On Secrecy Capacity Scaling in Wireless Networks

On Secrecy Capacty Scalng n Wreless Networks O. Ozan Koyluoglu, Student Member, IEEE, C. Emre Koksal, Member, IEEE, and esham El Gamal, Fellow, IEEE arxv:0908.0898v [cs.it] 0 Apr 00 Abstract Ths work studes the achevable secure rate per source-destnaton par n wreless networks. Frst, a path loss model s consdered, where the legtmate and eavesdropper nodes are assumed to be placed accordng to Posson pont processes wth ntenstes λ and λ e, respectvely. It s shown that, as long as λ e/λ = o ( ( ) (logn) ), almost all of the nodes acheve a perfectly secure rate of Ω n for the extended and dense network models. Therefore, under these assumptons, securng the network does not ental a loss n the per-node throughput. The achevablty argument s based on a novel mult-hop forwardng scheme where randomzaton s added n every hop to ensure maxmal ambguty at the eavesdropper(s). Secondly, an ergodc fadng model wth n source-destnaton pars and n e eavesdroppers s consdered. Employng the ergodc nterference algnment scheme wth an approprate secrecy pre-codng, each user s shown to acheve a constant postve secret rate for suffcently large n. Remarkably, the scheme does not requre eavesdropper CSI (only the statstcal knowledge s assumed) and the secure throughput per node ncreases as we add more legtmate users to the network n ths settng. Fnally, the effect of eavesdropper colluson on the performance of the proposed schemes s characterzed. A. Background I. INTRODUCTION In ther semnal work [] Gupta and Kumar have shown that the randomly located nodes can acheve at most a rate that scales lke n, as the number of nodes n, under an nterference-lmted channel model. owever, the proposed mult-hop scheme of [] only acheves a scalng of nlogn per node. Ths gap was recently closed n [], where the authors proposed a hghway based mult-hop forwardng protocol that acheves n rate per source-destnaton par n random networks. In ths approach, a set of connected hghways, whch span the network both horzontally and vertcally, are constructed. Then, each source-destnaton par communcates va a tme-dvson strategy, where the source frst transmts ts message to the closest horzontal hghway. Then, the message s transported n mult-hop fashon to the approprate vertcal hghway, whch carres the message as close to the destnaton as possble. Fnally, the message s delvered to the destnaton node from the vertcal hghway. The exstence of hghways, whch satsfy certan desrable propertes, s establshed by borrowng tools from percolaton theory. Contrary to ths mult-hop approach, a sngle-hop scheme called as ergodc nterference algnment [3] (see also [4], [5]) s recently employed n [6] and, wth arbtrary node placement and arbtrary traffc pattern, the uncast and multcast capacty regons of dense networks are characterzed (up to a factor of log n) under the Gaussan fadng channel model. These lne of works assumed an nterference-lmted channel model, where the nterference s consdered as nose (the focus of ths work as well). Contrary to ths model, [7] consdered Gaussan fadng channel model and proposed herarchcal cooperaton schemes that can ncrease the per-node rate. Ths approach s further mproved n the follow-up works (see, e.g., [8], [9], and references theren). The broadcast nature of the wreless communcaton makes t susceptble to eavesdroppng. Ths motvates consderng secrecy as a qualty of servce (QoS) constrant that must be accounted for n the network desgn. State of the art cryptographc approaches can be broadly classfed nto publc-key and prvate-key protocols. Publc-key cryptography assumes that the eavesdropper(s) has lmted computatonal power, whereas the decrypton requres a sgnfcant complexty wthout the knowledge of the key [0]. Prvate-key approaches, on the other hand, assume that a random key s shared n prvate between the legtmate transmtter and recever. Ths key s used to secure the transmtted nformaton from potental eavesdropper(s). One of the earlest examples of prvate-key cryptography s the Vernam s one tme pad scheme [], where the transmtter sends the XOR of the message bts and key bts. The legtmate recever can decode the messages by XORng the shared key wth the receved sequence. In [], Shannon showed that ths scheme acheves perfect secrecy f and only f the two nodes share a key of the same length as the message. The scalng laws of wreless networks under the assumpton of pre-dstrbuted prvate keys was studed n [3]. owever, t s mportant to note that, the key agreement step of the cryptographc protocols s arguably the most challengng part and ths step becomes even more dauntng as the network sze grows. Our work avods the aforementoned lmtatons by adoptng an nformaton theoretc framework for secrecy n wreless networks. In partcular, we Ths work s submtted to the IEEE Transactons on Informaton Theory. The authors are wth the Department of Electrcal and Computer Engneerng, The Oho State Unversty, Columbus, O 430, USA. Emal: {koyluogo, koksal, helgamal}@ece.osu.edu. Ths work s partally supported by Los Alamos Natonal Labs (LANL) and by Natonal Scence Foundaton (NSF).

