Physical Layer Security Design for FDD IM-OTFS Transmissions Based on Secure Mapping

In this paper, a physical layer security scheme is proposed for index modulation aided orthogonal time frequency space (IM-OTFS) modulation systems working in Frequency Division Duplex (FDD) mode. In FDD systems, the channel reciprocity, which is the basic assumption for most physical layer security (PLS) techniques, is not applicable. To deal with the security challenge in FDD IM-OTFS systems, Chaos sequence is generated by exploiting the angular reciprocity of the legitimate link to construct the secure mapping rule between the information bits and the modulation symbols as well as the symbol indices. A PLS scheme based on the proposed secure mapping is introduced. The secrecy performance of the proposed PLS scheme is analyzed in terms of Bit Error Rate (BER) and the ergodic secrecy rate. Furthermore, a close-form approximated ergodic secrecy rate is derived to reduce the computational complexity. A truncation method is proposed to obtain robust secure transmissions when the angles of the uplink and downlink legitimate channels are estimated with errors. Simulation results show that the theoretical BER curve approaches the simulated BER curve closely for medium and high signal to noise ratio (SNR) regions, and the eavesdropper’s BER is always around 0.5 for all SNRs. The closed-form approximated ergodic secrecy rate fits the ergodic secrecy rate exactly in low and high SNR regions, and can work as a lower bound of the ergodic secrecy rate in medium SNR region. The secure mapping at the legitimate users is not affected by the angle estimation errors by using the truncation method, while the eavesdropper’s BER is influenced and the influence is analyzed.


I. INTRODUCTION
Many applications facilitated by 5G or the future 6G involve various high mobility scenarios, such as vehicle-to-vehicle communication system and the satellite communication (Sat-Com) system [1], which have highly doubly-dispersive radio channels in the time-frequency (TF) domain, and cause challenges to traditional one-dimensional time or frequency modulation schemes.In order to tackle the doubly-selective channels, a novel two-dimensional (2-D) modulation technique, namely orthogonal time frequency space (OTFS), was proposed in [2].For OTFS modulation, the transmit symbols The associate editor coordinating the review of this manuscript and approving it for publication was Mehdi Sookhak .
are implemented in the Delay-Doppler (DD) domain and then transferred onto the time-frequency (TF) domain by using the Inverse Symplectic Finite Fourier Transform (ISFFT) [3].So that all symbols are spread to the whole TF domain and it does not rely on the orthogonality among subcarriers, therefore, OTFS modulation improves the resistance to Doppler shift.
In 5G and future wireless communication networks, the explosively growing demand of data services requires higher spectral efficiency.Index modulation (IM) is a promising modulation technique which provides high spectral and energy efficiency [4], [5], [6].The basic idea of IM is to carry the information bits by both the constellation symbols and the activated indices of transmission entities, such as the antennas of multi-antenna systems [7], [8] and the subcarriers of multi-carrier systems [9], [10], [11].Recently, IM is also applied in OTFS systems to improve the transmission performance in high-mobility scenarios.Different IM designs have been proposed for OTFS systems, and most of them focus on improving the decoding performance with reasonable decoding complexity [12], [13], [14], [15], [16].As security issue becomes more prominent in wireless communication systems due to the open nature of the wireless propagation, it is also necessary to deal with the security challenge in IM aided OTFS (IM-OTFS) systems.

