Low-Complexity Dynamic Directional Modulation: Vulnerability and Information Leakage

In this paper, the privacy of wireless transmissions is improved through the use of an efficient technique termed dynamic directional modulation (DDM), and is subsequently assessed in terms of the measure of information leakage. Recently, a variation of DDM termed low-power dynamic directional modulation (LPDDM) has attracted significant attention as a prominent secure transmission method due to its ability to further improve the privacy of wireless communications. Roughly speaking, this modulation operates by randomly selecting the transmitting antenna from an antenna array whose radiation pattern is well known. Thereafter, the modulator adjusts the constellation phase so as to ensure that only the legitimate receiver recovers the information. To begin with, we highlight some privacy boundaries inherent to the underlying system. In addition, we propose features that the antenna array must meet in order to increase the privacy of a wireless communication system. Last, we adopt a uniform circular monopole antenna array with equiprobable transmitting antennas in order to assess the impact of DDM on the information leakage. It is shown that the bit error rate, while being a useful metric in the evaluation of wireless communication systems, does not provide the full information about the vulnerability of the underlying system.

channels (see [1]- [3] and the references therein).In contrast to the traditional approach, which addresses information security through mathematically derived encryption techniques in the upper layers of the wireless network protocol stacks, PLS or information-theoretic security is implemented at the lowest layer of the Open System Interconnect (OSI) stack, i.e., the physical layer.It exploits the unique physical features of wireless propagation channels to mitigate the amount of information obtained by unintended receivers through eavesdropping or malicious attacks [4]- [7].Owing to its promising benefits, PLS has been widely investigated in the existing literature as a potential candidate to safeguard fifth-generation (5G) and beyond wireless communications, and is intended to complement the encryption-based method.However, there are drawbacks associated with the PLS implementation, such as the significant memory consumption, which may impose strict requirements on wireless devices in the context of 5G technology [8].
A recent PLS technique referred to as directional modulation (DM) (see [9]- [12] and the references therein) has emerged as an efficient and secure transmission approach suitable for wireless communications, including millimeterwave (mmWave), unmanned aerial vehicles (UAV), satellite communication, and smart transportation [13], [14].DM has the potential to steer the intelligent base-band information in the desired direction while transmitting distorted signals in other directions.Specifically, the original information-bearing signal is only transmitted in a narrow directive beam toward the intended user.The genesis of DM stems from [9], which uses phased arrays (PA) to improve security as long as the eavesdropper is not in the same direction as the legitimate receiver.
Recent studies have revealed a high degree of complexity as a result of the combination of the antenna array and complex signal processing techniques.For instance, the authors in [15] propose a zero-forcing (ZF) technique to reduce the computational complexity of DM; although the proposed solution addresses the complexity issue, it comes at the expense of a large antenna array.The works [11], [16] propose means to miniaturize the antenna array but at the cost of hardware complexity since the system requires individual amplitude and phase control over each port and additional radio frequency (RF) chains.The authors in [17] synthesize multi-carrier directional modulation symbols for PLS through a meticulous design of a time-switching sequence and time-modulated PA.However, this approach is impractical for Internet of Things (IoT) devices or other low-cost devices, because of the high complexity deriving from the synchronization with highdegree accuracy in the switching mechanism [18].Similar to [17], the work [7] proposes a practical and simple scheme for IoT devices that provides energy efficiency and costeffectiveness through a single RF chain and an array of closely spaced antennas.It requires a switchable antenna array and a random number generator at the transmitter along with a simple receiver.Moreover, it does not introduce additional artificial noise in the direction of the legitimate receiver.
Despite the growing interest in DM-based PLS transmissions, only a limited number of metrics have been evaluated in the existing literature.In [10], the authors assess various metrics such as the error vector magnitude (EVM), bit error rate (BER), and secrecy rate (SR).The EVM is commonly adopted to quantify the system performance without executing the demodulation process and to distinguish physical sources from distortion.To summarize, EVM calculates the normalized mean of the square of the difference between the measured streams and the reference symbols in the in-phase and quadrature (IQ) space.Albeit the BER, EVM, and SR are equivalent for dynamic DM systems under the assumption of a zeromean Gaussian distributed orthogonal interference, the authors in [10] point out a discrepancy between such metrics for static DM systems.Recently, several studies have used the BER or a variation of the SR as a metric to evaluate the system performance [7], [8], [11], [19].In [8], the system performance is evaluated in terms of the average secrecy capacity (ASC), secrecy outage probability (SOP), and BER.It is worthwhile recalling the dependence of both the ASC and SOP on the SR, which is intrinsically linked to the mutual information.However, the mutual information is not an adequate security metric 1 .A closely related work to our proposed study is [7] wherein a uniform circular array of mono-pole antennas with equiprobable transmitting antennas is proposed.In that work, Narbudowicz et al. show that the privacy of a wireless communication can be achieved by randomly switching the transmitting antenna.Furthermore, the authors rely on the BER as a performance metric to evaluate the system's privacy.
Motivated by the preceding discussion, the proposed work aims at adopting other performance metrics as a means to evaluate the security of a wireless communication system in terms of vulnerability.Our stimulus is prompted in a way by the inefficacy of the BER in gauging the system vulnerability.To the best of the authors' knowledge, our work is the first that adopts a theoretical approach to information and security on the new DM scheme.The contributions of this work are as follows: • We highlight some privacy boundaries inherent to the underlying system and provide useful insights on the way an eavesdropper can intercept confidential information intended for a legitimate receiver.• We propose the design of an antenna array that minimizes the system vulnerability for an acceptable level of privacy.Moreover, we derive the fundamental limits of the system vulnerability.
• We adopt a uniform circular mono-pole antenna array with equiprobable transmitting antennas and then evaluate their impact on the measure of information leakage.• We understand how the transmission of constellations can ensure privacy in the context of data confidentiality.• We show that the system vulnerability can be significantly reduced for a large number of transmitting antennas.The rest of the paper is organized as follows.The description of the system model is provided in Section II, while the proposed vulnerability approach is elaborated in Section III.Section IV presents the theoretical limits of the proposed system and discusses the antenna-array design that minimizes the information leakage.A case study is investigated and numerical results are illustrated in Section V. Finally, Section VI provides some concluding remarks.

