Cell-Free Massive MIMO Networks: Optimal Power Control Against Active Eavesdropping

This paper studies the security aspect of a recently introduced “cell-free massive MIMO” network under a pilot spoofing attack. First, a simple method to recognize the presence of this type of an active eavesdropping attack to a particular user is shown. In order to deal with this attack, we consider the problem of maximizing the achievable data rate of the attacked user or its achievable secrecy rate. The corresponding problems of minimizing the power consumption subject to security constraints are also considered in parallel. Path-following algorithms are developed to solve the posed optimization problems under different power allocation to access points (APs). Under equip-power allocation to APs, these optimization problems admit closed-form solutions. Numerical results show their efficiency.

provide a uniformly good service to all users in the network and outperform small-cell massive MIMO in terms of throughput, and handle the shadow fading correlation more efficiently.In a typical small-cell massive MIMO system, the channel from an access point (AP) to a user is a single scalar.In contrast, in a cell-free Massive MIMO system, all APs can liaise with each other via a central processing unit (CPU) to perform beamforming transmission tasks, and thus the effective channel (from an AP to a user) will take the form of an inner product between two vectors [2].That inner product can converge to its mean when the length of each vector (equivalently, the number of APs) is large enough.As a result, the effective channel also converges to a constant and there is no need to estimate downlink channels in the massive MIMO systems using cell-free architecture, while the small-cell counterpart may require both downlink and uplink training for channel estimation.
Inspired by [1]- [3], cell-free massive MIMO has been further studied in [4]- [7].Cell-free massive MIMO was modified in [4] to allow each AP serving only several users based on the strongest channels instead of serving all users.The joint user association and interference/power control to mitigate the interference and cell-edge effect was considered in [5].The problem of designing zero-forcing precoders to maximize the energy efficiency for cell-free massive MIMO networks was considered in [6].We are motivated to investigate the security aspect of cell-free massive MIMO as it was not considered in these papers.
2) Pilot spoofing attack: Recently, active eavesdropping has attracted the researchers' attention to physical layer security.It has been proved that active eavesdroppers are more dangerous than passive eavesdroppers because confidential information leaked to the active eavesdroppers is possibly higher [8].Active eavesdropping is an interesting topic which has been emerging in recent years.For instance, active eavesdroppers are capable of jamming as well as eavesdropping [9]- [11] and/or they can send spoofing pilot sequences [8], [12], [13].The latter scenario relates to the so-called pilot spoofing attacks [8], [12].Eavesdropping attacks caused by an active eavesdropper is more harmful than passive ones.A feedback-based encoding scheme to improve the secrecy of transmission was proposed in [12].On the contrary, from an eavesdropping point of view, [8] showed how an active eavesdropper achieves a satisfactory performance with the use of transmission energy.
Initialized by [8], pilot spoofing attacks in wireless security have been actively studied [13]- [18].By assuming that an eavesdropper can attack a wireless communication system during training phase to gain the amount of leaked information, the authors in [13]- [18] have studied pilot contamination attacks in distinct scenarios.Their results reveal that active eavesdropping poses an actual threat to different types of wireless systems in general.More specifically, the authors in [13] conducted a survey of detecting active attacks on massive MIMO systems.The authors in [14] designed an artificial noise to cope with an active eavesdropper in a secure massive MIMO system.The use of artificial noise is not necessary in the present paper as our proposed optimization problems can also control beam steering towards intended destinations such that security constraints are met.Meanwhile, the consideration of the authors in [15] is a secret key generation, which is beyond the scope of our paper.In [16] a method called minimum description length source enumeration is employed to detect an active eavesdropping attack in a relaying network; however, the secure performance of the system (via metrics such as secrecy rate or secrecy outage probability) is not evaluated.Other detection techniques can be found in [17] and [18].While [17] resort to the downlink phase to estimate channels and improve the system performance, we only use one training phase to detect a potential eavesdropper (which is presented in Appendix A).Our simple detection technique is similar to that in [18], which also compares the asymmetry of received signal power levels to detect eavesdroppers.The differences between [18] and our paper lie in modelling (massive MIMO networks versus cell-free networks) and optimization formulations.Although the eavesdropping attack detection methods in [16]- [18] are really attractive, we will not delve into similar methods and not consider such a method as a major contribution.Instead, we focus on solving optimization problems to provide specific solutions for cell-free systems in the case that a user is really suspected of being an eavesdropper.

