in terms of both the secrecy performance and the implementation complexity.


Introduction
In the last few years, we have witnessed a large increase in the number of vehicles and critical traffic accidents as well. This calls for the development of Intelligent Transportation Systems (ITS), which integrates communications and information technology (CIT) into the transportation systems to provide a safer and more efficient driving experience. Vehicular network, as an embodiment of ITS, is a promising application-oriented network for enhancing the driving safety, improving the traffic management efficiency, and providing infotainment services [1]. Since the late 1980s, there has been an increasing research interest in the field of vehicular networks, from both the industry and the academia. Several standards have been established, including DSRC (dedicated short range communications), IEEE 802.11 p, IEEE 1609, and so forth. Meanwhile, university research efforts have also been made to characterize and model the wireless vehicular channels [2], develop medium access control (MAC) protocols [3,4], design routing algorithms [5,6], and carry out field trials in real-world environments [7].
There are basically two types of data dissemination modes in vehicular networks, namely, V2V (vehicle-to-vehicle) and V2I (vehicle-to-infrastructure). For the former, vehicles communicate with each other directly through a single-hop or a multihop connection, while for the latter, vehicles exchange the information with the fixed infrastructure (called the roadside unit or RSU) that is installed along the roadside. In practice, the data transfer for any source-destination pair can be performed in V2V, V2I, or the hybrid manner. However, in this paper, we only focus on the V2V communications.
Although many communication technologies have been devised so far for wireless networks, it is nontrivial to design a highly efficient data dissemination protocol for V2V communications. The main challenge comes from the unique feature of the vehicular networks. First, due to the fast movement of vehicles, the connectivity among the vehicle nodes may change frequently, and the resulting network topology is highly dynamic. Second, the propagation conditions for vehicular communications are more complicated compared to traditional wireless systems. The existence of the obstacles such as buildings, trees, and traffic lights will lead to poor channel quality. These two factors make the wireless communications for vehicular networks error-prone, which indicates the necessity for developing novel protocols to support the stringent QoS requirements in vehicular environments.
To achieve this goal, more and more efforts have been made to enhance the performance of the physical layer (PHY) of the vehicular networks. Among many candidates of physical layer techniques, cooperative relaying is widely recognized as a powerful tool, which can provide the spatial diversity and multiplexing gain by letting neighboring users cooperate with each other. Since the seminal works of [8,9], a large body of literature has appeared dealing with the relaying protocol design for various systems, and many cooperative techniques have been proposed, including distributed space-time code (DSTC), relay selection, coded cooperation, collaborative beamforming, and so forth [10][11][12][13][14]. In vehicular communications, the destination node may be outside the transmission range of the source node; however, there are often many intermediate vehicles that can serve as relays. Therefore, the application of cooperative relaying in vehicular communications is an appealing solution to provide reliable end-to-end data delivery. In [4], a relay-aided distributed MAC protocol is proposed to optimize the system throughput and extend the service range of vehicular networks. The key idea is to adaptively select the relay node and the cooperative mode according to the channel quality and the relay positions. In [15], cooperative communication is exploited to improve the performance of routing algorithm, and a path selection criterion is developed to obtain a better tradeoff between the end-to-end reliability and the energy efficiency. The main drawback of the works [4,15] is that they do not take into account the impact of some network parameters (such as the vehicle density, the road structure, etc.) on the protocol design. Aiming at this problem, [16] investigates the collective impact of the internode distance, the vehicle density, and the transmission range of the vehicles on the access and connectivity probability for vehicular relay networks. In [17], a cooperative data dissemination mechanism is introduced. The authors explore the symbollevel network coding to enhance the reception reliability and the content downloading rate.
Common to the aforementioned works is that they mainly focus on the use of cooperative relaying to enhance the transmission reliability, improve the end-to-end throughput, or extend the service coverage of vehicular networks. However, the openness of the wireless vehicular channels makes the transmitted data available to unauthorized users as well as the intended receiver. For example, Vehicle A wants to transmit a confidential message to Vehicle B via some trusted relays. Meanwhile, there is some malicious entity (called Vehicle E)within the transmission range that attempts to extract this information.Therefore, guaranteeing the secrecy of the data transmission process is also of vital importance. Existing approaches to securing communications rely heavily on the data encryption at the upper layers of the protocol stack. Taking vehicular networks as an example, IEEE 1609.2 specifies the formats for the secure messages and the corresponding encryption/decryption procedure. In contrast with this paradigm, the physical layer (PHY) security exploits the characteristics of the physical channel to guarantee secrecy. Since the pioneering work of [18,19], more and more attentions have been paid to PHY security from an information-theoretic point of view [20][21][22][23]. Recently, the secrecy problem was considered under the framework of cooperative networks. Reference [24] studied the use of decode-and-forward (DF) and amplify-and-forward (AF) relays to enhance the PHY security, and [24][25][26] discussed the cooperative jamming (CJ) technique with sending artificial noise as its core. To reduce the implementation complexity without sacrificing the achievable secrecy performance, relay selection is introduced as an efficient mechanism to fulfill secure cooperation. In [27], an opportunistic selection technique was reported to minimize the secrecy outage probability. Following the idea of jamming, the authors of [28] proposed several schemes to select two relays to protect the legitimate receiver from being eavesdropped, significantly enhancing the performance. Reference [29] also adopts the relay selection and cooperative jamming to secure communications, but the jamming signal is sent from the destination rather than the selected relay.
Although the developed PHY-security methods in [28,29] are effective in improving the secrecy performance of relay systems, none of them take the characteristic of the vehicular networks into consideration. Besides that, in these schemes, the channel state information (CSI) regarding the eavesdropping link is assumed to be available, which may not hold for vehicular applications. Unlike the existing works, a secrecy-enhanced data dissemination protocol is proposed in this paper for vehicular networks, using relay transmission and cooperative jamming techniques. The protocol works as follows: first, the relay candidate set is formed, based on the road structure, the vehicle locations, and the velocity of the moving vehicles. Then, a single vehicle is selected opportunistically from the set, which jointly transmits the source message and the intentional interference. By exploiting the CSI of the relaying link (not the eavesdropper link), we make the interference signal completely known at the destination but unknown at the eavesdropper. In this manner, the secrecy outage probability of the system is obviously decreased.
The rest of this paper is organized as follows. Section 2 introduces the system model and notations. In Section 3, the proposed relaying protocol is described. In Section 4, the secrecy outage probability of the proposed protocol is analyzed in details, and a simple power allocation scheme is also given. Simulation results are shown in Section 5, from which the superiority of our protocol can be observed. Finally, we conclude our work and point out some further directions in Section 6.

