Security Gap Improvement of BICM Systems Through Bit-Labeling Optimization for the Gaussian Wiretap Channel

In this paper, we investigate the impact of a bit-labeling scheme on security performance of bit-interleaved coded modulation (BICM) systems for the Gaussian wiretap channel, where the concept of security gap plays an important role. To exemplify this, we present optimization algorithms of bit-labeling, where a difference of the achievable information rates (AIRs) for the legitimate receiver and the eavesdropper is maximized. Our results demonstrate that the conventional Gray labeling may not be necessarily optimal in terms of security gap, and the proposed bit-labeling can significantly improve its performance at the cost of degradation in the achievable bit-error rate (BER) performance by the legitimate receiver. We also demonstrate that, for high order quadrature amplitude modulation (QAM), such as 64QAM, the dimension-wise optimization of bit-labeling may be sufficient to achieve similar security gap performance to the direct two-dimensional optimization. The proposed bit-labeling optimization approach can be combined with the state-of-the-art coding schemes to further reduce a security gap.


I. INTRODUCTION
Physical layer security has been attracting attention as a means to secure information transmission by exploiting physical properties of communication channels [1]- [6]. The wiretap channel, introduced in [7], is a well-known communication model where messages transmitted by Alice are received by a legitimate receiver Bob and also an eavesdropper Eve. From an information theoretic viewpoint, a widely used performance metric for the wiretap channel model is a secrecy capacity, which is defined as a highest transmission rate at which Alice can reliably transmit messages to Bob, whereas Eve can retrieve no information about the messages. Although the secrecy capacity is an important performance metric for system design, the achievability of the secrecy capacity generally relies on the ideal assumptions such as Gaussian signaling as well as capacity-achieving channel codes of infinite length, e.g., [8], [9], which do not hold in practice.
Another important and more practical metric is a security gap [10] achieved when actual coding and modulation schemes are employed [11]. The security gap is defined as a minimal required signal-to-noise ratio (SNR) gap between Bob's and Eve's channels to satisfy desired reliability and security levels typically in terms of a given target bit error rate (BER). It is therefore important to minimize the security gap such that the target reliability and security levels are achieved even with a slight degradation of Eve's channel with respect to Bob's channel.
For minimizing the security gap, code design for the additive white Gaussian noise (AWGN) wiretap channel has been extensively studied in [10], [12]- [23]. It has been demonstrated that these state-of-the-art coding schemes achieve significant reduction of the security gap. However, most of the existing works focus only on binary phase shift keying (BPSK). On the other hand, in [24], [25], security gap performance of high-dimensional modulation formats with setpartition (SP) labeling has been investigated for multilevel coding (MLC). Furthermore, deep learning-based wiretap code design approaches have been recently studied in [19]- [21], [23], [26]- [30], which could be naturally extended to high order modulations. However, one of the major shortcomings of these approaches is a limited scalability of the code. To be specific, learning high-dimensional codes is computationally challenging, and thus only codes with low dimension (typically, less than 100) have been investigated.
We consider practical communication based on bitinterleaved coded modulation (BICM) employing quadrature amplitude modulation (QAM) as it is the simplest approach, while there exist some variations, such as delayed BICM [31] and BICM with iterative decoding (BICM-ID) [32]. When high-order modulations such as QAM are employed, its performance depends not only on a coding scheme, but also on a bit-labeling scheme. Hence, optimization of bitlabeling plays an important role for BICM. In particular, Gray labeling is conventionally adopted for BICM systems due to its good error rate performance. However, as we demonstrate in this paper, the use of Gray labeling will result in unsatisfactory security gap performance. This fact motivates us to explore a good bit-labeling scheme for BICM from the security gap perspective, which is generally unknown.
In this paper, we propose a practical approach for enhancing physical layer security via bit-labeling design. In order to demonstrate the impact of a bit-labeling scheme on the resulting security performance, we perform optimization by either exhaustive or heuristic search, where the latter is based on the binary switching algorithm (BSA) [33]. Our objective of optimization is to maximize a secrecy rate, which is defined as a difference between the achievable information rates (AIRs) of the legitimate receiver and the eavesdropper. We demonstrate by simulations that the optimized labeling significantly improves the security gap performance of the conventional Gray labeling. We also demonstrate that independent design of bit-labeling for real and imaginary parts can achieve almost the same security gap performance as that achieved by the equivalent two-dimensional QAM through joint optimization. Furthermore, the proposed approach is compatible with the scrambling scheme [12], [13], which further improves the security gap performance.
We note that the work in [34] also considers physical layer security of BICM with high order QAM, where nonequispaced QAM constellation is proposed. It has been demonstrated that such a constellation can adapt an operating SNR range, while keeping security gap performance unchanged. On the other hand, unlike the scheme proposed in [34], our primary objective is to improve security gap performance by optimizing bit-labeling for QAM.
In summary, the contributions of this paper are summa- rized as follows: • We propose a new approach to reduce a security gap by bit-labeling optimization. We also present an optimization algorithm that attempts to maximize a secrecy rate. • We demonstrate by simulations that the optimized bitlabeling can significantly improve security gap performance of Gray labeling. • We further investigate the impact of the dimension of a bit-labeling scheme on its security performance, where we demonstrate that one-dimensional optimization may be sufficient to achieve similar security gap to twodimensional optimization for high order QAM. The remainder of this paper is organized as follows. Section II introduces the wiretap channel model and the definition of a security gap as a performance metric. The optimization procedure of bit-labeling is described in Section III, where a secrecy rate is introduced as our cost function. Furthermore, we present an optimization procedure based on exhaustive search and BSA that designs a bit-labeling scheme for a target rate and address its complexity. We numerically evaluate performances of the proposed scheme in Section IV, where superior performance of the proposed bit-labeling scheme is demonstrated compared to Gray labeling in terms of a security gap. Finally, concluding remarks are given in Section V.