II. SYSTEM MODEL
The energy-efficient DM system proposed in [7] consists of a standard modulator, a phase delayer, a circular antenna array, and a random integer generator.The block diagram of the system and the phase displacement are presented in Fig. 1.The standard modulator block performs IQ modulation of the data.It is worth mentioning that phase-based modulation (for instance, M -ary phase-shift keying or quadrature amplitude modulation) represents the worst-case scenario for eavesdroppers to perform a successful attack; in brief, the security of the DM scheme is based on phase distortion, and thus modulations whose information is not somehow contained in phase are more susceptible to successfully attack.It is assumed that the phase displacement at the modulator output is null for the sake of simplicity.Let θ n (ϕ) be the phase shift generated by the radiation pattern (including the antenna's displacement) of the n-th antenna in the direction ϕ.The phase delay rotates the symbol by θ DM (ϕ Bob , n) radians, with ϕ Bob and n ∈ {1, 2, . . ., N } being the direction of the legitimate (intended) receiver and the transmitting antenna, respectively.For the proposed DM scheme, this phase shift added in the phase delay block is given by The phase delay block works as a pre-distortion phase of the transmitted signal, which allows its correct reconstruction only along the intended direction ϕ Bob .Therefore, the total phase shift at the receiver is given by where θ Ch,n is defined as the phase shift of the channel between the nth antenna and receiver, as indicated in Fig. 1.
Hereafter, we will omit the θ Ch,n dependence on the transmitting antenna n in order to simplify the notation.Note that θ Ch,n ∀n ∈ 1, 2, . . ., N are statistically identical.After substituting (1) into (2), it can be seen that the phase shift from the phase delay block and the antenna array cancel out each other in the direction ϕ = ϕ Bob , leaving the phase shift at the legitimate receiver to be caused exclusively by the channel delay.On the other hand, there is an additional  phase component that changes as a function of the direction ϕ, leading to the distortion of the transmitted signal for ϕ ̸ = ϕ Bob -with the severity of the distortion being dependent on the antenna-array design.
However, if the eavesdropper obtains information about the radiation pattern used, it can somehow compensate for the additional phase shift.The system aims to preclude this by randomly switching between different antennas in the array, i.e., it is the primary function of the random integer generator.In this way, the eavesdropper cannot squarely distinguish the phase artificially generated by the DM system from the phase modulation.Therefore, the system may provide a certain level of security for the secret information while transmitting via only one antenna at each given time; the other antennas of the array remain disconnected.Thereby, we can use a single RF chain leading to a significant hardware simplification compared to other DM schemes [7].Before the data transmission phase, most wireless systems require a handshake.Here, the transmitter and the legitimate receiver perform a handshake through a reference antenna n R , which is not used later for data transmission.Hereafter, we will assume that the antenna array is composed of N + 1 antennas in such a way that we have transmitting antenna n ∈ {1, 2, . . ., N }; in the sequel, when referring to the antenna array, we allude to the N antennas usable in the transmission phase after the handshake.