A. RELATED WORK
Different OTFS with IM schemes have been proposed in recent years.The general combination between OTFS modulation and index modulation is investigated in [12].Further, the authors of [13], [14], and [15] improve the activation scheme or the modulation scheme, therefore the spectral efficiency is upgraded and the modulation order is reduced, so as to improve the spectrum efficiency and reliability of the communication systems.In addition, in [16], an IM aided scheme is proposed to mitigate the in-phase and quadrature (IQ) imbalance effect in OTFS system.
Since both the index dimension and the modulation dimension can carry information bits, IM technique not only improves the spectral efficiency but also provides the probability of introducing extra security in the index dimension.Unfortunately, those works mentioned above do not consider the security of the IM-OTFS system.
Despite this, the physical layer security (PLS) problem has received some attention in the OTFS system.In [17], by implementing the singular value decomposition (SVD) on the equivalent channel matrix of the legitimate link in the DD domain, the right singular matrix is utilized to encode the transmit information to anti-eavesdrop.But it neither excavates the sparsity of the equivalent channel in the DD domain, nor considers the probability that eavesdropper derives the encoding vector due to the correlation between the legitimate link and the illegitimate link.The authors of [18] introduce a multi-antenna Unmanned Aerial Vehicle (UAV) to transmit the artificial noise (AN) in order to anti-eavesdrop when considering the uplink of the Low Earth Orbit (LEO) satellite communication system [19], and the security outage probability (SOP) is derived.However, transmitting AN causes additional power consumption, and its numerical results do not clarify the better performance compared with OFDM system is resulted from the introduction of AN or the slighter ICI in OTFS system.The vehicular networks with OTFS modulation is discussed in [20], the closed-form instantaneous secrecy capacity is derived in Rayleigh fading and Nakagami fading, but the ergodic secrecy capacity is ignored and there is the same problem as [18] when the simulation results are compared with the OFDM system.
However, the PLS problem in the IM-OTFS system still needs attention, especially for FDD systems where channel reciprocity do not strictly exists.Existing PLS schemes such as artificial noise (AN) [21], secure beamforming [22] and the CSI-based random mapping [23] relying on the reciprocity of the legitimate link in TDD systems can not be applied in FDD systems.
A Chaos-based PLS transmission scheme has been proposed in [24].The idea of using Chaos sequence to design PLS scheme provides a new perspective to solve the security challenge in FDD systems.However, the proposed Chaos-based PLS scheme in [24] depends on the assumption that the chaotic initial values have been secretly shared by the legitimate transceiver.Recently, in [25] and [26], the authors have designed Chaos-based secure schemes for orthogonal frequency division multiplexing based differential chaos shift keying systems.The secure scheme in [25] requires to share a set of chaotic sequences secretly between the legitimate transceiver, while the secure scheme in [26] designs a deep neural network (DNN)-aided receiver to avoid the delivery of reference chaotic signals.These works indicate that security can be enhanced by using Chaos sequences, but the secret sharing of the Chaos sequences between the legitimate transceiver requires extra secure information exchange [24], [25]or extra computation capability [26].

B. CONTRIBUTIONS
To solve the PLS problem in FDD IM-OTFS systems, in this paper, we propose a Chaos-based secure mapping scheme to resist eavesdropping.Different from the random mapping scheme in [23] and [27], the secure mapping in this paper is designed based on Chaos sequences by exploiting their sensitivity to the initial values and the aperiodicity.The angular reciprocity [28] which means that an Angles of Arrival (AoA) at one frequency can be translated to an Angles of Departure (AoD) at another frequency has been used recently to design beamforming or precoding in FDD systems.To avoid sharing the initial values at the legitimate transceiver beforehand, we exploit the angular reciprocity of the legitimate link to generate the same Chaos sequence at the legitimate transceiver.The main contributions of this paper can be summarized as follows: • A secure mapping scheme is designed based on the Chaos sequence, and the initial value of the chaos sequence is derived from the angle reciprocity.Based on the same initial value obtained at the legitimate transceiver, a secure mapping rule is generated by using a sliding window on the Chaos sequence at the legitimate transceiver, which is unavailable at the illegal eavesdropper.
• The theoretical BER and the ergodic secrecy rate of the proposed scheme are analyzed.To simplify the calculation, the approximated ergodic secrecy rate is derived in closed-form.Simulations show that the theoretical BER is close to the simulation BER for medium and high SNRs, and the approximated ergordic secrecy rate is close to the ergodic secrecy rate.
• In a practical case when the angles of the legitimate uplink and downlink are estimated with errors, the legitimate transceiver can not get the same initial values.
To make the proposed scheme robust, we propose a method to truncate the initial values so that the truncated values are used as the common initial value at the legitimate transceiver.We also analyze the influence of truncation at the eavesdropper.The rest of this paper is organized as follows.Section II investigates the IM-OTFS system.The specific secure mapping scheme for FDD IM-OTFS is presented in Section III.In Section IV, the bit error rate and the ergodic secrecy rate of the proposed scheme are analyzed, and the approximated ergodic secrecy rate is derived in closed-form.Section V shows the simulation results and discussions.Finally, conclusions are illustrated in Section VI.
Notations: Scalars, vectors and matrices are denoted by lower-case normal script x, lower-case bold script x x x and upper-case bold script X X X , respectively.