assume the presence of eavesdropper(s) wth nfnte computatonal power and characterze the scalng laws of the network secrecy capacty whle relaxng the dealstc assumpton of pre-dstrbuted keys. The noton of nformaton theoretc secrecy was ntroduced by Shannon to study secure communcaton over pont-to-pont noseless channels []. Ths lne of work was later extended by Wyner [4] to nosy channels. Wyner s degraded wretap channel assumes that the eavesdropper channel s a degraded verson of the one seen by the legtmate recever. Under ths assumpton, Wyner showed that the advantage of the man channel over that of the eavesdropper, n terms the lower nose level, can be exploted to transmt secret bts usng random bnnng codes. Ths keyless secrecy result was then extended to a more general (broadcast) model n [5] and to the Gaussan settng n [6]. Recently, there has been a renewed nterest n wreless physcal layer securty (see, e.g., Specal Issue on Informaton Theoretc Securty, IEEE Trans. Inf. Theory, June 008 and references theren). The secrecy n stochastc networks s studed n [7], where t s shown that even a small densty of eavesdroppers has a drastc mpact on the connectvty of the secrecy graph. Connectvty n stochastc networks wth secrecy constrants s also studed n [8], [9], where the node degree dstrbuton s analyzed. owever, accordng to the best of our knowledge, nformaton theoretcal analyss of secrecy capacty scalng n large wreless networks has not been studed n the lterature before. B. Contrbutons Ths paper consders wreless networks wth secrecy constrants. We study two dfferent channel models: ) Statc path loss model, and ) ergodc fadng model. For the frst model, we consder a stochastc node placement on a square regon, where the legtmate nodes and eavesdroppers are dstrbuted accordng to Posson pont processes wth ntensty λ and λ e, respectvely. (For extended networks, the area of the regon s n and λ = ; and, for dense networks, area of the regon s and λ = n.) The path loss s modeled wth a power loss exponent of α >. Ths model suts for the scenaros where the channel gans are mostly determned by path losses. In the second model, n source-destnaton pars and n e eavesdroppers are consdered, where the gan of each lnk s assumed to follow some fadng process. (The assumptons on the fadng processes wll be clear n the next secton. ere, we note that our model ncludes a large set of fadng dstrbutons.) Arguably, ths model suts for (dense) networks n whch the nter node dstances have a neglgble effect on the channel gans compared to that of the underlyng fadng processes. The results of ths work can be summarzed as follows. ) For the path loss model, we construct a hghway backbone smlar to []. owever, n addton to the nterference constrant consdered n [], our backbone constructon and mult-hop forwardng strategy are desgned to ensure secrecy. More specfcally, an edge can be used n the hghway f and only f there s a legtmate node wthn the correspondng square of the edge and f there s no eavesdropper wthn a certan secrecy zone around the node. We show that the network stll percolates n ths dependent edge model, and many hghway paths can be constructed. ere, n addton to the careful choce of the secrecy zone, our novel mult-hop strategy, whch enforces the usage of an ndependent randomzaton at each hop, allows the legtmate nodes to create an advantage over the eavesdroppers, whch s, then, exploted to transmt secure bts over the hghways. Ths way, we show that, as long as λ e /λ = o ( ( ) (logn) ), almost all source-destnaton pars acheve a secure rate of Ω n wth hgh probablty, mplyng that the secrecy constrant does not ental a loss n the per-node throughput (n terms of the scalng). (Note that λ = for extended networks and λ = n for dense networks.) In these scenaros, the proposed scheme, whch uses ndependent randomzaton at the transmtter of each hop, s the crucal step to obtan the results. ) For the ergodc fadng model, employng the ergodc nterference algnment scheme ([3], [4], [5]) wth an approprate secrecy pre-codng we show that each user can acheve secrecy. ere, the secrecy rate per user s shown to be postve for most of the relevant fadng dstrbutons. In partcular, n the hgh SNR regme, the proposed scheme allows each user to acheve a secure degrees of freedom of η = [ n ]+ even wth the absence of eavesdropper CSI. We observe that, per node performance of users ncrease as we add more legtmate users n the network for ths scenaro compared to the result obtaned for the path loss model. 3) Fnally, we focus on the eavesdropper colluson, where the eavesdroppers are assumed to share ther observatons freely. For the extended networks wth the path loss model, the same scalng result s shown to hold for the colludng eavesdropper scenaro when λ e = O ( (logn) (+p)) for any p > 0. For the ergodc fadng model, extensons to many eavesdropper colluson scenaros are dscussed. In the extreme case, where all the eavesdroppers collude, t s shown that the proposed scheme allows each user to acheve a secure degrees of freedom of η = [ ne n ]+. We note that, for the path loss model under the stated assumptons, the eavesdropper colluson does not affect the performance of our mult-hop scheme (n terms of scalng). On the contrary, for the ergodc fadng model, the eavesdropper colluson has a clear effect on the achevable performance of our ergodc nterference algnment scheme. C. Organzaton The rest of ths paper s organzed as follows. Secton II ntroduces the two network models (path loss and ergodc fadng models). In Secton III, we consder the path loss model and develop our novel mult-hop secret encodng scheme. Secton IV

3 focuses on the ergodc fadng scenaro and proposes ergodc nterference algnment scheme for securty applcatons. In Secton V, we focus on the colludng eavesdropper scenaros. Concludng remarks are gven n Secton VI, and, to enhance the flow of the paper, some of techncal lemmas and proofs are relegated to the Appendx. II. NETWORK MODELS The set of legtmate nodes s denoted by L, whereas the set of eavesdroppers s represented by E. Durng tme slot t, the set of transmttng nodes are denoted by T (t) L, where each transmttng user T (t) transmts the sgnal X (t). The receved sgnals at recevng node j L T (t) and at eavesdropper e E are denoted by Y j (t) and Y e (t), respectvely: Y j (t) = h,j (t)x (t)+z j (t) () T (t) Y e (t) = T (t) h,e (t)x (t)+z e (t), () where recevers are mpared by zero-mean crcularly symmetrc complex Gaussan noses wth varance N 0. We denote ths dstrbuton by CN (0,N 0 ). Assumng that each transmtter s actve over N channel uses, the average power constrant on N channel nputs at each transmtter s gven by N X (t) P. Note that, for..d. CN(0,P) nput dstrbuton, SNR P N o s the sgnal-to-nose rato per complex symbol. t= A. Statc Path Loss Model wth Stochastc Node Dstrbuton In the path loss model we consder, the sgnal power decays wth the dstance d as d α for some α > ; and the dstance between node and node j s denoted by d j. The path loss s modeled n () and () wth h,j (t) = d α,j, h,e(t) = d α,e. (3) The set of all observatons at eavesdropper e s denoted by Y e {Y e (t), t}. The extended network model s a square of sde-length n (the area of the regon s n). The legtmate nodes and eavesdroppers are assumed to be placed randomly accordng to Posson pont processes of ntensty λ = and λ e, respectvely. The transmtters are assumed to know a-pror whether there s any eavesdropper wthn some neghborhood or not (the sze of the neghborhood wll be clear n later parts of the text). We are aware of the dealstc nature of ths assumpton, but beleve that t allows for extractng valuable nsghts n the problem. To analyze the worst case scenaro from a securty perspectve, the legtmate recevers are assumed to consder nterference as nose, whereas no such assumpton s made on the eavesdroppers, all of whch are assumed to be nformed wth the network topology perfectly. Now, consder any random source-destnaton par, where the source s wshes to transmt the message W s,d securely to the ntended destnaton d. In our mult-hop strategy, each transmsson conssts of N channel uses per hop. We say that the secret rate of R s achevable for almost all the source-destnaton pars (s,d), f The error probablty of decodng the ntended message at the ntended recever can be made arbtrarly small as N, and The nformaton leakage rate assocated wth the transmssons of the message over the entre path,.e., I(W s,d;y e) N, can be made arbtrarly small e E as N, for almost all (s,d). If there are hops carryng the message W s,d, one only needs to consder the assocated channel observatons at the eavesdropper when evaluatng our securty constrant. ence, our second condton s satsfed f I(W s,d;y e(),,y e()) N can be made arbtrarly small for suffcently large block lengths, where Y e (h) denotes the length-n channel output vector at eavesdropper e E durng hop h. To derve our asymptotc scalng results, we use the followng probablstc verson of Landau s notaton. We say f(n) = O(g(n)) w.h.p., f there exsts a constant k such that lm Pr{f(n) kg(n)} =. n We also say that f(n) = Ω(g(n)) w.h.p., f w.h.p. g(n) = O(f(n)). We denote f(n) = Θ(g(n)), f f(n) = O(g(n)) and f(n) = Ω(g(n)). Lastly, we say f(n) = o(g(n)), f f(n) g(n) 0, as n. We also analyze a dense networks wth the path loss model and stochastc node dstrbuton smlar to above, where we assume that the network s deployed on a square regon of unt area. In ths case, we assume that the legtmate nodes have an ntensty of λ = n. We note that the length of the observaton vector Y e regardng message W s,d s N for hops and N channel uses per hop. Therefore, to analyze the mutual nformaton leakage rate per channel use one mght be tempted to use I(W s,d;y e(),,y e()) n the secrecy constrant. owever, as hops N carry the same message W s,d, the overall nformaton accumulaton at the eavesdropper mght be large even f I(W s,d;y e(),,y e()) s made arbtrarly N small.