III. VULNERABILITY APPROACH
In this section, we briefly recall the concept of vulnerability as a measure of the information leakage proposed by Smith in [20] (closely related to Bayes risk).The measure of information leakage or vulnerability -which is, in a way, the opposite of uncertainty -uses Rényi's min-entropy rather than Shannon entropy.
In secure information flow analysis, the question that arises is whether a broadcast transmission could leak information about confidential data to unintended receivers.If there is indeed an information leakage, then the main concern is how to measure it.Intuitively, one can expect that "initial uncertainty = information leaked + remaining uncertainty".This claim plainly suggests Shannon's traditional mutual information as the measure.However, [20] suggests that Shannon's mutual information may be inadequate to measure information leakage.A more efficient way to measure information leakage would be based on the notion of vulnerability and min-entropy [20].We briefly revise these concepts here.
Let the triple (S, O, C) represents a discrete channel, in which S is a finite set of secret input values, O is a finite set of observable output values, and C is a |S| × |O| channel matrix, such that the element c i,j in the ith row and the jth column represents the conditional probability of obtaining the ith element of O in the output given that the input is the jth element of S. Assuming any a priori probability mass function (PMF) p S (s) on S, we have the random variable (RV) S that represents secret input values.Furthermore, taking p S (s) and C, we can define the output RV O with a PMF given by p O (o) = s p O (o|s)p S (s).
Definition 1 (Vulnerability).Suppose a potential eavesdropper A wishes to guess the value of S in one try and, in the worst-case assumption, admit that A knows p S (s) and C; therefore, the a priori vulnerability is mathematically formulated as and the a posteriori vulnerability is given by We obtain the uncertainty measure by taking the negative logarithm of vulnerability V (•), i.e., the Rényi's minentropy [20], [21].Thus, we have the following definitions.

Definition 2 (Initial Uncertainty). The initial uncertainty is given by
Definition 3 (Remaining Uncertainty).The remaining uncertainty is given by Definition 4 (Information Leakage).The information leakage is given by the difference between initial uncertainty and remaining uncertainty.In mathematical terms, we have Definition 4 reveals how vulnerable S is to one guess (in one try), given that eavesdropper A knows O. On the other hand, one can assume multiple guesses for A; hence, I ∞ (S; O) might become inadequate [22].Nevertheless, we can draw a tractable bound for at most g-guesses made by A as a factor of g.Thus, we have V g (S) ≤ gV (S) and V g (S|O) ≤ gV (S|O), with V g (S) being the vulnerability for g-guesses [22].
An optimal strategy certainly is to guess the value of S according to a decreasing order of the probabilities of S -Definition 1 assume exactly the same if only one try is allowed.Let p 1 , p 2 , . . ., p |S| be the probabilities of S such that Thus, the expected number of guesses required to guess S optimally, i.e., the guessing entropy of S, is given by Massey's guessing entropy bound in [23] establishes a lower bound on the expected number of guesses required to find S given O as a function of Shannon's conditional entropy H(S|O).It claims that the guessing entropy of S given O meets However, this expected number of guesses may be arbitrarily large even when H(S|O) -and, accordingly, Massey's lower bound -is arbitrarily small.Moreover, [20] indicates through examples that G(S) or G(S|O) can be high even when the attacker can guess S reasonably well in one try.A similar conclusion can be drawn by assuming p 1 and |S| large enough in (8).In contrast, since the conditional min-entropy it provides immediate security guarantees about the vulnerability of S given O.