II. FDD IM-OTFS SYSTEM MODEL A. SYSTEM MODEL
We consider a high speed mobile scenario using IM-OTFS transmissions using Frequency Division Duplexing (FDD) mode.A legitimate transmitter called Alice transmits private information signal to a legitimate receiver called Bob.Meanwhile, there is a passive eavesdropper Eve trying to overhear the private information signal.

B. IM-OTFS TRANSMISSIONS
We consider an IM-OTFS system with M subcarriers and N symbols, where subcarrier spacing and symbol duration are f and T respectively.The block diagram of IM-OTFS is shown in Fig. 1.A total number of m incoming data bits are split into g groups so each of them contains p = m/g bits, and each p bits is mapped on an OTFS subblock in the DD domain with size n = MN /g.For each group, p bits are divided into p 1 bits and p 2 bits, which are referred as index bits and information bits.The first p 1 = ⌊log 2 C k n ⌋ bits are used to activate k symbols out of n, and the remaining p 2 = klog 2 Q bits are mapped to the Q-ary constellation points whose information will be carried by the k activated symbols.
In the αth subblock, the indices of the activated symbols are assumed as, where i α,β ∈ {1, . . ., n},1 ≤ α ≤ g,1 ≤ β ≤ k. k indices will be activated out of I I I α according to the index bits.The modulated symbols in this block are expressed as, After activation and modulation in all groups, we can obtain the index set I I I and the modulation symbol set d d d for the entire DD domain.The numbers of the index bits and the information bits for all the groups can be calculated as Combining all g groups with OTFS block generator, the M × N transmitting block X X X = F IM (I I I , d d d) in the DD domain is created, where F IM (•) represents the index modulation operation.Here, we consider the system in which the transmitting and receiving pulses are rectangular pulses for simplicity.Firstly, X X X in the DD domain is converted by the ISFFT into the TF domain as X X X TF ∈ C M ×N , which is equivalent to applying an M -point DFT and an N -point IDFT to the columns and rows to X X X respectively as follows, Then the time domain signal S S S is obtained by the Heisenberg transform as, By vectoring S S S into the MN × 1 vector s s s = vec(S S S) = (F F F H N ⊗ I I I M )x x x and adding a cyclic prefix (CP), the transmit symbols can be transmitted over the time-varying channel, here x x x = vec(F IM (I I I , d d d)) ∈ C MN ×1 in the DD domain is the vector form of X X X .
The received signal at Bob after removing the CP can be written as, r r r = H H Hs s s + w w w, (5) where is the time-domain channel matrix, in which P is the number of propagation paths, h i ∼ CN (0, 1/P) is the complex gain of the i-th path,

MN
} ∈ C MN ×MN is a diagonal matrix, l i and k i represent the integer delay and Doppler taps respectively.w w w ∈ C MN ×1 is the additive white Gaussian noise (AWGN) that is distributed as w w w ∼ CN (0 0 0, N 0 I I I M ).Then the reverse operations are performed on r r r.Firstly, we reshape the vector r r r to the matrix form R R R ∈ C M ×N , then the Wigner transform and the SFFT are implemented to get the received matrix Finally, by column-wise vectorization, the input-output relationship of the IM-OTFS system can be derived as, where is the effective channel matrix and w w w is the equivalent noise in the DD domain.Similarly, the received signal at Eve can be expressed as, where G G G eff , w w w e are the effective channel matrix and the equivalent noise of the Alice-Eve link.