II. SYSTEM MODEL AND SECURITY GAP
In this section, we introduce the Gaussian wiretap channel model with BICM, and a security gap as our primary performance metric. Figure 1 illustrates the Gaussian wiretap channel, where Alice transmits messages to Bob, while the messages are also received by Eve. We consider BICM systems, where a binary forward error correction (FEC) code is serially concatenated with a symbol mapper in conjunction with a bit-wise interleaver in the middle.

A. THE GAUSSIAN WIRETAP CHANNEL WITH BICM
Let X ∈ C denote a set of M (=2 m )-ary QAM constellation points. After FEC encoding, a symbol mapper maps an m-bit sequence b = (b 0 , . . . , b m−1 ) ∈ F m 2 onto X = ϕ(b) ∈ X , where ϕ(·) : F m 2 → X is a symbol mapping function. Let σ 2 B and σ 2 E denote the variances of the AWGN observed at Bob's and Eve's channels, respectively. Then the received symbols at Bob and Eve are expressed as Y B = X + Z B and Y E = X + Z E , respectively, where Z B and Z E follow the zero-mean complex Gaussian distribution of variances σ 2 B and σ 2 E , i.e., Z B ∼ CN (0, σ 2 B ) and Z E ∼ CN (0, σ 2 E ). Assuming that a transmit symbol power is normalized to one, the SNRs of Bob's and Eve's channels are given as SNR B = 1/σ 2 B and SNR E = 1/σ 2 E , respectively. We assume that Eve's channel is degraded with respect to Bob's channel, i.e., SNR B > SNR E , and denote their gap in dB as At the receiver side, the symbol demapper computes the log likelihood ratio (LLR) for soft-decision FEC decoding. The LLR corresponding to the kth modulator input bit B k , denoted by ℓ(B k ), is calculated as [35] where P X (x) = 1/M for ∀x ∈ X , and X B k denotes a set of constellation points whose kth bit label is B ∈ {0, 1}. For the AWGN channel with complex noise variance σ 2 , the channel transfer function is given as [36]