IV. DESIGN
This section deals with the theoretical limits of the underlying system.In addition, we quantify the vulnerability of the proposed system and discuss optimal characteristics for the eavesdropper and array of transmitting antennas.In what follows, Section IV-A assesses the way an eavesdropper can best usurp information from the transmitted signal, while Section IV-B discusses the design of an antenna array that minimizes the information leakage.

A. Eavesdropper
Suppose eavesdropper A is in the direction ϕ E with respect to the antenna array.It follows that the phase of the local oscillator of A after the handshake is given by with E[•] denoting the expectation operator.If the channel is additive white Gaussian noise (AWGN), then we have E[θ Ch ] = 0.The phase shift of symbols received by A after the handshake (confidential data) is given by and the phase error in A can be written as Finally, the complex received symbol is given by where m represents the complex transmitted symbol with phase β, w is a complex Gaussian RV with zero mean and variance σ 2 , and i = √ −1.The eavesdropper A must maximize the information leakage I ∞ (S; O), with S being the secret symbol whose complex representation is given by m, and O is the received symbol.Note that the mapping of S into m depends on the adopted modulation.The eavesdropper's demodulation function (or demodulation map) can be defined as d : C → O, and, thus, the received symbol can be written as o = d(r).Thereby, the task of eavesdropper A is to choose a function d(•) that maximises the chance of guessing S; this can be mathematically formulated as with the equality condition being met only if R o = P so ∀o ∈ O.
Theorem 1.Let P s,n be a complex plane, such that p R,S,n (r, s, n) > p R,S,n (r, s * , n * ) ∀ r ∈ P s,n and s ̸ = s * ∨ n ̸ = n * with p R,S,n (r, s, n) being the joint PDF of the complex received symbol R, secret input values S, and transmitting antenna n.The eavesdropper A can maximize the system vulnerability by designing the demodulation function d A (r) in a such way that for all r ∈ P s,n , it is mapped to the same output o.
Proof.One can easily extend the proof of Lemma 1 by considering the secret input values with a combination of s and n as follows.Let the modulation function be c : S × {1, 2, . . .N } → C.Then, we can define the transmitting symbol M as a RV given by m = c ϕ (s, n) for direction ϕ.Furthermore, the sample space of M contains at most |S|N elements, and the PMF of M is given by p M (m) = p S (s)p n (n).Thus, we can apply Lemma 1 by considering M as the secret input.
One way to interpret Theorem 1 is as follows: the vulnerability maximization for A refers to finding the optimal decision areas (or boundaries) for a finite output alphabet.For a practical approach, the use of Theorem 1 solely requires knowledge of the joint PDF of the complex received symbol R, the secret input values S, and the transmitting antenna n.Hereafter, we will assume that the eavesdropper has precise knowledge about p R,S,n (r, s, n) in order to establish the worst-case scenario regarding vulnerability.Note that any mismatch between the prior p R,S,n (r, s, n) at A and the correct p R,S,n (r, s, n) can lead to information leakage less than or equal to that obtained with perfect prior knowledge of p R,S,n (r, s, n).
One can note that d A (•) is always a non-injective surjective function.Furthermore, for a sufficiently high signal-to-noise ratio (SNR), we have a bijective function from S and n to O; therefore, the information leakage would be maximum given that A would be able to recover precisely S.