B. Contributions
As discussed above, the introduction of a cell-free massive MIMO network can bring about a huge chance of improving throughput in comparison with small-cell networks.We thus study the security aspect of such a network and more importantly, this paper is the first work on the integration of security with the cell-free massive MIMO architecture.On the other hand, the analytical approach in this work is different from previous papers on security for massive MIMO.The major difference is that we do not use the law of large number to formulate approximate expressions for signal-to-noise (SNR) ratios.Instead, we consider lower-and upperbounds for SNR expressions, thereby a lower-bound for secrecy rate is formulated and evaluated.This alternative approach, of course, holds true for general situations in which the number of nodes/antennas are not so many (and hence the term "massive" can be relatively understood and/or can be also removed).
In this paper, we examine a cell-free network in which an eavesdropper is actively involved in attacking the system during the training phase.We simply and shortly show that such an attack is dangerous but can be detected by a simple detection mechanism.Thereby, efforts to deal with active eavesdropping can be made and secure strategies can be prepared at APs during the next phase (i.e. the downlink phase).With these in mind and with the aim of keeping confidential information safe, we can realize beforehand which user is under attack and thus, we can propose optimization problems based on secrecy criteria to protect that user from being overhead.Our proposed optimization problems can be classified into 2 groups.For the first group, we design a matrix of power control coefficients • to maximize the achievable data rate of the user who is under attack (see III-A) • to maximize the achievable secrecy rate of user 1 (see III-B) • to minimize the total power at all APs subject to the constraints on the data rate of each user, including all legitimate users and eavesdropper (see IV-A) • to minimize the total power at all APs subject to the constraints on the achievable data rate and the data rates of other users (i.e.legitimate users not under attack) (see IV-B).
For the second group, we design a common power control coefficient for all APs and consider 4 optimization problems (V-A, V-B, V-C and V-D), which are similar and comparable to their counterparts in the first group.While the common goal of all maximization programs is achievable secrecy rate, that of all minimization programs is power consumption at APs. Taking control of power at each AP, we find the most suitable solutions to the proposed optimization problems and compare them in secure performance as well as energy.
The rest of the paper is organized as follows.In Section II, the system model is presented.
In Section III, we propose two maximization problems to maximize achievable secrecy rate subject to several quality-of-service constraints.In parallel, Section IV provides two minimization problems to minimize the power consumption such that security constraints are still guaranteed.
In Section V, special cases of the proposed optimization problems are given for comparison purposes.Simulation results and conclusions are given in Sections VI and VII, respectively.respectively.I n is the n × n identity matrix.• denotes the Euclidean norm.E {•} denotes expectation.z ∼ CN n (z, Σ) denotes a complex Gaussian vector z ∈ C n×1 with mean vector z and covariance matrix Σ ∈ C n×n .

II. CELL-FREE SYSTEM MODEL
We consider a system with M APs and K users in the presence of an active eavesdropper (Eve).Each node is equipped with a single antenna and all nodes are randomly positioned.Let g mk = √ β mk h mk ∼ CN (0, β mk ) be the downlink channel from the mth AP to the kth user. 1 We assume channel reciprocity between uplink and downlink.Similarly, let g mE ∼ CN (0, β mE ) be the channel between the mth AP and Eve.Note that the desirable property of channel reciprocity requires the highly accurate calibration of hardware.In addition, the APs in cell-free massive MIMO systems are connected to a CPU via backhaul, thereby they can share information.We assume that the backhaul is perfect enough to consider error-free information only.Any limitation on capacity (caused by imperfect backhaul) will be left for future work. 1 In the formulation g mk = √ β mk h mk , the term β mk represents the large scale fading, while the term h mk ∼ CN (0, 1) implies the small scale fading.The value of β mk is constant and is based on a particular rule of power degradation.This rule will be presented in Section VI, given that the Hata-COST231 propagation prediction model is used (see [19] and [20]).
The transmission includes 2 phases: Uplink training for channel estimation and downlink data transmission.