III. THE PROPOSED SECURE MAPPING SCHEME
Gray mapping is widely used in wireless communication systems to map the bits to constellation symbols.Since Gray mapping is a commonly-known mapping, it can not bring any secrecy to the communication system.In this section, we propose a secure mapping scheme based on Chaos sequence by exploiting its sensitivity to the initial value and the the aperiodicity property to resist eavesdropping without any extra cost.
As illustrated in Equ.(7), we have the effective channel matrix H H H eff in the DD domain and it can be written as, where h i is the complex gain of the i-th path, and T T T i ∈ C MN ×MN represents the influence for the phase in the i-th path.
Although the channel reciprocity is no longer exists in FDD systems, we can still obtain some reciprocity parameters.In [29], the arbitrary channel path's angles at uplink and downlink, the delay for each multipath and the depolarization matrix for reflection are regarded as the same in FDD systems.In [28], the angular reciprocity has been used to extend the bi-directional training for time division duplex (TDD) systems to FDD systems.Angular reciprocity has been used for channel reconstruction of the uplink and downlink channel in [30] and [31].In [32], deviation distribution of the dominant direction of arrival (DoA) estimated at the uplink and downlink carrier has shown that the deviations of DoAs from the uplink and downlink are no more than 5 degrees [32].
By exploiting the angular reciprocity of the legitimate link, Alice and Bob can obtain the same angular parameter respectively, while this angular parameter is unavailable at Eve since she is located differently from Bob. Inspired by the fact that Chaos sequences have the aperiodicity property and are highly sensitive to the initial value, we propose a secure mapping scheme based on Chaos sequence generating by the same angular parameter at Alice and Bob.
Without loss of generality, let's take the following 2 dimensional chaotic sequence generation as an example [33], (10) where x n and y n are state variables, a, b, c, r are quantitative parameters, γ is the highest-order polynomial, β is modulus coefficient, r n is the random perturbation factor, the Chaos initial values x 0 and y 0 are in the interval (0, 1).The parameters a, b, c, γ , β, r n can be available for all parties including Eve.Although the two-dimensional Chaos sequence is taken as an example here, the following design can also be implemented for one dimensional or higher dimensional Chaos sequences [34].Instead of sharing the Chaos initial value as a key between the legitimate users, in this paper, we propose to generate the Chaos initial value locally at Alice and Bob by exploiting the angular reciprocity.Since the Chaos initial values are in (0, 1), after normalizing the angles obtained at Alice and Bob, a Sigmoid mapping is performed to map the angles to values in (0, 1) which will be used as the Chaos initial values at Alice and Bob respectively.Thanks to the angular reciprocity, Alice and Bob can obtain the same Chaos initial value and generate the same chaotic sequence.
In the following, we will design the secure mapping from the information bits to the modulation symbols based on the sequence {x n }, and design the secure mapping from the index bits to the activated indices of symbols based on the sequence {y n }.
For each group, p 1 bits are used to activate k symbols from the OTFS subblock which contains n symbols, as illustrated in Section II-B.Then p 2 bits are mapped to the Q-ary constellation to generate k activate symbols.
To make the bit-to-symbol mapping changes randomly for Eve from one symbol to another, a sliding window is designed in Fig. 2. For the Q-ary constellation, the length of the sliding window is Q.For the first symbol, the elements of {x n } in the sliding window construct a vector x1 .For the second symbol, the sliding window shift across one element of {x n }, and the elements inside the sliding window are denoted as x2 .Similarly, for each of the k activated symbols we can get a vector xl , l = 1, • • • , k.Then we sort the elements in xl in descending order, and the total number of the sorting patterns is N M = Q! which is the same to the total number of the bit-to-symbol mapping patterns.In this way we construct a one-to-one mapping for each symbol between the sorted pattern of Chaotic elements and the bit-to-symbol mapping pattern, and this one-to-one mapping is determined by the Chaotic sequence between Alice and Bob, which is unknown to Eve.
Assume d α (l) in Equ.(2) comes from a QPSK constellation, so Q = 4, and N M = 24.The windowed Chaotic vector is denoted as xl = [γ 1 , γ 2 , γ 3 , γ 4 ].Here, s i , i = {1, 2, 3, 4} is the QPSK constellation points.An illustration of the correspondence that pairs the sorting pattern of xl with the symbol mapping pattern for this example is shown in Table 1.
Then, the secure mapping from the index bits to the activated indices of symbols based on the sequence {y n } is discussed.Similarly, we want to design a secure mapping which makes the indices activation change randomly for Eve from one OTFS subblock to another.For example, assume that M = 4 and N = 2, and we divide the MN = 8 points into g = 2 groups and activate k = 3 points out of n = MN /g = 4 in each group.The length of the sliding window for this case is 4. We can generate the windowed Chaotic vector for each OTFS subblock in the same way as we generate the windowed Chaotic vector for the modulation symbols.The correspondence between the chaotic sequence sorting patterns and the index activation patterns is shown in Table 2, where p i , i = {1, 2, 3, 4} represents the indices of 4 points in the OTFS subblock and the mark ''→'' represents that the point is activated.
By performing the above secure mapping for the information bits and the index bits, the transmitting block in DD domain can be represented as X = F S IM (I I I , d d d), where F S IM (•) denotes the secure mapping designed in this section.