4 B. Ergodc Fadng Model Fadng process for the lnk from to k, denoted by h,k (t), s assumed to be drawn..d. across tme accordng to some ergodc fadng process. The ergodc fadng s modeled n () and () wth the followng two assumptons: The channel gans for the legtmate users, h,j, are assumed to be drawn from ndependent dstrbutons (for each,j K) that are symmetrc around zero (that s Pr{h,j = h} = Pr{h,j = h}); and The fadng process for eavesdropper e E,.e., h,e, s assumed to be drawn ndependently from the same dstrbuton K. Note that, as we assume a certan dstrbuton for any gven transmtter-recever par, the locaton of the nodes are not relevant n ths model. In addton, the second assumpton on the fadng processes ensures that each eavesdropper has statstcally the same channel to each transmtter. We denote Y e {Y e (),,Y e (N)}, (t) {h,j (t),,j K}, {(),,(N)}, e (t) {h,e (t), K, e E}, and e { e (),, e (N)}. ere, s assumed to be known at legtmate users, whereas eavesdroppers are assumed to know both and e. We assume that each transmtter n the network has an arbtrary and dstnct recever and the set of legtmate nodes,.e., L, conssts of n source-destnaton pars. For notatonal convenence, we enumerate each transmtter-recever par usng an element of K = {,,n}, and denote the channel gan process assocated wth transmtter-recever par wth h, (t). In ths model, transmtter-recever par K tres to communcate a secret message W W. Denotng the decodng error at the recever by P e,, we say that the secret rate R s achevable, f for any ǫ > 0, ) W NR, ) P e, ǫ, and 3) N I(W ;Y e,, e ) ǫ, e E, for suffcently large N. We fnally say that the symmetrc secure degrees of freedom (DoF) (per orthogonal dmenson) of η s achevable, f the rate R s achevable for par K and R η lm, K. (4) SNR log(snr) III. TE PAT LOSS MODEL In ths secton, we frst focus on extended networks wth a path loss model (α > ) and stochastc node dstrbuton (Posson pont processes) as detaled n Secton II-A. Our achevablty argument s dvded nto the followng four key steps: ) Lemma uses the dea of secrecy zone to guarantee the secrecy of the communcaton over a sngle hop. ) In Lemma, we ntroduce our novel mult-hop forwardng strategy whch uses ndependent randomzaton sgnal n each hop. Ths strategy s shown to allow for hdng the nformaton from an eavesdropper whch lstens to the transmssons over all hops. 3) Usng tools from percolaton theory, we show the exstence of a suffcent number of horzontal and vertcal hghways n Lemma 3, and we characterze the rate assgned to each node on the hghway n Lemma 4. 4) The accessblty of hghways for almost all the nodes n the networks wth the approprate rates s establshed n Lemma 5. Our man result,.e., Theorem 6, s then proved by combnng the aforementoned steps wth a mult-hop routng scheme (Fg. ). We partton the network area nto squares of constant sde length c. We further dvde the area nto larger squares of sde f t dc, each of whch contans (f t d) small squares. These small squares take turn over a Tme-Dvson-Multple-Access (TDMA) frame of sze (f t d) slots. In each slot, a transmtter wthn each actve small square can transmt to a recever that s located at most d squares away as llustrated n Fg.. On the same fgure, we also show the secrecy zone, around a transmttng square, consstng of squares that are at most f e d squares away. Our frst result establshes an achevable secure rate per a sngle hop, actve over N channel uses, under the assumpton of a sngle eavesdropper on the boundary of the secrecy zone. Lemma (Secure Rate per op): In a communcaton scenaro depcted n Fg., the secure rate, smultaneously achevable between any actve transmtter-recever par s: R TR = [ log(+snrtr (f t d) ) log(+snr e ) ], (5) where P(d+) α c α ( ) α SNR TR N o +P8(f t ) α d α c α S(α), (6) S(α) ( 0.5) α, (7) SNR e = P(f e) α d α c α N o, (8) f t (d+), (9) d

5 and (d+) α ( ) α (d) α [ + P ] 8(f t ) α d α c α S(α) < (f e ) α. (0) N o ere, secrecy s guaranteed assumng the presence of an eavesdropper on the boundary of the secrecy zone. Proof: In Fg., consder that one node per flled square s transmttng. Assumng that there s a transmsson from every such square, we denote the nterference set seen by our desgnated legtmate recever as I. Snce the legtmate recevers smply consder other transmssons as nose n our model, we obtan the followng SNR at the legtmate recever. Pd α TR SNR TR = N o + I Pd α R, () where the dstance between the transmtter and recever s denoted as d TR and that between nterferer I and our recever s denoted by d R. We now consder an eavesdropper e E lstenng to the transmsson and upper bound ts receved SNR by the followng. SNR e Pd α Te N o, () where the dstance between the transmtter and the eavesdropper e s denoted by d Te. ere, the upper bound follows by elmnatng the nterference at the eavesdropper. The constructon n Fg. allows for showng that and where (a) follows by choosng and the last equalty follows by defnng I d α R = d TR (d+)c, (3) d Te f e dc, (4) 8(f t d (d+)) α c α = (a) 8(f t dc) α ( 0.5) α = = 8(f t dc) α S(α), (5) S(α) whch converges to some fnte value as α >. Usng (3), (4), (5) n () and (), we obtan the followngs. and f t d (d+), (6) ( 0.5) α, (7) = SNR TR SNR TR P(d+) α c α ( ) α N o +P8(f t ) α d α c α S(α), (8) SNR e SNR e P(f e) α d α c α N o. (9) ence, SNR TR > SNR e for every eavesdropper e, once we choose f e such that (d+) α ( ) α [ (d) α + P ] 8(f t ) α d α c α S(α) < (f e ) α. (0) N o We then construct the secrecy codebook at the transmtter by consderng an eavesdropper that observes the sgnals of the transmsson of ths hop only wth an SNR of SNR e. Based on the Gaussan wretap channel capacty [6], one can easly show that the followng perfectly secure rate s achevable R TR = (f t d) [ log(+snrtr ) log(+snr e ) ], () where the (f t d) term s due to tme-dvson descrbed above. Next we ntroduce our novel mult-hop randomzaton strategy whch ensures secrecy over the entre path, from a source to a destnaton node, at every eavesdropper observng all transmssons.