System Model
As is shown in Figure 1, we consider a segment of the road, which consists of straight lanes with length of meters each. The width for every lane is meters. Within the considered × rectangular area, vehicles are uniformly distributed. The vehicles on the upper two lanes are moving from the right to the left, whereas the vehicles on the lower two lanes are moving towards the opposite direction. At any time instant, there might be several vehicles having data to transmit. To avoid the intervehicle interference, a TDMA-based scheduler is adopted, and only one sourcedestination pair is allowed to communicate with each other. The scheduled transmitter and the corresponding receiver are labelled as and , respectively. Meanwhile, a malicious node may also exist in the area, which tries to eavesdrop the information intended for . The transmission range of any vehicle is meters. Each node has a single antenna and operates in a half-duplex mode; that is, it cannot transmit and receive simultaneously. is assumed to be passive and thus the CSI pertaining to the eavesdropper channel is not available. We further assume that the direct link between and does not exist, which can be attributed to the fact that is outside the transmission range of . Thus, the communications between these two nodes can only be completed via the help of other vehicles serving as relays. Prior to the source transmission, the relay candidate set is first formed according to the positions and the behaviors (such as the moving directions and the velocity) of the vehicles. After that, the source divides its data into frames, and the transmission of each frame is performed in a two-phase manner. During the first phase, broadcasts its message , and all the vehicles in the candidate set attempt to decode the message. The ones that successfully perform decoding constitute the decoding set ( ), from which a single "best" relay, denoted by * , is selected to cooperate. The details on how to generate the candidate set and select the best relay will be given in the next section. To focus on the design of the relaying protocol, we assume that the broadcast phase is secure. That is, cannot hear the signal from directly (This assumption, which was made in several related literature, e.g., [27,28,30], may correspond to some practical scenarios. Examples include the applications where the source transmission power is too small to be heard by the eavesdropper, or the networks with orthogonal components (e.g., frequencies.) where the eavesdropper node can hear only one of the orthogonal channels.) During the second phase, R k * transmits the sum of the information-bearing signal and the artificial interference signal (In this paper, the terms "artificial interference" and "artificial noise" are interchangeable.) in the form of * = + √ 1 − 2 , where 0 < < 1 is the weight factor. In this way, the relay plays a dual role as both a helper to serve the destination and a jammer to confound the eavesdropper. At the end of the second phase, the destination makes decisions based on the received signal from the relay.
We model the velocity of any vehicle (V ) as a random variable, which follows a truncated Gaussian distribution within the interval [V min , V max ]. The mean and the variance of the variable are denoted as V and 2 V , respectively. The distance between node and is represented by . We suppose that the speeds of the vehicles remain unchanged during the whole period of the source transmission. All channels are assumed to be independent, flat, and slow fading, which remain constant within one frame and vary independently from frame to frame. The channel coefficient ℎ is a complex circularly symmetric Gaussian variable with mean zero and variance . That is, ℎ ∼ (0, ). and are the average transmit powers of the source and the selected relay, respectively. For simplicity, we assume = = . The additive noise at each receiver is modeled as zero-mean, complex Gaussian variable with variance 0 . The notation = / 0 is introduced to denote the average signal-tonoise-ratio (SNR) of the system. Since this paper is dedicated to the information-theoretic analysis, the impact of channel estimation errors will not be taken into consideration. In other words, all the involved channel estimation operations are assumed to be perfect.