A. Uplink training
In this phase, the kth user sends a certain pilot vector p k ∈ C T ×1 to all APs where T is an integer number.If L int denotes the coherence interval, then the first T symbols are for pilot training and the (L int − T ) remaining symbols are for data transmission.In low-mobility environment, the coherence interval can take on large numbers.It is shown that if the vehicle speed is 5.4 km/h, the coherence interval L int can approach 15000 symbols (see [21, p.23]).With such a large value of L int , we can totally assign a sufficiently-large number to T such that the inequality T ≥ K holds true.For example, (T, K) = (150, 100) is totally possible in practical situations (note that T = 150 accounts for only 0.1% of L int = 15000).In short, we can totally have T ≥ K and then design K orthogonal pilot vectors such that p † k p k ′ = 0 for k = k ′ and p k 2 = 1.In general, p 1 , . . ., p K are known to Eve because the pilot sequences of a system are standardized and public.Taking advantage of this, Eve also sends its pilot sequence p E to all APs.If Eve wants to detect the signal destined for the lth user, p E will be designed to be the same as p l (see [8], [22], [23]).Without the loss of generality, let us consider the situation in which Eve aims to overhear the confidential messages intended for the 1st user, i.e. p E = p 1 .
At the mth AP, the received pilot vector is given by where ρ u P u /N 0 and ρ E P E /N 0 .Herein, P u and P E are the average transmit power of each user and that of Eve, respectively; while N 0 is the average noise power per a receive antenna.
w m is an additive white Gaussian noise (AWGN) vector with w m ∼ CN (0, I).Projecting y p,m onto p † k , we can write the post-processing signal y km = p † k y p,m as 2 It is of crucial importance that all APs are not aware of an eavesdropping attack until they have realized an abnormal sign from the sequence of signals {y km } in (2).Based on that abnormal 2 If we assumed T < K (i.e.p † k p k ′ = 0 for k = k ′ ), there would be the presence of the term . Other changes could also be made and the framework of this paper could be re-applied.sign, APs can identify the pilot which might be harmed.Therefore, it is necessary for APs to have a method to observe abnormality from {y km }.We describe such a method in Appendix A.
Besides, with the aim of estimating g mk and g mE from (2), the MMSE method is adopted at the mth AP, i.e. and Let us denote 4), we can also rewrite ) .In association with the above, we state the following proposition for later use in the rest of paper.
Proposition 1. ĝmk and ĝmk ′ are uncorrelated for ∀k ′ = k.At the same time, ĝmE and ĝmk ′ are uncorrelated for ∀k ′ = 1.Furthermore, we have and Proof.It is straightforward to prove the uncorrelated-ness by showing Using these results, we can obtain ( 5) and ( 6) with the help of ( 2)-( 4) and the definitions of γ mk and γ mE .
Note that the eavesdropper's attack against the 1st user during the training phase leads to the presence of ρ E in the denominator of ĝm1 (which is called a pilot spoofing attack).