IV. PERFORMANCE ANALYSIS OF THE PROPOSED SCHEME A. OPTIMAL DETECTION
The received signals at Bob and Eve are respectively where The detector in the IM-OTFS system needs to detect the information bit carried by the modulation symbols and the index bits carried on the active indices.Considering all possible index patterns and their corresponding signal constellation points, Let X denote all possible transmitting block, the maximumlikelihood (ML) detection can be written as, where F −1 S IM (•) denotes the secure de-mapping from the symbols and the activated indices to the bits, which is the inverse operation of the secure mapping.Since Eve has no idea of the secure mapping used by the legitimate transceiver, the de-mapping operation F −1 E IM at Eve has no relation to the secure de-mapping used at Bob.Furthermore, the secure mapping and de-mapping changes randomly from one symbol to another, it is almost impossible for Eve to estimate the correct mapping pattern.
The decoding complexity of ML detection would extremely increase with larger size of each subblock and higher order of modulation, to relieve the complexity issue, the Minimum Mean Square Error and ML power (MMSE-ML) detection in [16] can be used to reduce the computation complexity.

B. ANALYSIS OF BER
1) BER of the Legitimate Receiver.
We assume that the legitimate transceiver estimate the angles for the uplink and downlink perfectly, which means they obtain the same secure mapping rule.The input-output relationship can be rewritten as [35], y y y = H H H eff x x x + w w w where x x over the channel h h h, the conditional pairwise error probability (CPEP) can be expressed as,

Pr(x x x|x x x, h h
where Q(•) represents the Gaussian tail function and ( x x x) = ( x x x) H ( x x x), x x x = x x x − x x x, here, ( x x x) is a Hermitian matrix.According to the approximation of Q(•) and the distribution of h h h, the unconditional pairwise error probability (UPEP) can be calculated as [11], [15], [36], and [37],

h H ( x x x)h h h
3N 0 P = 1/12 det(I I I P + q 1 ( x x x)) +

1/4 det(I I I
where λ i is the eigenvalue of ( x x x) and r = rank( ( x x x)), q 1 = 1/(4N 0 P), q 2 = 1/(3N 0 P).We assume that n x x x is the number of all possible realizations of x x x and e(x x x, x x x) is the number of bits errors for the corresponding pairwise error events, so the theoretical BER is, 2) BER of the Illegitimate Receiver.Suppose that the illegitimate receiver Eve can estimate the modulation symbols and active indices correctly in the DD domain, we now analyse the BER of converting the symbols into bits.Because the Chaotic sequence is a random sequence, all kinds of sorting patterns of the Chaotic elements inside the sliding window equally appear.The probability of converting any symbol in x(i), i = {1, 2, . . ., MN } to each possible bit realization is equally 1/M .Within all possible bit realizations, there is only one case when the number of error bits is 0, and there are C m N b cases when that is m, m = 98298 VOLUME 11, 2023 Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
{1, 2, . . ., N b } with N b being the number of information bits carried by one symbol in the transmitting block X.So, the BER of each symbol is, The BER of the information bits at Eve is 0.5 which means Eve can not decode the information bits correctly.When Eve can obtain the specific indices of active points, the BER analysis of index bits is similar to that of information bits.