Secrecy-Enhanced Relaying Protocol
The proposed secrecy-enhanced relaying protocol includes four stages: the relay candidate set generation, the data broadcasting, the distributed relay selection, and the secure relaying. In what follows, the design details of these stages will be shown.

Relay Candidate Set Generation.
As we have mentioned before, a TDMA-based scheduler is adopted to decide which source-destination pair can access the channel. Once a specified − pair is scheduled, a prescreen process will be activated to determine the region where potential relays may exist. To be specific, potential relays should be inside the transmission ranges of both the source and the destination. Mathematically speaking, the following condition has to be satisfied: Then, for all the vehicles satisfying (1), the duration of the link → → is estimated as follows [31]. If vehicle and are moving towards the same direction (see Figure 2(a)), the duration of → link can be calculated as where [ ] + = max(0, ), and ( ) denotes the lane to which belongs. When is in front of , the sign "∓" becomes "−", otherwise "∓" will be "+".
On the other hand, if vehicle and are moving towards the opposite direction (see Figure 2(b)), the duration of → link can be calculated as where the sign "±" becomes "+" if is in front of and "−" otherwise. The value of may be 1 or 2 for the considered topology, depending on the relative positions of the vehicles. Readers may refer to Figure 2(b) for details. Similarly, the duration of the link → (i.e., ) can be estimated as well by simply replacing in (2) and (3) with .
Based on the above calculations, the duration of the twohop link → → can be expressed by min{ , }, and the vehicle belongs to the relay candidate set only if the following inequality holds: where th is a preset threshold which is dependent on the size of the transmitted file, the transmission rate, the overhead involved in relay selection, and so forth. In the following discussions, we assume that the cardinality of the relay candidate set is .

Data Broadcasting.
After the relay candidate set has been formed, the actual data transmission will start. As previously mentioned, the whole procedure is composed of several frame transmissions, with each consisting of the broadcast phase and the relaying phase. During the broadcast phase, sends its message and all the relays belonging to the candidate set receive the message. The received signal at , denoted by , is expressed as International Journal of Distributed Sensor Networks 5 where ℎ stands for the channel coefficient between node and , and represents the additive noise at node . The relays that can successfully decode constitute the decoding set ( ), from which a single best relay will be selected.