B. Downlink transmisson
In this phase, the mth AP uses the estimate ĝmk to perform beamforming technique.First, we denote s k be the signal intended for the kth user and P s be the average transmit power for a certain s k .Then the signal transmitted by the mth AP can be designed (according to beamforming technique) as [2] x with s k being normalized such that E {|s k | 2 } = 1.In ( 7), η mk is the power control coefficient, which corresponds to the downlink channel from the mth AP to the kth user.
As such, the received signal at the kth user and Eve are, respectively, given by where ρ s = P s /N 0 , n k ∼ CN (0, 1), and n E ∼ CN (0, 1).
1) The lower-bound for the mutual information between s k and z k : We rewrite (8) as where represent the strength of the desired signal s k , the beamforming gain uncertainty, and the interference caused by the k ′ th user (with k ′ = k), respectively.It is proved that the terms DS k , BU k , UI kk ′ and n k in (10) are pair-wisely uncorrelated.
Lemma 1.Let U and V be complex-valued random variables with U ∼ CN (0, var{U}) and Given that U and V are uncorrelated, then the mutual information I(U; U + V ) between U and U + V is lower-bounded by log 2 (1 + var{U}/var{V }).Consequently, the lower-bound SNR can be given by var{U}/var{V }.
Proof.The reader is referred to [24] and [25] for detailed proofs in terms of information theory.
Let I k (s k ; z k ) denote the mutual information between s k and z k .Considering the second, third, and fourth terms in (10) as noises, the lower-bound for I k (s k ; z k ) can be deduced from Lemma 1 as follows: where with K = {1, 2, . . ., K}.The derivation of ( 12) is available in [2, Appendix A].The right hand side (RHS) of ( 11) is the achievable data rate of user k.
2) The upper-bound for the mutual information between s 1 and z E : We rewrite (9) as where respectively represent the strength of the desired signal s 1 (which Eve may want to overhear) and the interference caused by the remaining users (with k ′ = k).It is proved that the terms BU E,k , UI E,kk ′ and n E in (13) are pair-wisely uncorrelated.Thus, we can consider the second and third terms in (13) as noises.
Let I E (s 1 ; z E ) denote the mutual information between s 1 and z E .Then the upper-bound for I E (s k ; z E ) can be formulated as follows: where The RHS of inequality (a) means that Eve perfectly knows channel gains.It also implies the worst case in terms of security.Meanwhile, the approximation (b) follows [26, Lemma 1].
Finally, the derivation of (c) is provided in Appendix B.
3) Achievable secrecy rate: From ( 11) and ( 14), we can define the achievable secrecy rate of user 1 as follows: in which the explicit expressions for snr 1 and snr E are presented in ( 12) and ( 16), respectively.
In order to facilitate further analysis in the rest of paper, we denote Ψ be the matrix in which the (m, k)th entry is Ψ(m, k) = √ η mk .The kth column vector of Ψ is denoted as Besides, we also define the following matrices and vectors Finally, the SNRs in ( 12) and ( 16) can be rewritten in a more elegant way as follows: where All SNR-related expressions are now presented as functions of Ψ instead of {η mk } m,k .Given that η mk decides the amount of the mth AP's power destined for the k user, the (m, k)th entry of Ψ is also referred to as the factor deciding how much transmit power used by the mth AP and destined for the k user.

III. SECRECY RATE MAXIMIZATION
In this section, we aim to design the matrix Ψ to maximize either the achievable data rate of user 1 (in nats/s/Hz), i.e. ln (1 + snr 1 ), or its achievable secrecy rate ln (1 + snr 1 ) −ln (1 + snr E1 ) in improving the secure performance of our system.Prior to performing these tasks, however, we need to impose a critical condition on the power at each AP.The power constraint is described as follows: • Let P max be the maximum transmit power of each AP, i.e.P max ≥ E {|x m | 2 }.From (7), the average transmit power for the mth AP can be given by With the power constraint on every AP, we have with M = {1, . . ., M}.Note that ρ max = P max /N 0 is viewed as the maximum possible ratio of the mth AP's average transmit power to the average noise power.Now we begin with optimizing Ψ to maximize the achievable data rate of the 1st user (who is under attack), i.e.