B. SECURITY GAP
The security gap [10] is a practically important performance metric, which is defined as the ratio of the qualities observed at Bob's and Eve's channels to satisfy desired levels of security and reliability. More specifically, let P e,B and P e,E denote the average BER for Bob's and Eve's channels. We wish P e,B to be less than the acceptable BER threshold at Bob, P max e,B , for satisfying a reliability, whereas P e,E to be higher than the acceptable BER threshold at Eve, P min e,E , in order to confuse Eve's observation. Typical values for these parameters would be P max e,B ≤ 10 −4 and P min e,E ≫ 10 −1 . Let SNR min B and SNR max E denote the lowest and highest SNRs in dB for which the conditions P e,B ≤ P max e,B and P e,E ≥ P min e,E hold, respectively. Then the security gap is defined as follows: Definition 1. For given reliability and security levels in terms of BER, i.e., P max e,B and P min e,E , the security gap is defined in dB as We wish to make the security gap as small as possible such that the target security and reliability conditions are satisfied even with a small degradation of Eve's channel with respect to Bob's channel. Intuitively, it is apparent that a small security gap is achieved by a steep slope in an error rate curve.

III. OPTIMIZATION OF BIT-LABELING
In this section, we introduce our objective function for bitlabeling optimization. We then describe search algorithms based on exhaustive search and BSA. We further present an optimization procedure to design a bit-labeling scheme for a target spectral efficiency. Finally, the complexity of the search algorithms is briefly discussed.

A. THE OBJECTIVE FUNCTION BASED ON THE AIR
Our primary objective is to minimize the security gap (4). However, its direct minimization is challenging as it requires computationally-intensive BER calculation based on Monte-Carlo simulations. Furthermore, the security gap depends on a specific FEC code that we employ. Therefore, we consider more general performance metric based on the AIR. Specifically, we consider maximizing the secrecy rate, which is defined as the difference of the AIRs between Bob's and Eve's channels. For BICM with soft-decision FEC decoding, the AIR is given by the generalized mutual information (GMI). Assuming uniform distribution of QAM symbols, sufficiently large random interleaving between the FEC and the symbol mapper (such that each element of b can be regarded as independent), and maximum likelihood (ML) detection based on (2), the GMI is approximated for a given SNR as [37] R GMI (SNR, ϕ) where N s is a modulation symbol length, and b k,l and ℓ(b k,l ) with l ∈ {0, 1, . . . , N s − 1} denote the kth bit of the lth symbol and the corresponding LLR value, respectively. Note that the GMI is a function of a symbol mapping function ϕ(·) (see Section II-A) and thus we explicitly indicate this dependence in (5). We then define the secrecy rate as which should be maximized. Formally, the problem is to find the mapping function Here, the design parameters are the SNRs of Bob's and Eve's channels, i.e., SNR B and SNR E . We note that the optimization based on the secrecy rate is related to minimization of the security gap. More specifically, when the SNR gap between Bob's and Eve's channels ∆ s is small, the secrecy rate will be similar to the gradient of the AIR curve at SNR B . Therefore, maximizing the secrecy rate will result in a steep slope of the AIR curve at around SNR B , which will also make the slope of the BER curve steep. Since a smaller security gap is achieved by a steeper slope of a BER curve, we expect that the maximization of secrecy rate will lead to a small secrecy gap.

B. SEARCH ALGORITHMS
In what follows, we introduce two search algorithms based on exhaustive search and BSA. VOLUME 4, 2016 The mapping function ϕ ⋆ and its secrecy rate R ⋆ s

1) Exhaustive Search
The straightforward approach is to search over all possible bit-labeling patterns, i.e., M ! patterns for M -ary QAM and find the one with the highest score. This approach is feasible when M is small, e.g., equal to or less than 8 for QAM (8! = 40320). However, if we put a constraint on bit-labeling such that the real and imaginary parts are identical, the number of possible patterns reduces to √ M !. For example, while the direct optimization for 16QAM is intractable, the exhaustive search over all possible bit-labeling patterns is feasible for 4PAM for which there is only 24 patterns.