Distributed Relay Selection.
The proposed relay selection scheme aims at maximizing the secrecy rate, which is characterized by the difference in the data rate of the channel between and and that between the and . In respect of our system model, the secrecy rate is zero if ( ) is null. On the other hand, for a nonempty ( ), we suppose ∈ ( ) to be the selected relay. Then, at the end of the relaying phase, the received signals at and are, respectively, expressed by = ℎ + .
Recall that is the weighted sum of the information-bearing signal and the artificial noise; that is, = + √ 1 − 2 . If can be made completely known at but unknown at , the instantaneous secrecy rate can be represented as where ≜ |ℎ | 2 denotes the instantaneous received SNR of the → link. According to (8), the proposed relay selection criterion is described by * = arg max which is the same as the protocol for conventional relay networks [11] and can be implemented using the method based on the distributed timer. The result of (9) is attractive because it indicates that, when considering the security issue, the relay selection policy (not the whole relaying protocol) designed for conventional systems without secrecy constraints is still applicable, and thus major architecture modifications are not needed.
In the above derivations, a key assumption is that is completely known at and thus the introduced interference does no harm to the legitimate receiver. This can be realized by exploiting the channel reciprocity (ℎ = ℎ ) and the RTS/CTS mechanism involved in relay selection procedure [11], as follows.
Prior to any frame transmission, RTS (ready-to-send) and CTS (clear-to-send) packets are sent from and , respectively. On receiving the CTS, each relay estimates the channel ℎ and utilizes the result to generate a random sequence, which will be used as the interference signal (In practice, the random sequence, which is actually an artificial noise, is generated according to a specific algorithm, and the value of ℎ (or its function) is used as the input parameter (e.g., the seed) of the algorithm. That is to say that the intentionally produced interference signal is controlled by two factors: the adopted algorithm and the CSI.) In the relay selection process, if is selected, it will send the flag signal to declare its presence. From the pilot included in the flag signal, ℎ can be estimated at the destination. Since the adopted algorithm to generate the random sequence is public information, can get full knowledge of (recall that is only determined by the algorithm and ℎ ) Nevertheless, knows nothing about because the CSI of ℎ is private and only available at and . Consequently, at the end of the second phase of data transmission, is able to subtract from , and the decoding of is free of interference. On the other hand, has to decode from while being affected by , which increases the difficulties of eavesdropping.

Secure Relaying.
In the relaying phase, the selected relay transmits the superposition of the source message and the artificial noise. The legitimate receiver ( ) and the eavesdropper ( ) try to extract the source information from (6) and (7), respectively.

Secrecy Outage Probability.
The secrecy outage probability (SOP), which is widely adopted to evaluate the performance of secrecy protocols in fading channels, is defined as the probability that the instantaneous secrecy rate falls below a target secrecy rate > 0. For the considered two-hop relaying system, SOP can be expressed as where Pr( ) denotes the probability of , and | | stands for the cardinality of the set . The first part of (10) corresponds to the outage event that no relay can correctly decode the source message, and the remainder calculates the combination of all the conditional secrecy outage probabilities. Under the assumption of Rayleigh fading, obeys exponential distribution and thus we have International Journal of Distributed Sensor Networks where = 2 2 − 1 and = ( ) −1 . For a given ( ), the conditional secrecy outage probability ( ) out can be derived as where V = 2 2 , ( ) and ( ) are the probability density function (PDF) and the cumulative distribution function (CDF) of random variable , respectively. Note that in (12) we have used the exact expression of rather than its high-SNR approximation form.
It is extremely difficult, if not impossible, to obtain the exact result of (12). Therefore, we resort to some approximate methodologies to derive its bounds. It can be easily observed that Applying (13) to (12) and making use of [32, equation (33)], the lower and upper bounds of ( ) out can be, respectively, obtained, after some tedious calculations, as where = + ∑ ∈ , 1 = ((V − 1)/ 2 ) + (V/2(1 − 2 )) and 2 = 1 + (V/2(1 − 2 )). is the subset of ( ) − { } with elements. Substituting (11), (14), and (15) into (10), the closedform expressions for the lower and upper bound of the SOP are obtained. However, we omit the results due to space limitation. In the next section, it will be verified through simulations that the derived two bounds are rather tight for all the SNR values.