B. Transmitting antenna array
Here, we turn turn our attention to the transmitter, and specifically the transmitting antenna array.In this subsection, we assess how the arrangement of transmitting antennas impacts the system vulnerability.Assuming a worst case-scenario (from a security viewpoint) wherein the eavesdropper is in its optimal operation, we provide some guidelines on the design of an antenna array that minimizes the information leakage.
Lemma 2. For the eavesdropper A that uses the demodulation function d A (r) according to Theorem 1, the vulnerability of the system is then given by where is the error probability and s o = arg max s∈S p O (o|s)p S (s).
Plugging ( 19) into (4), we obtain with ϵ o,so = ϵ ′ o,so p S (s o ) and s o = arg max s∈S p O (o|s)p S (s).
Lemma 2 reveals the dependency relationship between vulnerability and error probability ϵ o,s .Let us now take a closer look at this error probability, ϵ o,s , which can be expressed as In other words, the information leakage of the system tends to its maximum value insofar as the SNR increases.
Theorem 2. For equiprobable secret symbols and uniformly distributed phase θ An (that is, the antenna array in conjunction with the Random Integer Generator produces a uniform phase shift), the information leakage to an eavesdropper in the direction ϕ ̸ = ϕ Bob is given by with the set of non-repeating elements in ascending order {m 1 , m 2 , . . ., m L } being the modules of complex symbols m, {r 1 , r 2 , . . ., r are the radii of the circular decision regions of the output symbols O, r 0 = 0, [24], and Proof.Let θ An [k] be the kth sample of θ n (ϕ) over time; and assume that θ An [k] ∀k ∈ {1, 2, . . .} has a uniform distribution in the interval [−π, π], i.e, p θ An (θ An ) = 1/(2π).Since the phase error in the direction ϕ is given by ρ = θ DM (ϕ Bob , n) + θ n (ϕ E ) + θ Ch − ρ LO , the PDF of ρ can be obtained as From Lemma 1, we have the optimal decision regions' boundaries as circles.Let the radius of the decision regions be given by {r 1 , r 2 , . . ., r with r 0 = 0, r L = ∞, and l = {1, 2, . . ., L − 1}.
Then, the vulnerability expression can be written as Finally, the information leakage is given by Corollary 1.For equiprobable secret symbols and uniformly distributed phase θ An = θ DM (ϕ Bob , n)+θ n (ϕ), the information leakage in the direction ϕ ̸ = ϕ Bob is null in phase shift key modulation.
Proof.For the phase-shift keying modulation, we have L = 1 in Theorem 2. Therefore, the mutual information simplifies to Among other ways, we can understand Corollary 1 as an optimal limit for the communication security of the proposed system.Corollary 1 establishes the possibility of secure communication between the transmitter and the legitimate receiver.In other words, from the point of view of information leakage, Corollary 1 points to the condition in which the proposed system becomes impossible to decipher.Note that both an eavesdropper or legitimate receiver in the direction ϕ Bob would be able to intercept the message even though θ An follows a uniform distribution.