C. ANALYSIS OF SECRECY RATE
In this section, we investigate the ergodic secrecy rate of the secure mapping aided IM-OTFS system.Here, we have the transmitted vector x x x ∈ C MN ×1 and the channel matrix H H H eff ∈ C MN ×MN in the DD domain.The MN points in the DD domain are divided into g groups and each group contains n = MN /g points, and k out of n points are activated then.
To represent the specific activation status, we introduce a block diagonal matrix where E E E i ∈ C n×n , i ∈ {1, 2, . . ., g} is an n-dimensional diagonal matrix whose principal diagonal elements are 0 or 1, and there are k elements of 1 and (n − k) elements of 0.
Since each group has f 1 = C k n activation statuses, there are F 1 = (f 1 ) g activation statuses in total, which means the matrix E E E has F 1 possible realizations.Meanwhile, f 2 = kg points are activated, so x x x has F 2 = Q f 2 possible realizations.Hence, the data rate achieved by legitimate receiver is as shown in (21), at the bottom of the next page, and the derivation is shown in Appendix A.
Similarly, according to the chain rule for the mutual information, we can obtain the illegitimate receiver's data rate that is composed by two parts as shown in (22), at the bottom of the next page.Each part of ( 22) is derived in Appendix B.
Finally, let the ergodic secrecy rate of the proposed scheme is, In addition, if we consider to activate kg indices from MN points directly instead of grouping before activating, we just replace block diagonal matrix E E E with diagonal matrix E E E ′ ∈ C MN ×MN .In the principal diagonal of E E E ′ , kg elements are And then, we can obtain the ergodic secrecy rate of the scheme without grouping in a similar way as described above.

D. APPROXIMATION OF SECRECY RATE
On the basis of the ergodic secrecy rate, we now derive a closed-form approximation of R s .According to (21), we have the lower bound of R b , The derivation is shown in Appendix C. Observing ( 21) and ( 25), we can obtain that lim . So, R b and R bl have the same difference in both high and low SNR.Due to the monotonicity of R b and R bl , it is reasonable to imply that the difference between R b and R bl is ( 1 ln2 − 1) approximately within the whole SNR range [38], [39].Therefore, the approximated R b can be written as, Similarly, we can derive the approximation of each part of R e , which is shown in Appendix D, and compose them to obtain the approximated R e , R e,app = 1 Hence, let R app = R b,app − R e,app , the approximated ergodic secrecy rate is, R s,app = max{R app , 0}. (28)

V. ESTIMATED ANGLE WITH ERRORS
In the above sections, we have proposed a Chaos-based secure mapping scheme to resist eavesdropping in FDD IM-OTFS systems by exploiting the angular reciprocity of the legitimate link, and the secrecy performances in terms of BER and secrecy rate have been analyzed.It could happen that angles estimated at Alice and Bob for the uplink and downlink may not be the same due to estimation errors.This would result in the mismatch of the initial values of the Chaotic sequences at Alice and Bob, and make the legitimate communication unsuccessful.To make the legitimate transmission more robust to the angle estimation errors, a truncation method is proposed to truncate the initial values at Alice and Bob to get a common initial value.Assume that the estimated angles at Alice and Bob are 35 and 35.5 respectively, after normalization and performing a Sigmoid mapping to the values, we can observe that mapped decimals at Alice and Bob become different starting at the fourth decimal place.If the estimated angle at Bob is 35.01, the mapped decimals have the same value until the fifth decimal place.Based on this observation, we can truncate the mapped decimals at the decimal place where the mapped decimals become different.The truncated decimals have the same value and they are used as the Chaos initial value by Alice and Bob based on the estimated angles with errors.
While the truncation operation increases the robustness of the secure mapping by allowing Alice and Bob to obtain the same initial value of the chaotic sequence despite the existence of angle estimation bias, it also gives the eavesdropper a chance to get the same initial value by using the truncation operation.It is intuitive that when Eve's estimated angle of the Alice-Eve link deviates further from the angles at Alice and Bob, it is more likely that Eve can not obtain the same initial value as Alice and Bob even she performs truncation on her initial value.However, if Eve's estimated angle is close to the angles at Alice and Bob, the legitimate transmission could be insecure.We will discuss the insecure region when performing the truncation to obtain a robust secure transmission through simulations in the following section.