2) BSA-Based Search
As mentioned above, the exhaustive search can be prohibitively complex as modulation order increases. To circumvent this complexity issue, we consider a low-complexity approach based on BSA when M is large. BSA is a greedy algorithm that switches a pair of bit-labels if the switch improves a cost function, while testing all possible switching patterns. Since the BSA attempts to find a local optimum, a number of executions with random initializations are usually performed. Even though BSA does not guarantee a convergence to the global optimum, it provides a suboptimal but practical solution. Note that BSA does not assume any structure of cost functions such as convexity. Also, while we focus only on QAM in this work, the BSA is applicable to any modulation format.
We summarize the exhaustive and BSA-based search algorithms that attempt to find ϕ ⋆ in Algorithm 1 and Algorithm 2, respectively. Besides Bob's and Eve's SNRs, the BSA-based search takes the number of the initialized BSA executions N init as a parameter to cope with local maxima.

C. DESIGN PROCEDURES
In general, the resulting AIR value for Bob's channel R GMI (SNR B ) after optimization is unpredictable. However, the proposed BICM system should operate at a rate around R GMI (SNR B ) as it is optimized at this operating point. On the other hand, we may have a target operation rate for Bob in practice, say R target bits per symbol, at which we wish to optimize a bit-labeling.
To this end, we consider the design procedure in Algorithm 3 that optimizes bit-labeling for a given target rate R target . The algorithm repeats the exhaustive search or the BSA-based search until the gap between the target and actual Algorithm 2 BSA(SNR B , SNR E , N init ).
Generate random mapping ϕ, and set R ⋆ s ← 0 for i = 1 to M do for j = 1 to M , j ̸ = i do Try swapping the ith and the jth labels of end if end for return The mapping function ϕ ⋆⋆ and its secrecy rate R ⋆⋆ s Algorithm 3 The optimization procedure.
rates, i.e., |R GMI (SNR B ) − R target |, becomes smaller than a parameter ϵ while adjusting SNR B in steps of δ. In addition to R target and N init , the algorithm takes the four parameters, SNR init , ∆ s , ϵ, and δ, as its input. The initial SNR for Bob's channel SNR init can be set as the SNR value where the AIR of the Gray labeling reaches R target .

D. COMPLEXITY OF THE SEARCH ALGORITHM
We now give a brief estimate on the complexity of the presented offline optimization of a bit-labeling scheme. The complexity of our optimization algorithm is dominated by the calculation of the cost function, and thus the calculation of the AIR (6). This calculation is based on the LLR (2) which requires summations of 2 m values per bit and thus the required number of summations is m2 m per 2 m (= M )-ary QAM symbol. Since the calculation of the secrecy rate (6) involves two AIR values for Bob' and Eve's channels, this doubles the required complexity. For the exhaustive seach in Section III-B1, the total number of tested bit-labelings is M ! for M -ary QAM. Therefore, the complexity will be O(2M !M ) per codeword bit for M -ary QAM. On the other hand, for BSA-based algorithm in Section III-B2, since the BSA is repeated for N init times where the number of tested swapping patterns is M (M − 1) in each BSA, the complexity of BSA for a given pair of SNR B and SNR E will be O(2N init M 3 ) per codeword bit.
We note that the calculation of the cost function based on the AIR requires much less complexity than the direct calculation of security gap since the latter approach involves softdecision FEC decoding. The complexity of FEC decoding highly depends on a specific code, and evaluation of BER in general can be computationally demanding especially for a large code length.