V. CASE STUDY
In this section, we consider a specific arrangement of antennas, in order to assess how the number of antennas and the shape of the constellation impact information leakage.
We adopt a circular antenna array, which offers a 360°field of view in the horizontal plane.If the phase centers of the antennas are evenly spread around a circle of diameter D, the phase delay can be closely approximated by [7] where λ is the wavelength.In addition, we assume that the legitimate receiver is in the direction of ϕ = π, i.e. ϕ Bob = π, quadrature phase-shift keying (QPSK) modulation, πD/λ = 1, and n are equiprobable for all the following cases.
Hereinafter, the BER will be estimated considering that the receiver has properly completed the handshake and applies a trivial demodulation method.That is, it simply demodulates the signal assuming that the modulation is the traditional QPSK.
A. Case I: N = 2 Fig. 2 depicts two constellations on the receiver.One is in the direction ϕ = 60°, see the blue circles, and the other is in the direction ϕ = 120°, see the red ×'s.Constellations have been presented with different energy configurations for the sake of better visibility.The ordered pair next to the symbols consists of the transmitted secret symbol S and the transmitting antenna n as (Sn) with S ∈ {0, 1, 2, 3} and n ∈ {1, 2}.For example, the ordered pair denoted by 12 means the secret symbol S is 1 and the transmitting antenna n is 2.These two constellations were chosen because they represent the extreme cases.In both constellations, the modulation process produces symbols m = c ϕ (s, n) identical for different values of n.However, the symbols m that are superimposed for ϕ = 60°represent distinct secret symbols S, while overlapping symbols m for ϕ = 120°represent the same secret symbol S. For instance, we have c 60°( 3, 2) = c 60°( 1, 1) and c 120°( 1, 2) = c 120°( 1, 1); therefore, it is impossible to decide whether the transmitted symbol is s = 3 or s = 1 for direction ϕ = 60°if it receives c 60°( 3, 2), whereas an eavesdropper in direction ϕ = 120°can properly recover S.This distinction can be explained as follows.An eavesdropper in the direction ϕ = 120°obtains two bits of information whenever it correctly estimates m, while another eavesdropper in the direction ϕ = 60°only gets one bit of information on average -the uncertainty about S is reduced by 1 bit (to two possibilities) for direction ϕ = 60°given reception of m.
Let us now introduce the AWGN such that the SNR equals 10 dB.This scenario is depicted in Fig. 3. Following the constellations as previously discussed, we focus on the following two cases: ϕ = 60°and ϕ = 120°.As aforementioned, there is an information leakage of approximately 2 bits and 1 bit in the direction ϕ = 120°and ϕ = 60°, respectively.However, information leakage cannot be assessed directly through the BER.In other words, the BER can somewhat conceal the potential vulnerability of the system.Note that although the information leakage for ϕ = 120°is higher, the BER for the case ϕ = 60°is lower.This counter-intuitive effect can be explained as follows: the information leakage is calculated assuming that the eavesdropper applies Theorem 1, while the BER calculation cannot incorporate the peculiar characteristics of the system.Fig. 3 also reveals the sensitivity (in the context of vulnerability) of the system with regard to several directions.As a result, we notice a high number of directions in which the vulnerability is maximum.At best, the system provides information leakage of around 1 bit.In general terms, we can say that the system with three antennas is vulnerable to attacks.Next, we consider a large value of N for the sake of completeness.

B. Case II: N = 4
Fig. 4 shows the constellation on the receiver in the direction ϕ = 10°.For this constellation, we can say that there are 4 sets of 4 symbols each, in which the symbols are very close together.For example, the ordered pairs 11, 33, 22, and 04 constitute one set.For any of the four sets, it can become almost infeasible in the presence of noise, to distinguish between the 4 symbols belonging to a set.Furthermore, each of the four symbols of a set comes from a different S.This characteristic of the constellation transfers little or almost no information to the receiver about the secret input S when operating under noise.Therefore, it is to be expected that it will lead to greater security for communication.
In order to verify the efficiency of the constellation shown in Fig. 4, we assume that the system is subject to an SNR of 10 dB.Fig. 5 depicts the BER and information leakage for this case.Note that the information leakage is low for ϕ = 10°.Again, the BER does not satisfactorily measure the system's behavior in terms of its vulnerability.As can be seen in the figure, there is no symmetry between the BER and information leakage.There is a significant reduction in the number of spikes in information leakage as N increases from 2 to 4. Furthermore, we obtain values below 1 for the information leakage with four antennas.On the other hand, in general the system is still somewhat vulnerable, as the information leakage is mostly above 1 bit, with a significant portion above 1.5 bits.The following scenario discusses the case with a higher number of antennas.Furthermore, it can be seen that the average values of the information leakage are 0.8641, 0.7733, 0.7175, and 0.6720 for N = 14, N = 24, N = 34, and N = 299, respectively.It is evident that an increase in the value of N yields a decrease in the information leakage in certain directions of ϕ.On the other hand, no significant change in BER can be observed with respect to a variation in the number of antennas.Note that although there is a substantially large jump in the number of antennas from N = 35 to N = 299, we do not obtain a significant improvement in the vulnerability of the system.