(P1) max
Herein, optimizing Ψ is equivalent to finding the optimal value of every power control coefficient The constraint ( 23) is to control the transmit power at each AP as previously described.
The constraint (24c) requires that the greatest amount of information Eve can captures will not exceed some predetermined threshold, i.e. ln (1 + snr E ) ≤ ln(1+θ E ).Finally, the constraint (24d) guarantees that the achievable data rate of user k ∈ K\{1} is equal to or greater than some target threshold, i.e. ln (1 + snr k ) ≥ ln(1 + θ k ).
Similarly, we will optimize every η mk (through optimizing the coefficient matrix Ψ) to maximize the achievable secrecy rate of user 1, i.e.
(Q1) max It should be noted that both problems (P1) and (Q1) has been considered in [27] and [28] in the context of conventional MIMO systems, information and energy transfer.Inspired by these two works, we also use path-following algorithms to solve non-convex optimization problems.
As can be seen in the subsections below, each of the proposed path-following algorithms invokes only one simple convex quadratic program at each iteration and thus, at least a locally optimal solution can be found out.

A. Solving problem (P1)
We can see that the constraint ( 23) is obviously convex, while (24d) is the following secondorder cone (SOC) constraint and thus convex: Besides, we observe that the objective function of (P1) can be replaced with a T 1 u 1 2 ϕ 1 (Ψ).
To find a feasible point for (P1) to initialize the above procedure, we address the problem 23), (26).

IV. POWER MINIMIZATION
In this section, we aim to design the matrix Ψ to minimize the total average transmit power of all APs subject to security constraints as well as other SNR-based constraints: 23), (24c), (43b) and 23), ( 26), (44b) finding Ψ is equivalent to finding every power control coefficient η mk (m ∈ M and k ∈ K).
In addition, the objective function is the total power radiated by the antennas of APs.The power consumed by other components (such as the backhaul and the CPU) is beyond the scope of this paper.
Note that (43c) is not exactly the same as ( 26) because (43c) contains one more constraint, i.e. snr 1 ≥ θ 1 .Meanwhile, r φ in the program (S1) is the given threshold which a designer may want to obtain.In general, we will have different results (which of course leads to different secure performances) when using (R1) and (S1).However, the obtained results can also be the same when using these programs, depending on the given values of θ 1 , θ E and r φ .

A. Solving problem (R1)
At κ-th iteration, we solve the following convex optimization problem to generalize the next iterative feasible point Similar to (32), the computational complexity of solving (45) is also O ((MK) 2 ǫ 2.5 + ǫ 3.5 ).
Note that a feasible point Ψ (0) for (R1) can be found in the same way as (P1).Furthermore, the algorithm for solving (R1) is presented below.

V. OPTIMIZATION UNDER EQUAL POWER ALLOCATION AT ACCESS POINTS
In this section, we reconsider the proposed optimization problems with η mk being equal to η (for all m and k) for comparison purposes.
Plugging η mk = η into ( 12)-( 16), we obtain the special expressions for snr k and snr E as follows: where Then, problems (P1) and (Q1) reduce to and Similarly, problems (R1) and (S1) reduce to and A. Closed-form solutions to (P1) The objective function of (P1) increases in η.Hence, maximizing that objective function is equivalent to maximizing η.In other words, we will solve the following problem In order for (49d) to be meaningful, we need the condition with k ∈ K\{1}.If θ k satisfies the above condition, we can infer from both (49b) and (49d) the following: This also implies another necessary condition as follows: for each k ∈ K\{1}.The two conditions (54) and ( 55) are now rewritten in the following form: with k ∈ K\{1}.Once (56) has been satisfied, the solution to (P1) can be given by for for