6 Lemma (Securng a Mult-op Path): Securng each hop from an eavesdropper that s located on the boundary of the secrecy zone s suffcent to ensure secrecy from any eavesdropper whch lstens the transmssons from all the hops and le outsde the secrecy zones of transmtters of hops. Proof: We consder a source s, a destnaton d, and an eavesdropper e n the network. Wthout loss of generalty, we assume that the mult-hop scheme uses hops to route the message. We desgn the secrecy codebook at each transmtter accordng to hghest possble eavesdropper SNR assumpton for each hop. In our mult-hop routng scenaro, each code of the ensemble at the transmtter of hop generates N(R+Rx ǫ ) codewords each entry wth..d. CN(0,P), for some ǫ > 0, and dstrbutes them nto NR bns. Each codeword s, therefore, represented wth the tuple (w s,d,w x), where w s,d s the bn ndex (secret message) and w x s the codeword ndex (randomzaton message). To transmt the message w s,d, the encoder of transmtter wll randomly choose a codeword wthn the bn w s,d accordng to a unform dstrbuton. Ths codeword,.e., X (w s,d,w x ), s sent from transmtter. It s clear now that each transmtter on the path adds ndependent randomness,.e., the codeword ndex w x s ndependent of wj x for j. We consder an eavesdropper at the boundary of the secrecy zone around the transmtter of the hop, and denote t by e. We subtract all the nterference seen by ths vrtual node and denote ts observatons for hop as Y e. Omttng the ndces (w s,d,w x), for smplcty, we denote the symbols transmtted from the transmtter as X ; and set R x = I(X ;Y e ) = log ( ) +SNR e. (Note that ths s the rate loss n (5).) We contnue as below. I(W s,d ;Y e ) = I(W s,d ;Y e (),,Y e ()) (a) I(W s,d ;Y e ) = I(W s,d,w x,,w x ;Y e ) I(W x,,w x ;Y e W s,d ) (b) I(X,,X ;Y e ) (W x,,wx W s,d)+(w x,,wx Y e,,y e,w s,d) I(X,,X ;Y e Y e ) (W x,,wx ) (c) = = (d) (e) = (f) = + = = (W x W s,d,y e,w x,,wx ) [ I(X ;Y e Y e )+I(X,,X,X +,,X ;Y e Y e,x ) NR x +N ǫ ] +(Wx Y e,w s,d ) [ ] (Y e Y e ) (Y e Y e,x ) NR x +Nǫ +ǫ = [ ] (Y e ) (Y e X ) NR x +Nǫ +ǫ = [ ] I(X ;Y e ) NR x +Nǫ +ǫ = [ NI(X ;Y e ) NR x +N ǫ ] +ǫ = = N(ǫ +ǫ ), where (a) s due to the fact that Y e s an enhanced set of observatons compared to that of Y e (), (b) s due to the data processng nequalty and the Markov chan {W s,d,w x,,wx } {X,,X } {Y e }, (c) follows snce W s,d and W x are ndependent, (d) s due to fact that the second term n the sum s zero and due to Fano s nequalty (as we choose R x I(X ;Y e ), the bnnng codebook constructon allows for decodng randomzaton message at the eavesdropper gven the bn ndex for almost all codebooks n the ensemble): We defne the decodng error probablty as P e,e Pr{Ŵx W x }, where Ŵx s the estmate of the randomzaton message W x gven (Y e,w s,d ), and bound ( (Pe,e (W x Y e,w s,d ) N ) ) +P e,e N R x N ǫ wth some ǫ 0 as N, (e) follows by the fact that condtonng does not ncrease the entropy and the observaton that (Y e Y e,x ) = (Y e X ), and (f) s due to the fact that I(X ;Y e ) = N I(X ;Y e (t) Y e () (t t= ()

7 )) N (Y e (t)) (Y e (t) X (t)) = NI(X ;Y e ). t= After settng, ǫ = ǫ +ǫ, we obtan our result: For any gven ǫ > 0, I(W s,d;y e) N < ǫ as N. Note that, the number of hops scale as = O( n) and n () we have P e,e decays exponentally n N. Thus, we can say that the mult-hop transmssons requre larger block lengths, as n gets large, to assure secrecy wth ths scheme. The followng result uses tools from percolaton theory to establsh the exstence of a suffcent number of secure hghways n our network. Lemma 3 (Secure ghways): There exst a suffcent number of secure vertcal and horzontal hghways such that, as n, each secure hghway s requred to serve O( n) nodes and an entry (ext) pont has w.h.p. a dstance of at most κ logn away from each source (respectvely, destnaton) for some fnte constant κ > 0, f c c 0 for some fnte constant c 0 > 0 and λ e 0. Proof: We frst descrbe the noton of secure hghway and the percolaton model we use n the proof. We note that most of ths percolaton based constructon s developed n [], [0] and here we generalze t for secrecy. We say that each square s open f the square has at least one legtmate node and there are no eavesdroppers n the secrecy zone around the square. We denote the probablty of havng at least one legtmate node n a square by p. It s evdent that p = e c, and hence, p can be made arbtrarly close to by ncreasng c. For any gven transmttng square, we denote the probablty of havng an eavesdropper-free secrecy zone by q. The number of eavesdroppers wthn a secrecy zone s a Posson random varable wth parameter λ e (f e d+) c, and hence, q = e λe(fed+) c. Thus, q gets arbtrarly close to, as n, snce λ e 0 wth n (f e, d, and c are some fnte numbers for the hghway constructon). We then map ths model to a dscrete edge-percolaton model (a.k.a. bond percolaton on the random square grd []) by drawng horzontal and vertcal edges over the open squares, where an edge s called open f the correspondng square s open (see Fg. 3). We are nterested n characterzng (horzontal and vertcal) open paths that span the network area. Such open paths are our horzontal