IV. SIMULATION RESULTS
In this section, we evaluate the optimized bit-labeling in terms of security gap and BER performances, in comparison with the conventional Gray labeling, which is optimal if only Bob's channel is of concern. For our FEC, we employ non-systematic polar codes [38] of length 1024 bits and the construction in [39] as an example. We emphasize that any coding scheme is applicable to the proposed BICM, e.g., the ones proposed in [14]- [18]. For decoding of polar codes, cyclic redundancy check (CRC)-aided successive cancellation list (SCL) decoding [40] is employed. We set the list size as 16 and use 8-bit CRC in all cases. The interleaver prior to the symbol mapper is assumed to be a random interleaver. We set the optimization parameters in Algorithm 3 as ϵ = 0.1 and δ = 0.2. Also, the cost function (5) is calculated based on the approximation over 10000 QAM symbols, i.e., N s = 10000.
In what follows, we investigate performances with 16QAM and 64QAM (equivalently, 4PAM and 8PAM, respectively, when real and imaginary parts are designed independently). For error rate evaluations, we employ rate-1/2 and -2/3 polar codes for 16QAM and 64QAM, respectively, such that the resulting spectral efficiencies are 2 bits and 4 bits per symbol. We first consider the one-dimensional (PAM-wise) optimization of bit-labeling (labeled as "PAM Opt.") for evaluating the performance of the proposed scheme in terms of trade-offs between security and Bob's error rate. In this case, we perform the exhaustive search as described in Section III-B1. Finally, we compare security gap performances with the one-dimensional and the direct twodimensional optimizations of bit-labeling (labeled as "QAM Opt."). For the two-dimensional optimization, we perform the BSA-based search in Section III-B2 since the exhaustive search is no longer feasible.
Generally, systematic transmission of information bits can degrade security performance as the secret information is directly exposed. To avoid this, several code-based approaches have been proposed for reducing a security gap such as puncturing [10] and scrambling [12], [13] of the information bits. In [12], [13], it has been shown that scrambling can achieve better performance than the puncturing approach [10] in terms of the trade-off between security gap and SNR loss. Since the proposed bit-labeling scheme is consistent with any coding scheme, performances with linear scram-  bling are also evaluated in this section. Although security performance of scrambling depends on the weight of scrambling matrix, we assume that the weight is sufficiently large for the scrambler length. Specifically, we will investigate the ideal performances with the perfect scrambling, where even one residual error at the input of descrambler is assumed to produce maximum uncertainty, i.e., a BER of 0.5 [13].

A. EFFECT OF AN OPTIMIZATION PARAMETER
We first assess the impact of the optimization parameter ∆ s (the SNR gap between Bob and Eve) on the resulting security gap performance. In Fig. 2, we plot the security gap η of (4) for P max e,B = 10 −5 without explicit constraint on the minimum acceptable BER threshold at Eve, P min e,E , achieved by bit-labeling schemes optimized for 8PAM with different values of ∆ s . We thus plot the minimum acceptable BER threshold at Eve P min e,E with respect to the security gap η for a fixed SNR min B , which is determined by P max e,B = 10 −5 . From this figure, we found that the choice of ∆ s may not have a significant impact on the resulting security gap performance. However, the secrecy rate (6) will be sensitive to the error of the AIR approximation (5) if ∆ s is too small, since the secrecy rate itself will be small. Therefore, we choose ∆ s = 0.5 in the subsequent simulations. Fig. 3 (a) and (b) show examples of the bit-labeling optimized based on the exhaustive search for 4PAM and 16PAM (equivalently, 16QAM and 64QAM) with target spectral efficiencies of 2 bits and 4 bits per complex symbol, respectively. As observed from Fig. 3, the optimized bit-labelings are far from the Gray labeling for all the cases. In fact, we see that many adjacent symbols differ in more than one bit. This property of the optimized labeling will be useful in confusing Eve since even a single symbol error can produce multiple bit errors in the low SNR region. We will confirm this fact from security gap performance in the sequel.  and 64QAM, respectively. It is observed from Fig. 4 that the conventional Gray labeling significantly degrades the security gap performance with respect to the optimized bitlabeling. Security gap performances of both Gray and optimized labelings can be enhanced by combining with the scrambling scheme [13]. However, the proposed bit-labeling scheme with scrambling achieves the best (minimal) security gap in all BER regions for both 16QAM and 64QAM. We also find that, for 64QAM, scrambling improves the security gap of the proposed bit-labeling only at a high BER of Eve's channel, e.g., P e,E ≥ 0.4. Therefore, for high order modulation such as 64QAM, the scrambling is effective for the proposed bit-labeling only when a very high BER is required at Eve, i.e., P min e,E ≈ 0.5. We summarize security gaps of the compared schemes in Table 1 for the two specific cases of P min e,E = 0.4 and P min e,E = 0.49. It is observed that the proposed bit-labeling with scrambling achieves the minimal security gap in all cases. Also, the optimized bit-labeling without scrambeling can achieve comparable or even superior performance to the conventional Gray labeling with scrambling, especially for a relatively low value of P min e,E , i.e., P min e,E = 0.4. On the other hand, as observed in Fig. 5, the performance gains of the proposed bit-labeling in terms of the security gap are achieved at the cost of degradation of BER performance.
In Fig. 6, we investigate the fundamental trade-offs between the SNR loss and the security gap reduction with respect to Gray labeling (without scrambling), where the SNR loss is measured at a BER of 10 −5 . We observe from this figure that the proposed scheme achieves much higher gains in terms of security gap reduction than SNR losses, especially for higher P min e,E and higher order modulation. Although scrambling may achieve better trade-off than the proposed scheme, we note that the complexity and latency of scrambler, and its inverse operation [13] can be high, especially for long length, as it is implemented by matrix  multiplication. On the other hand, the proposed approach that does not rely on scrambling would not affect complexity as well as latency in principle. Therefore, the proposed scheme would be more suited for applications where a security is of primary concern but the acceptable latency and computations are limited. Also, our scheme could be combined with scrambling for further enhancing its security performance.