Diversity Order Analysis.
In order to gain some useful insight into the system performance, we proceed to analyze the achievable diversity order, defined as ≜ −lim → ∞ (log out / log ).
When → ∞, we have → 0. By noticing that ≈ 1 + when → 0, (14) can be approximated by where ( ) equals to one if = 0 and zero otherwise. The last equation of (16) where we have already applied the asymptotic expression for to (11).
Employing the limit operation that → ∞ leads to Following similar steps, it can be proven that out, ∝ − when → ∞. Therefore, 2 ≜ −lim → ∞ (log out, / log ) equals to as well. Recalling that we can conclude from the Squeezing Theorem that the achievable diversity order of the system ( ) is , which indicates that the proposed strategy provides full diversity gain while guaranteeing security.

Choice of the Superposition Weight
Factor. By choosing the weight factor optimally, a lower secrecy outage probability can be achieved. Nevertheless, it is not convenient to perform this optimization based on the derived bounds. Instead, we focus on the asymptotic behavior of the system and try to find a suboptimal one. For sufficiently large SNR, it is reasonable to assume that all the relays are capable of successful decoding [27,28]. Furthermore, the approximation in (8) holds with a high probability. Motivated by these, we formulate the asymptotic expression of the secrecy outage probability as asymp out from which it is indicated that minimizing asymp out is equivalent to minimizing ( ) ≜ (V(1 + ( 2 /(1 − 2 ))) − 1)/ 2 . By differentiating ( ) with respect to and equating the result to zero, the required can be given by which definitely lies in the interval (0, 1), because V = 2 2 is a positive number.