VI. SIMULATION RESULTS AND DISCUSSION
In this section, numerical results are presented to evaluate the BER and the ergodic secrecy rate of our proposed scheme.We consider a channel with P = 4 propagation paths.The Doppler shift tap of the i-th path is uniformly drawn from the set [−k max , k max ], and the delay taps belong to [1, l max ] excluding the first path (l 1 = 0).Assume that k max = 2 and l max = 4.In the simulations, the angle DOA up of the uplink and the angle DOA down of the downlink is 35 degrees.The coefficients for the Chaos sequence generator are a = 2, b = 3, c = 1.7, β = 1, and r n is a random number between (0, 1).In the following simulations, we first consider the case when Alice and Bob can estimate their angles perfectly, then we analyze the influence of angle estimation errors on the secrecy performance.
As shown in Fig. 3, the closed-form approximated ergodic secrecy rate is compared with the simulated ergodic secrecy rate when M = 2, N = 2, k = 1.The curves show that the closed-form approximated ergodic secrecy rate fits the simulated secrecy rate well in both high and low SNR regions, while there is a small gap in the moderate SNR region.Since the closed-form approximated ergodic secrecy rate can approximate the ergodic secrecy rate well with a much lower computational complexity, in the following simulations, the closed-form approximated secrecy rate is used to illustrate the secrecy performance.From Fig. 3 we can see that when 4 is not an integer, which causes that the index bits p 1 = ⌊log 2 C kg MN ⌋ = 2 can decide 4 activation patterns but we actually have 6 possible activation patterns when we want to activate 2 points out of 4.Under this situation, we have to make a trade-off according to the less patterns.As an example, a look-up table with M = 2, N = 2 and k = 2 is shown in Table 3.Therefore, compared to the grouping case with M = 2, N = 2, g = 2, k = 1 represented by a black curve, the ergodic secrecy rate is the same as the red curve.This proves that grouping does not affect the secrecy rate while ensuring that the index carries the same number of bits.Compared to the black curve, when M increases to 4, the ergodic secrecy rate increases as the dimension of OTFS block increases.Compared to the black and red curves, when k increases to 3, the secrecy rate ascends with the increasing number of activated points which carries more index bits.
The BER performance of the proposed secure scheme is investigated in Fig. 4. In the simulations, we have ) .    the same initial value based on their estimated angles by using the truncation operation.But their initial values become mismatch when R > 0.4.If the truncation number decreases to 2, Alice and Bob can obtain the same initial value for most cases since from the figure we can see that the mismatch probability is 0 when R ≤ 6 which is larger than 2.5.[32].With this observation, we can find out that when estimation error is small, we can truncate the initial values and keep 3 digits after decimal separator.For most cases, keeping 2 digits after decimal separator of the initial values at Alice and Bob can promise a same Chaotic initial value for Alice and Bob which could guarantee the successful legitimate transmissions.In the following we will discuss the influence of truncation numbers on the BER performance of Bob and Eve.
Assuming that Eve uses the same angle estimation algorithm as Alice and Bob, that is, the estimated angle of Alice-Eve link at Eve satisfy θ Eve ∼ U (θ ′ − R, θ ′ + R), where θ ′ is the ideal angle of Alice-Eve link.In Fig. 6 First we can see from Fig. 6 that by performing truncation, Bob can always decode the information successfully although Alice and Bob may estimate the angles differently.We first check the case that the estimation error is small and R = 0.4.As for Eve, when δ = 0.7, its BER decreases as SNR increases at low SNR region, but shows a platform at higher SNR region.When δ increases to 1.5, Eve's BER stays around 0.5, which indicates that the eavesdropper cannot decode correctly.When the estimation is inaccurate and R = 2.5, the truncation number is chosen as 2. When the angle deviation of Eve is δ = 6, Eve's BER decreases first but becomes flat around 2.5×10 −2 after SNR≥ 15dB.When δ increases to 11, Eve's BER stays around 0.5.Based on the above observations we can conclude that when the angle estimation is more accurate, Alice and Bob can get the same initial value to three decimal places.In this case, the secrecy can not be guaranteed if Eve's angle deviation δ is smaller than 1.5 degrees.When the angle estimation error increases, Alice and Bob have to decrease the truncation number to obtain the same initial value.In this case, Alice and Bob get the same initial value to two decimal places, and the secrecy can not be guaranteed if Eve's angle deviation δ is smaller than 11 degrees, which means the secure transmission region decreases due to the decrease of the truncation number.