D. Case IV: AWGN dependence
We now turn our attention to the interdependence of information leakage with the AWGN as the last case study.Unlike the case studies previously presented, the number of antennas is fixed at N = 6, and the SNR varies as follows SNR = {9, 15, ∞} dB.Fig. 7 depicts the BER and information leakage for the various SNR values.The mean values of I ∞ (S; O) are 1.0712, 1.4052, and 2 for SNR = 9 dB, SNR = 15 dB, and SNR → ∞, respectively.As previously stated, we have a maximum information leakage in any direction in the absence of noise; in mathematical terms, lim σ→0 I ∞ (S; O) = H ∞ (S) and thus lim σ→0 I ∞ (S; O) = 2 bits for equiprobable symbols with QPSK, corroborating our theoretical deductions.Again, no significant change in the performance can be noticed through the BER for the evaluated SNR values; while the leakage information has a clear improvement with the decrease of the SNR.Note that the leakage information the maximum and BER tends to 1 in the direction ϕ = 260°for SNR = 15 dB.This case study highlights the interdependence between noise and the vulnerability of dynamic directional modulation (DDM).
Given the four previous cases, we propose the following statement.
Conjecture 1.The closer the values of c A (s, n) ∀s ∈ S for the same n are, the less vulnerable the wireless system becomes.Conjecture 1 can be explained, among other ways, as follows.The system's vulnerability depends on the format of the constellation generated by the DDM.In addition, constellations that coalesce symbols from the same secret input S are more vulnerable.Therefore, two design guidelines can be established: (i) given an antenna array, security can be increased in a specific direction by selecting for transmission only those antennas that meet Conjecture 1; (ii) the antenna array design should be based on Conjecture 1.

VI. CONCLUSION
This paper has assessed the vulnerability of DDM by evaluating of the information leakage measure, and has also addressed the fundamental limits of the information leakage.Despite its usefulness as a performance metric for the evaluation of a wireless communication system, the proposed study has revealed the inefficiency of the BER as a security measure as it can potentially hide the system vulnerability.Moreover, it is shown that an eavesdropper is able to remove the maximum amount of information from the transmitted signal in some directions by meeting Theorem 1 or Theorem 2. With this (optimized) eavesdropping model, several proposed guidelines on the design of the antenna array that minimizes the information leakage, are presented.Sufficient conditions for a null information leakage in direction ϕ ̸ = ϕ Bob are presented 1.Although the proposed work provides some useful insights, it assumes an ideal eavesdropping model wherein the eavesdropper has perfect knowledge of the channel statistics, which is impractical in realistic models.One could investigate the impact of imperfect channel estimation on the eavesdropper's performance as a possible future extension of the work presented here.

Fig. 1 .
Fig. 1.Block diagram of the energy efficient DM system.

Fig. 6
Fig.6depicts the BER and information leakage versus the direction ϕ for different values of N at an SNR of 10 dB.Furthermore, it can be seen that the average values of the information leakage are 0.8641, 0.7733, 0.7175, and 0.6720 for N = 14, N = 24, N = 34, and N = 299, respectively.It is evident that an increase in the value of N yields a decrease in the information leakage in certain directions of ϕ.On the other hand, no significant change in BER can be observed with respect to a variation in the number of antennas.Note that although there is a substantially large jump in the number of antennas from N = 35 to N = 299, we do not obtain a significant improvement in the vulnerability of the system.
where the constraint |S| ≤ |O| ≤ |S|N is explained as follows.In fact, the totality of symbols sent through the channel by the transmitter is less than or equal to |S|N ; therefore, a set of output symbols O * with |O * | > |S|N has spare elements.|S|≤|O| can be trivially understood, as the output set cannot be smaller than the input set without loss of information in this particular context.As will become clear throughout the remainder of the paper, we commonly have |O| = |S|N .Let the complex plane R be the sample space of R, and assume that d(r) = o ∀r ∈ R o such that R o ⊂ R and R o ∩ R i = ∅ ∀i ̸ = o.Given the characteristics of d(r), we can then write p O (o|s) = Lemma 1. Assume that p R,S (r, s) is the joint probability density function (PDF) of the complex received symbol R and secret input values S. Let P s be a complex plane, such that p R,S (r, s) > p R,S (r, s * ) ∀ r ∈ P s and s ̸ = s * .Then, V (S|O) is maximized if and only if d(r) maps all r ∈ P s to the same observable output value o.Proof.p R,S (r, s o )dr + Ro−Ps o p R,S (r, s o )dr ≤ a∈S Ro∩Pa p R,S (r, a)dr = Ro max s∈S p R (r|s)p S (s)dr.And it follows that o∈O max s∈S (p O (o|s)p S (s)) ≤ R max s∈S p R (r|s)p S (s)dr (17)