and vertcal hghways. We only focus on horzontal hghways for the rest of the secton as the results hold, due to symmetry, for the vertcal hghways. We remark that, n our model, the status of edges are not statstcally ndependent due to the presence of assocated secrecy zones that ntersect for successve squares. Notce that the status of two edges would be ndependent f ther secrecy zones dd not ntersect, whch happens f there were at least f e d squares between two edges. Therefore, ths dependent scenaro s referred to as fnte-dependent model, as f e and d are some fnte numbers. Due to Lemma, gven n Appendx A, ths dependent model stochastcally domnates an ndependent model, n whch edges are ndependently open wth probablty p, where p can be made arbtrarly hgh f pq can be made arbtrarly hgh. Ths ndependent scenaro can be constructed by followng the steps provded n []. Therefore, after provng the percolaton of the network wth some desrable propertes under the ndependence assumpton, the network wll also percolate wth the same propertes under the fnte dependence model as both p and q can be made suffcently large. Usng the ndependent edge model, applyng Lemma 3, gven n Appendx A, wth edge openness probablty of p, and notng the fact that m = n c (Fg. 3), we obtan the followng: There are w.h.p. Ω( n) horzontal paths, whch, for any gven κ > 0, can be grouped nto dsjont sets of δlogn hghways that span a rectangle area of sze (κlogn ǫ) n, for some δ > 0, and some ǫ 0 as n f p s hgh enough. Then, the network area s slced nto slabs of sde length w, chosen so that the number of slabs match wth the number of hghways n each rectangle. Then, each source (destnaton) n the th horzontal (vertcal) slab wll access the correspondng hghway (Fg. 4). Ths way, each hghway s requred to serve at most w n nodes and an entry (ext) pont has w.h.p. a dstance of at most κ logn away from each source (respectvely, destnaton) for some fnte constant κ > 0. The former clam follows by an applcaton of Chernoff bound, gven n Lemma 4, and unon bound (see [, Lemma ] or [0, Lemma 5.3.5] for detals) and the latter ncorporates the neglgble horzontal dstance (at most c ) n addton to the vertcal dstance, whch scales as κlogn. Fnally, due to the statstcal domnaton argument gven above, these percolaton results wll also hold for our fnte-dependent model, as pq can be made arbtrarly large as n. Formally, c 0 (0, ) such that, for any c c 0, pq can be made suffcently hgh f λ e 0 as n. Ths translates to hgh enough p by Lemma, whch shows that the dependent model has the property gven n Lemma 3 as well. Wth the followng lemma we conclude the dscusson of hghways. Lemma 4 (Rate per Node on the ghways): Each node on the constructed hghways can transmt to ther next hop at a constant secure rate. Furthermore, the number of nodes each hghway serves s O( ( n), and therefore each hghway can w.h.p. carry a per-node secure throughput of Ω n ). Proof: The hghways are constructed such that there s at least one legtmate node per square and there are no eavesdroppers wthn the secrecy zone around the squares of the hghway. We choose one legtmate node per square as a member of the hghway, and compute the rate that can be acheved wth the mult-hop strategy. From Lemma (wth d = ) and Lemma,

8 one can see that hghways can carry data securely wth a constant postve rate. As each hghway carres the data for O( ( n) nodes due to Lemma 3, the achevable rate per node on hghways s Ω n ). Our fnal step s to show ( that almost all the nodes can access the hghways smultaneously wth hgh probablty wth a rate scalng hgher than Ω n ). Lemma 5 (Access Rate to ghways): Almost all source (destnaton) nodes can w.h.p. smultaneously transmt (receve) ther messages to (from) hghways wth a secure rate of Ω ( (logn) 3 α), f λ e = o ( (logn) ). Proof: To calculate the rate of each node transmttng to the closest horzontal hghway, we follow the same procedure gven n the proof of Lemma 4. owever, ths tme we choose d = κ logn n Lemma for some fnte κ > 0, as the nodes wthn each transmttng squares need to transmt to a recever at a dstance of at most κ logn squares away (due to Lemma 3). (ere, we can choose smallest number κ κ c makng κ logn nteger.) In addton, compared to Lemma 4, where only one node per square s transmttng, here all legtmate nodes wthn small squares should access the hghways w.h.p., whch s accomplshed wth a TDMA scheme. As d = κ logn, we see from (6), (8), (5) that a per-node rate of Ω ( (logn) α) s achevable. Note that, to satsfy (0) and thus (5), any choce of f e > suffces as n. owever, for ths case, due to tme dvson between nodes wthn squares ths rate needs to be further modfed. Agan applyng the Chernoff bound (Lemma 4) and the unon bound one can show that there are w.h.p. O(logn) legtmate nodes n each square (see [, Lemma ] or [0, Lemma 5.3.4] for detals). Therefore, w.h.p. the secure rate Ω ( (logn) 3 α) s achevable to the assocated hghway from a source node, f there s no eavesdropper n the assocated secrecy zone. Next, we show that ths wll happen wth a very hgh probablty f λ e = o ( (logn) ) asymptotcally (as n ). From Fg., t s clear that the presence of an eavesdropper elmnates the possblty of secure access to a hghway from a regon of area A = (f e d + ) c. We denote the total number of eavesdroppers n the network as E (Posson r.v. wth parameter λ e n), and the total number of legtmate users n the network as L (Posson r.v. wth parameter λn = n). Let the total area n whch the eavesdroppers make t mpossble to reach a hghway be A E. Clearly, A E A E. Let us further