VII. CONCLUSION
In this paper, a physical layer anti-eavesdropping scheme is proposed for the FDD IM-OTFS system.By exploiting the initial-value sensitivity and the aperiodicity property of Chaos sequences, a Chaos sequences based secure mapping scheme is designed, which introduces the time-variant activation rule and modulation rule for the IM-OTFS system, and the secure mapping rules cannot be obtained by Eve.To avoid secret sharing of the Chaos initial value, the angular reciprocity in FDD systems is used to generate the same initial value for Alice and Bob.A truncation method is proposed to provide robust secure transmission when angle estimation error exists.Numerical results show that the simulated BER fits the theoretical BER well in medium and high SNR regions, and the closed-form approximated secrecy rate fits the ergodic secrecy rate well in low and high SNR regions.The BER of Bob is not influenced by the proposed scheme even there are angle estimation errors.The BER of Eve is always around 0.5 for perfect angle estimations, but the secure transmission region decreases due to the increase of angle estimation errors and the decrease of the truncation number.
then the received signal at the legitimate receiver follows the distribution that, So, the mutual information can be expressed as (21) where,

APPENDIX B
For the illegitimate receiver, we divide the mutual information into two parts.The first partof the mutual information between y y y e and x x x expresses as (35), shown at the top of the next page, where, And then, the mutual information between y y y e and E E E when x x x = x x x k is shown as (36), at the top of the next page.Therefore, according to the chain rule for the mutual information, we can obtain the data rate of the illegitimate receiver as ( 22)

APPENDIX C
By means of the Jensen's inequality, the lower bound of R b is,   ) . (36) where

APPENDIX D
For the illegitimate receiver, the approximated I (x x x; y y y e ) can be expressed as, g α e 2σ 2 ) −1 where And then, the approximated I (E E E; y y y e |x x x) can be expressed as, (•) * , (•) T and (•) H represents conjugate, transpose and conjugate transpose respectively.⊗ means Kronecker product.⌊x⌋ indicates the closest integer less than or equal to x and x! indicates the factorial of a non-negative integer x.I I I M stands for the identity matrix of size M × M , F F F M stands for the M -points normalized discrete Fourier transform (DFT) matrix and F F F H M stands for the M -points inverse discrete Fourier transform (IDFT) matrix.x x x = vec(X X X ) means column-wise vectorization.circ(•) means circulant matrix and diag(•) means diagonalization.E(•) represents the expectation operator.

FIGURE 2 .
FIGURE 2. A sliding window operating on the Chaos sequence when Q = 4.

TABLE 1 .
Illustration of correspondence between the chaotic sequence sorting patterns and the bit-to-symbol mapping patterns with Q = P = 4.

1
and the remaining (MN − kg) elements are 0.Under this condition, there are F 1 ′ = C kg MN activation statuses and F 2 ′ = Q kg possible x x x realizations in total.

FIGURE 4 .
FIGURE 4. BER performance of the proposed scheme.

FIGURE 5 .
FIGURE 5. Mismatch probabilities for Alice and Bob at different truncated numbers.
, the BERs of Bob and Eve are discussed for different estimation errors and different angles of Alice-Eve link, which indicate different positions of Eve.First, we discuss the BER in the case of more accurate estimations with R = 0.4 and choose the number of truncated decimal places as 3.The BER curves of Eve with θ ′ = θ +δ are shown as dashed lines in the figure, where δ represents the deviation of θ ′ from θ.

FIGURE 6 .
FIGURE 6. BER performance of different estimation errors and angle deviations.
Considering the activation status matrix E E E, we can rewrite the received signal as,y y y b = H H H eff E E Ex x x + w w w. (29) Let r r r b = y y y b − H H H eff E E E d x x x k ,

2 − ∥w w w b ∥ 2 σ 2 )
w w w b exp(− d d d d 2 ,k 2 d,k + w w w b

F 2 k 2 =1×
E H H H eff ,w w w b exp(− d d d d 2 ,k 2 d,k + w w w b

E 1 F 1 F 2 F 1 t=1F 2 k=1EI 1 F 1 F 2 F 1 t=1F 2 k=1E 2 F 1 t 2 =1 exp(− δ δ δ t 2 t + w w w e 2 −
H H H eff exp(− d d d d 2 ,k 2 Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.I (x x x; y y y e ) = log 2 (F 2 ) − G G G eff ,w w w e log 2 (E E E; y y y e |x x x) = log 2 (F 1 ) − G G G eff ,w w w e log ∥w w w e ∥ 2 σ 2 Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.