B. Closed-form solution to (Q1)
As presented in the previous subsection, (56) is necessary in order that (Q1) can be solved.
• For τ > 0, we solve the system of two equations In Figure 2, we show the achievable secrecy rate (in nats/s/Hz) in 2 different cases: i) Ψ = Ψ ⋆ (P1) and ii) η = η ⋆ (P1) .For each case, 3 different sub-cases of (P u , P E ) are considered.It is observed that R sec (P1) is significantly higher than R sec (P1).In fact, the obtained values of R sec (P1) fall within the interval (0.55, 0.57) nats/s/Hz.In other words, having η mk = η ⋆ (for  all m and k) will lead to very poor performance in terms of security.Furthermore, the secure performance increases with P u and reduces with P E (the average transmit power of Eve).
Figure 3 shows the achievable secrecy rate versus P s in two cases: i) Ψ = Ψ ⋆ (Q1) and ii) η = η ⋆ (Q1) .The secure performance in the first case is significantly higher than the second case.Moreover, the changes in the value of R sec Q1 are minor, i.e.R sec Q1 falls within (0.67, 0.79) nats/s/Hz.We also observe that R sec (Q1) is improved with increasing P u and is impaired with P E .Meanwhile, R sec Q1 slightly decreases with P u .
In Figures 4 and 5, the achievable secrecy rates R sec (P1) and R sec (Q1) are depicted as   functions of M. We can see that both of them increase with M. It implies that the more service APs we have, the higher secure performance we gain.Finally, R sec (P1) as well as R sec (Q1) increases with P u and decreases with P E .With the chosen parameters, (Q1) appears better than (P1) in terms of secrecy rate.Overall, P E represents the strength of an actively eavesdropping attack; thus, we can observe that the secure performance is degraded when P E grows as shown in Figures 2-5.
Figure 6 shows that P tot (R1) is much higher than P tot (R1) which is around 0.003 mW with every P s .It means that the solution Ψ ⋆ (R1) is much better than the solution η ⋆ (P1) in terms of energy, because the APs do not have to consume too much energy to meet security requirements.Besides, the figure also shows that P tot (R1) inversely decreases with P s and is lowest at P s = P max .
Figure 7 shows that P tot (S1) is much higher than P tot (S1) which is around 0.0027 mW at each considered value of P s .This result also reveals that (R1) is the better program in terms of energy, because there is really less energy required for security.Besides, the figure also shows that P tot (S1) inversely decreases with P s and is lowest at P s = P max .Finally, we record that R sec (S1) ≈ 0 + nats/s/Hz when P s changes.In contrast, R sec (S1) ≈ 0.4619 nats/s/Hz with P u = 0.1 W and 0.4521 nats/s/Hz with P u = 1W.the total power consumption reduces with M but increases with K. We can see that (R1) can be solved with many different values of (M, K).Among them, the best choice is to choose M as large as possible while K should be as small as possible.For example, the system with (M, K) = (70, 6) will require less power consumption (at APs) than the system with (M, K) = (50, 10), while the security constraints remain guaranteed. .We should choose M as large as possible and K as small as possible in order to attain the best performance (as long as the security constraints are satisfied).When M is large enough, the total power consumption is nearly zero and yet, the secrecy rate is also around zero (with the chosen parameters).
In comparison between Figure 8 and Figure 9, one can find the two differences: i) the presence of θ E and the absence of φ in Figure 8; and ii) the absence of θ E and the absence of φ in Figure 9.It is because of the fact that (R1) and (S1) have different security constraints.With the setup parameters, (S1) offers better performance than (R1) because the required power consumption is lower (i.e., the curves in Figure 9 is slightly lower than those in Figure 8).
In fact, the above-mentioned detection method can be performed without knowing the value of ρ E .However, ρ E can also be predicted by in the case that active eavesdropping occurs.

B. Explicit expression for snr E
We first calculate where (a) is obtained by using ( 4) and (b) results from the substitution of (5).

Fig. 1 .
Fig. 1.A system model consisting of M APs, K legal users and one active eavesdropper Eve.The arrows point to the direction from transmitters to receivers.All directions, connected to Eve, are in red.In uplink training phase, all users and Eve send the pilots to the APs in order to request for the messages, which privately intended for them.Connected together through a CPU, the APs exchange information, estimate channels and detect abnormality in pilot sequences.In downlink transmission phase, the APs transmit their designed signals to users and Eve.
RI DO O $3V P :

Figure 8 depicts
Figure 8 depicts P tot (R1) as a function of M. With 3 different values of K, we observe that

Figure 9 depicts
Figure 9 depicts P tot (S1) as a function of M. Our observation of this figure is similar to Figure 8.We should choose M as large as possible and K as small as possible in order to attain