denote the number of legtmate users n an area of A E as L A E. Then, usng the Chebyshev nequalty (please refer to Lemma 5 n Appendx A), we obtan E (+ǫ)λ e n, L ( ǫ)n, (3) L A E (+ǫ)a E, for any ǫ (0,) wth hgh probablty (as n ). We denote the fracton of users that can not transmt to hghways due to eavesdroppers as F whch can be upper bounded by F L A E L (+ǫ) (f e d+) c λ e n ( ǫ)n 0 (4) wth hgh probablty (as n ). The frst nequalty follows snce the eavesdroppers can have ntersectng secrecy regons, the second nequalty follows from (3), and the lmt holds as d = κ log(n) and λ e = o ( (logn) ). Ths argument shows that almost all of the nodes are connected to the hghways as n. Smlar concluson can be made for the fnal destnaton nodes: Any gven destnaton node can w.h.p. receve data from the hghways securely wth a rate of Ω ( (logn) 3 α). Now we are ready to state our man result. Theorem 6: If the legtmate nodes have unt ntensty (λ = ) and the eavesdroppers have an ntensty of λ e = o ( ( ) (logn) ) n an extended network, almost all of the nodes can acheve a secure rate of Ω n wth hgh probablty. Proof: In our mult-hop routng scheme, each user has a dedcated route (due to the tme dvson scheme descrbed below) wth each hop sendng the message to the next hop over N channel uses. The secrecy encodng at each transmtter s desgned assumng an eavesdropper on the boundary of the secrecy zone and lstenng to ths hop (observatons of length N) only. Ths way, a transmtter can acheve the rate reported n Lemma. Then, we can argue that ths secrecy encodng scheme wll ensure secrecy from an eavesdropper that lstens to the transmssons of every hop due to Lemma. Now, the man result follows by Lemma 4 and Lemma 5 by utlzng a tme dvson approach. That s the total transmsson tme of the network s dvded nto four phases, as shown n Fg.. Durng the frst phase, the sources that are not affected by eavesdroppers (.e., almost all of them due to Lemma 5) wll w.h.p. transmt ther messages to the closest hghway entry pont. Then, the secret messages of all nodes are carred through the horzontal hghways and then the vertcal hghways (Lemma 4). Durng the fnal phase, the messages are delvered from the hghways to almost all of the destnatons (Lemma 5). ence, by Lemma 4 and Lemma 5, as the secrecy rate scalng( per) node s lmted by the transmssons on the hghway, we can see that almost all of the nodes acheve a secure rate of Ω n wth hgh probablty. Ths concludes the proof. Few remarks are now n order.

9 ) The expected number of legtmate nodes s n, whereas the expected number of eavesdroppers s n e = o(n(logn) ) n ths extended network. Note that n e satsfes n e = O(n ǫ ) for any ǫ > 0, and hence network can endure eavesdroppers as long as total number of eavesdroppers scale slghtly lower than that of legtmate nodes. ) Utlzng the upper bound of [] for the capacty of wreless networks, we can see that Theorem 6 establshes the achevablty of the same optmal scalng law wth and wthout securty constrants. It s worth notng that, n our model, the nterference s consdered as nose at the legtmate recevers. As shown n [7], more sophstcated cooperaton strateges acheve the same throughput for the case of extended networks wth α 3. Ths leads to the concluson that cooperaton n the sense of [7] does not ncrease the secrecy capacty when α 3 and λ e = o ( (logn) ). 3) λ e = o() s tolerable f each node shares key only wth the closest hghway member. If each node can share a secret key wth only the closest hghway member, then the proposed scheme can be combned wth a one-tme pad scheme (see, e.g., [] and []) for accessng the hghways, whch results n the same scalng performance for any λ e 0 as n. 4) Can network endure λ e = o() wthout key sharng? Note that n our percolaton theory result, we have chosen squares of sde length c (edge length n the square lattce was c, see Fg. 3) satsfyng c c 0 to make pq suffcently large n order to have p > 5 6 for Lemma 3. We remark that for ndependent percolaton wth edge probablty p n a random grd, for any γ (0,), p (γ) such that for p > p (γ), the random grd contans a connected component of at least γn vertces (see, e.g., [0, Theorem 3..]). Thus, as long as λ e = o(), for some ǫ,ǫ > 0, we can choose a very large, but constant, c (to make sure that pq s very close to ) to have p = ǫ > p ( ǫ ), whch mples that there are w.h.p. ( ǫ )n connected vertces. Therefore, we conjecture that, for any gven ǫ > 0 and for λ e = o(), per-node secure throughput of Ω(/ n) s achevable for ( ǫ) fracton of nodes (we conjecture that these are the nodes that have constant dstances to hghways). We now focus on the dense network scenaro. The stochastc node dstrbuton for ths scenaro can be modeled by assumng that the legtmate and eavesdropper nodes are dstrbuted as Posson pont processes of ntenstes λ = n and λ e, respectvely, over a square regon of unt area. The proposed scheme n the prevous secton can be utlzed for ths topology and the same scalng result can be obtaned for dense networks as formalzed n the followng corollary. Corollary 7: Under the stochastc modelng of node dstrbuton (Posson pont processes) n a dense network (on a unt area regon) wth the path loss model (wth α > ), f the legtmate nodes have an ntensty of λ = n and the eavesdropper ntensty satsfes λe λ = o( (logn) ) (, then almost all of the nodes can smultaneously acheve a secure rate of Ω n ). Proof: The clam can be proved by followng the same steps of the proof of Theorem 6 wth scalng the transmt power P from P to ( at each transmtter, and scalng each dstance parameter by dvdng