C. THE IMPACT OF OPTIMIZATION DIMENSION
Here, we investigate the impact of the dimension of the optimized bit-labeling. More specifically, we compare the security gap performances with optimized bit-labelings for onedimensional PAM and two-dimensional QAM. We present the optimized bit-labelings based on the BSA-based search described in Section III-B2 for 16QAM and 64QAM in Fig. 7 where we set N init = 100, and the corresponding security gap performances in Fig. 8. In this setting, from the discussion of Section III-D, the search complexities, i.e., the search space, of the two-dimensional BSA-based optimizations for  16QAM and 64QAM are approximately 1000 and 10 times higher than those of the one-dimensional optimizations based on the exhaustive search, respectively. From Fig. 8, it is observed that in the case of 16QAM, the one-dimensional optimization results in inferior security gap performance to the two-dimensional optimization. This is due to its lower degree of freedom for optimization. Specifically, for 4PAM optimization, the number of possible bit-labelings is only 4! = 24. On the other hand, for 64QAM, we see from Fig. 8b that the one-dimensional optimization may be sufficient to achieve similar security gap to the two-dimensional optimization. : Security gap reduction and SNR loss measured at a BER of 10 −5 with respect to Gray labeling without scrambling. Note that Gray labeling always comes at the origin.

D. EFFECT OF N INIT IN BSA
Finally, we explore the impact of the number of random initializations N init in BSA on the resulting security gap performance. In Fig. 9, we illustrate the security gap performances of the two bit-labeling schemes for 64QAM optimized using BSA with two different N init values, i.e., N init = 10 and N init = 100. Note that for N init = 10 and 64QAM, the search complexities of the BSA-based two-dimensional optimization and the one-dimensional exhaustive search are similar VOLUME 4, 2016  from the discussion in Section III-D. We observe from this figure that N init = 10 may be sufficient to achieve similar security gap performance to N init = 100. Although the result of BSA is probabilistic due to the random initialization, this may suggest that increasing N init beyond 100 would not significantly improve the security gap performance. Also, this result would suggest that there exist many bit-labeling patterns that result in similar security gap performance.

V. CONCLUSION
In this paper, we have proposed a new approach to enhancing physical layer security via bit-labeling design for BICM systems. To this end, we performed optimization of bit-labeling based on the exhaustive and the BSA-based searches, where a secrecy rate is adopted as a cost function to be maximized. Simulation results demonstrated that the optimized bit-labeling significantly improves the security gap of the conventional Gray labeling. We also demonstrated that the one-dimensional PAM-wise optimization of bit-labeling may be sufficient for achieving security gap performance similar to the direct two-dimensional optimization for high order QAM, such as 64QAM. Finally, our optimization approach does not assume any specific channel code and modulation format, and thus it is applicable to general BICM systems. Also, while we demonstrated performance gains of the proposed scheme over the conventional Gray labeling and the scrambling scheme in terms of security gap based on simulations, its theoretical justification would be an important future work.