Simulation Results and Discussions
This section presents the simulation results to validate the proposed protocol. In Figures 3-6, we simply assume that  a group of relay candidates already exists, and only focus on the performance of the relay selection criterion and the secure relaying scheme. The impact of the network topology and the mobility of the vehicles on the relay candidate generation will be investigated in Figures 7-8. In the following simulations, the direct links of → and → do not exist. The channel model follows the descriptions of Section 2, that is, ℎ ∼ (0, ). We assume = − , where is the distance between node and , and = 3 is the path loss exponent. The notation "SNR" in Figures 3-6 represents the ratio of versus 0 , that is, in the previous sections.
The correctness of the theoretical analysis for the secrecy outage probability is verified in Figure 3, from which it can be seen that the derived bounds are accurate for all the SNR values, and the tightness does not change significantly when the number of relays varies. In particular, there is an excellent match between the upper bound and the simulated result. Additionally, the slopes of the curves illustrate that the diversity order of , that is, full diversity, is achieved by our protocol. Figure 4 compares the secrecy outage probability of the proposed scheme to that of some representative counterparts, including the conventional opportunistic selection (CS) [11], the optimal selection without jamming (OS) [27], the optimal    selection with controlled jamming (OSCJ) [28], and the destination-assisted cooperative jamming (DACJ) [29]. It should be pointed out that the considered system model in [29] is not the same as ours; therefore, some revisions to the DACJ scheme are performed to make it applicable to our system. Specifically, since the direct links of → and → do not exist, the antieavesdropping in the broadcast phase is not needed. Besides that, a dedicated jammer (instead of the source) will cooperate with the relay to transmit in the relaying phase. The jammer and the relay are selected jointly    to maximize the achievable secrecy rate. For fairness, we restrict the total transmit powers within a frame to be the same for all the schemes, and if there are more than one transmitters sending signals during some slot, the power will be equally distributed among these nodes (In OSCJ and DACJ schemes, two nodes transmit simultaneously in the second phase. For OSCJ, we have done extensive simulations and found that the equal power allocation can provide the lowest secrecy outage probability (the best performance) for almost all the SNR values. In this sense, equal power allocation is (at least) a near-optimal choice for OSCJ. For DACJ, although  optimal power allocation policy is given in [29], it requires the instantaneous CSI of the eavesdropper link, which will incur additional complexity. Therefore, to make the comparison fair, we do not consider the use of optimal power allocation in DACJ.) It is evident from Figure 4 that both CS and OS exhibit a significant error floor, which is due to high eavesdropper SNR as the total power increases. By introducing the controlled artificial noise, OSCJ can obtain a remarkable performance gain compared to CS and OS, indicating the effectiveness of jamming technique in supporting secrecy. In contrast with these alternatives, our scheme brings a nonnegligible enhancement in medium to high SNR regimes. For example, at the secrecy outage probability of 10 −3 , about 3 dB SNR gain is obtained compared to OSCJ. It is also shown from Figure 4 that the performance of DACJ is comparable to that of the proposed scheme. However, considering that our method does not rely on any knowledge of the eavesdropper channel and just selects a single relay for cooperation, we conclude that the proposed strategy has advantages over DACJ in terms of implementation complexity (In DACJ, the knowledge of the eavesdropper channel is required to design the beamformer, which may not be easily satisfied in practice. In addition to that, two nodes have to transmit simultaneously to fulfil cooperative jamming in the second phase, leading to additional overhead to handle the synchronization issues.) Figure 5 plots the curve of the system secrecy outage probability and exhibits how it varies with the target secrecy rate . In this figure, the number of relays equals to 4, and three SNR values are considered. As expected, when the target rate increases, the SOP increases as well. Nevertheless, the achieved SOP of our scheme is always less than that of the OSCJ scheme.
In Figure 6, we examine the effect of the weight factor ( ) on the system performance. For a set of SNR values, the curves of the secrecy outage probability are plotted as a function of . An important observation from Figure 6 is that the system performance is not very sensitive to ∈ (0.55, 0.75), and the suboptimal factor derived in Section 4.3 (for = 1 bit/s/Hz, * ≈ 0.681) is competent for the secrecy outage probability optimization, validating the proposed approximate technique.
Finally, Figures 7-8 study the effect of the network topology and the mobility of the vehicles on the relay candidate set generation. In these simulations, the length of the road ( ) is set to be 400 m. The number of lanes is 4 and the width of each lane ( ) is 4 m. As described in Section 2, the velocity of all vehicles follows a truncated Gaussian distribution over the interval (60 kmph, 180 kmph), with standard variance 5 kmph. The source and the destination are located at (0, 2) and (400, 14), respectively. For any vehicle , it is added to the candidate set only when the duration of the corresponding → → link is larger than 10 s. That is, th equals to 10. Figure 7 shows the relationship between the number of vehicles and the number of available relays, with taking three different values. The mean value of the vehicle speeds is 100 kmph. From this figure we can see that the highly dynamic characteristic of the vehicular networks and the limited transmission power of the vehicles contribute to the phenomenon that the number of available relays is much less than the total number of existing vehicles. Therefore, it is necessary to take both the large-scale effect and the smallscale fading into consideration when we design the data dissemination protocol.
In Figure 8, we fix the transmission range of the vehicles to be 300 m and present the number of available relays as a function of the average vehicle speed. As expected, the number of potential relays decreases as the vehicle velocity increases. This is because the fast movement of the nodes will yield a rapid change in the network topology. As a result, the durations of the links will become shorter.

Concluding Remarks and Future Works
In this paper, a relay-aided data dissemination protocol is presented for vehicular networks with secrecy constraints. Based on the idea of jamming, we propose to use the superposition coding and the opportunistic relaying techniques to achieve secure communications. The relay selection policy is given, and the details involved in the design of the protocol are also discussed. We evaluate the system performance via both theoretical analysis and numerical simulations.
Developing relay transmission approaches for vehicular networks under the PHY-security framework is a brand new research topic, and there are a lot of issues worthy of investigation. First, in this paper, we only focus on the information-theoretic analysis, yet how to make the proposed idea work in realistic systems is still open. For example, the protocol design based on imperfect channel estimation and (or) practical coding/modulation strategies is needed. Second, it would be of interest to generalize the proposed method to more complicated network environments, such as the scenarios where there are multiple eavesdroppers and (or) the broadcast phase is not secure. Moreover, the combination of our scheme with other techniques, for example, MIMO and adaptive transmission, may also be valuable directions for further study.