wth n. Note that, wth these scalngs, n) α sgnal to nterference and nose rato (SINR) calculatons and percolaton results reman unchanged. IV. TE ERGODIC FADING MODEL We now focus on the ergodc fadng model descrbed n Secton II-B and utlze the ergodc nterference algnment for secrecy. Frequency selectve slow fadng channels are studed n [3], where each symbol tme t =,,N corresponds to F frequency uses and the channel states of each sub-channel reman constant for a block of N channel uses and..d. among B blocks (N = N B). For such a model, one can obtan the followng hgh SNR result by utlzng the nterference algnment scheme [4]. Theorem 8 (Theorem 3 of [3]): For n source-destnaton pars wth n e number of external eavesdroppers, a secure DoF of η = [ n] + per frequency-tme slot s achevable at each user n the ergodc settng, n the absence of the eavesdropper CSI, for suffcently hgh SNR, N, and F. Ths nterference algnment scheme s shown to acheve a secure DoF of [ ] + ne n per orthogonal dmenson at each user when all the eavesdroppers collude [4]. Remarkably, wth ths scheme, the network s secured aganst colludng eavesdroppers and only a statstcal knowledge of the eavesdropper CSI s needed at the network users. owever, the proposed scheme only establshes a hgh SNR result n terms of secure DoF per user. In addton, the stated DoF gan s acheved n the lmt of large number of sub-channels, whch s unrealstc n practce for large number of users, n. (The result s acheved when the desgn parameter m gets large, where F = Ω(m n ) [3], [4].) Provdng secure transmsson guarantees for users at any SNR wth fnte number of dmensons s of defnte nterest. In ths secton, we utlze the ergodc nterference algnment scheme [3] to satsfy ths qualty of servce (QoS) requrement at the expense of large codng delays. Ergodc nterference algnment can be summarzed as follows. Suppose that we can fnd some tme ndces n {,,N}, represented by t,t, and ther complements t, t,, such that h, (t m ) = h, ( t m ), K, and h,j (t m ) = h,j ( t m ),,j K wth j, for m =,,,N. Now, consder that we sent the same codeword over the resultng channels,.e., we set X (t m ) = X ( t m ), m. Then, by addng the observatons seen by destnaton for these two tme nstance sequences, the effectve channel can be represented as whereas the eavesdropper e observes Ỹ (t m ) = h, (t m )X (t m )+Z (t m )+Z ( t m ), (5) Ỹ e (t m ) = n = [ h,e (t m ) h,e ( t m ) ] [ Ze (t X (t m )+ m ) Z e ( t m ) ], (6)

0 for m =,,,N. Remarkably, whle the nterference s canceled for the legtmate users, t stll exsts for the eavesdropper, whose effectve channel becomes multple access channel wth sngle nput multple output antennas (SIMO-MAC). By takng advantage of ths phenomenon together wth explotng the ergodcty of the channel, secure transmsson aganst each eavesdropper s made possble at each user for any SNR (dependng on the underlyng fadng processes) as reported n the followng theorem, whch s the man result of ths secton. Theorem 9: For t =,,, let Ỹ (t) h, (t)x (t)+z (t)+ Z (t), (7) Ỹ e (t) n,e (t)x (t)+ Z e (t), (8) =,e (t) [h,e (t) h,e (t)] T, and Z e (t) [Z e (t) Z e (t)] T, where, K and e E, Z and Z e are..d. as Z and Z e, respectvely; and h,e s..d. as h,e. Then, source destnaton par K can acheve the secret rate [ R = E[I(X ;Ỹ )] ] + n E[I(X,,X n ;Ỹe, e )], (9) on the average, where the expectatons are over underlyng fadng processes. Proof: We frst need to quantze the channel gans to have a fnte set of possble matrces. (These steps are gven n [3] and provded here for completeness.) Let ǫ > 0. Choose τ > 0 such that Pr{,j { h,j > τ}} ǫ. Ths wll ensure a fnte quantzaton set. For γ > 0, the γ-quantzaton of h,j s the pont among γ(z + jz) that s closest to h,j n Eucldean dstance. The γ-quantzaton of channel gan matrx (t) s denoted by γ (t), where each entry s γ-quantzed. Thus, γ- quantzed channel alphabet γ has sze satsfyng ( τ γ )n γ ( τ γ. We denote each channel type wth b )n γ, for b =,,B = γ. The complement of the channel b γ s denoted by b γ, whose dagonal elements are the same as b γ and the remanng elements are negatves of that of b γ. We next utlze strong typcalty [5] to determne the number of channel uses for each type. Consder any..d. sequence of quantzed channel matrces γ (),, γ (N). Such a sequence s called δ-typcal, f N(Pr{ b γ } δ) #{b γ γ(),, γ (N)} N(Pr{ b γ }+δ), (30) where #{..} operator gves the number of blocks of each type. The set of such strong typcal sequences s denoted by A (N) δ. By the strong law of large numbers, we choose suffcently large N to have Pr{A (N) δ } ǫ. Assumng that the realzed sequence of quantzed channel gan matrces,.e., γ (),, γ (N), s δ-typcal, we use the frst N b N(Pr{ b γ} δ) channel uses for each channel type b. Ths causes a loss of at most δnb channel uses out of N, whch translates to a neglgble rate loss. Wth agan a neglgble loss n the rate, we choose each N b as even. Note that the complement block of b s b, whch lasts for N b = N b channel uses, as Pr{ b γ} = Pr{ b γ }. We now descrbe the codng scheme, whch can be vewed as an ergodc nterference algnment codng scheme wth a secrecy pre-codng. For each secrecy codebook n the ensemble of transmtter, we generate N(R+Rx ) sequences each of length B N b, where entres are chosen such that they satsfy the long term average power constrant of P. We assgn each b= codeword to NR bns each wth NRx codewords. Gven w, transmtter randomly chooses a codeword n bn accordng to the unform dstrbuton, whch s denoted by X (w,w x), where wx s the randomzaton ndex to confuse the eavesdroppers. The codeword s then dvded nto B blocks each wth a length of N b symbols. The codeword of block b s denoted by {X b(t),t =,, N b } and s repeated durng the last N b channel uses of the block b,.e., X b(t) = X b ( N b + t), for t =,, N b. The channel gans, addtve noses, and the receved symbols s denoted wth the same block,.e., channel type, notaton. ere, the effectve channels durng block b s gven by and Ỹ b (t) = hb, (t)xb (t)+zb (t)+z b ( Nb +t n Ỹe b (t) = [ = h b,e (t) h b,e ( Nb +t) ]X b (t)+ [ Z b e (t) Z b e ( Nb +t) ), (3) ], (3) for t =,,, N b. We essentally code over the above two fadng channels seen by destnatons and eavesdroppers. ere, to satsfy both the secrecy and the relablty constrants, we choose the rates as follows. R = E[I(X ;Ỹ )] n E[I(X,,X n ;Ỹe, e )] ǫ (33) R x = n E[I(X,,X n ;Ỹe, e )], (34)

where the expectaton s over the ergodc channel fadng, and the channel outputs Ỹ and Ỹe are gven by the transformatons (7) and (8), respectvely. For any ǫ > 0, we choose suffcently small δ. Then, n the lmt of N, τ, γ 0, each legtmate recever can decode W and W x wth hgh probablty (coverng a-typcal behavor of the channel sequence as well) as R +R x = E[I(X ;Ỹ )] ǫ, (35) where ǫ covers for quantzaton errors and unused porton of the channel uses. For the secrecy constrant we frst consder each expresson on the rght hand sde of the followng equalty. N I(W K;Y e,, e ) = N I(W K,W x K;Y e,, e )+ N (Wx K W K,Y e,, e ) N (Wx K W K,, e ), (36) where we denote W K {W, K} and WK x {Wx, K}. We have N I(W K,WK;Y x e,, e ) = N I(W K,WK;Y x e, e ) (a) N I({Xb (t),,b,t};{ỹb e (t), b,t}, e) (b) B b= N b N (c) = ( ǫ ) (E[I(X,,X n ;Ỹe, e )] ǫ ) (E[I(X,,X n ;Ỹe, e )] ǫ ) E[I(X,,X n ;Ỹe, e )]+ǫ ǫ, (37) where (a) s due to the codng scheme and the data processng nequalty, (b) s due to ergodcty wth some ǫ 0 as N, (c) s due to unused porton of channel uses wth some ǫ 0 as N. Secondly, due to the ergodcty and the symmetry among tranmtters, the rate assgnment mples the followng: The rates satsfy R x E[I(X S;Ỹe X K S,, e )], (38) S for any S K. (Please refer to Lemma 8 of [3] for detals.) Thus, the randomzaton ndces WK x can be decoded at the eavesdropper e gven the bn ndces W K. Then, utlzng Fano s nequalty and averagng over the ensemble of the codebooks, we have N (Wx K W K,Y e,, e ) ǫ 3, (39) wth some ǫ 3 0 as N. Thrd, as WK x s ndependent of {W K,, e } and as each W x s ndependent, we have N (Wx K W K,, e ) = N (Wx K) = n (W x ) = n NR x = N N E[I(X,,X n ;Ỹe, e )]. (40) = Fnally, usng (37), (39), and (40) n (36), we obtan whch mples that = N I(W K;Y e,, e ) ǫ, (4) N I(W ;Y e,, e ) ǫ, K (4) wth some ǫ 0 as N, whch establshes the clam. Note that for..d. complex Gaussan nput dstrbuton,.e., when X (t) CN(0,P),,t, the proposed scheme acheves R = [ [ E log (+ P h, N 0 )] n E [ ( )]] log det I + P n +,e N,e, (43) 0 =

for user K. ere, for any non-degenerate fadng dstrbuton, e.g., Raylegh fadng where h,k CN(0,), K, k K E, the second term of (43) dmnshes as n gets large. In partcular, as n, R scales as [ [ R = E log (+ P h, )] ] + O(log(n)), n and hence we can say that each user can acheve at least a postve constant secure rate for any gven SNR for suffcently large n. (Please refer to Appendx B.) To quantfy the behavor of the scheme n the hgh SNR regme, we now focus on the achevable secure DoF per user, whch can be characterzed by dmenson countng arguments. The proposed scheme acheves η = [ n] + secure DoF per user for any gven non-degenerate fadng model. (Ths can be shown by dvdng both sdes of (43) wth log SNR and takng the lmt SNR for any gven n.) Note that the pre-log gan of the proposed scheme s the same as that of [3]. But, remarkably, ergodc nterference algnment allows us to attan secrecy at any SNR by only requrng a statstcal knowledge of the eavesdropper CSI. We note that ths gan s obtaned at the expense of large codng delay (at least exponental n the number of users). N 0 V. EAVESDROPPER COLLUSION In a more powerful attack, eavesdroppers can collude,.e., they can share ther observatons. Securng nformaton n such a scenaro wll be an even more challengng task compared to non-colludng case [9], [6]. Interestngly, even wth colludng eavesdroppers, we show that the scalng result for the path loss model remans the same wth the proposed mult-hop scheme wth almost the same eavesdropper ntensty requrement. Theorem 0: If the legtmate nodes have unt ntensty (λ = ) and the colludng eavesdroppers have an ntensty of λ e = O ( (logn) ρ) ( ) for any ρ > 0 n an extended network, almost all of the nodes can acheve a secure rate of Ω n under the statc path loss channel model. Proof: Please refer to Appendx C. We note that, n the colludng eavesdropper scenaro, the result requres only a slghtly modfed eavesdropper ntensty condton compared to the non-colludng case. Also, for the hghway constructon of the non-colludng case, the secrecy zone wth an area of (df e + ) c wth f e > was suffcent. owever, for the colludng eavesdropper scenaro, legtmate nodes need to know whether there s an eavesdropper or not wthn the frst layer zone, whch has an area of (df l +) c wth f l = δ log(n), where δ can be chosen arbtrarly small (see (6)). ence, securng the network aganst colludng eavesdroppers requres more nformaton regardng the eavesdroppers compared to the non-colludng case. But, remarkably, the optmal scalng law (see []) s acheved even when the eavesdroppers collude under these assumptons. For the ergodc fadng model, the eavesdropper colluson decreases the achevable performance. Let us add ndependent observatons to the receved vector gven n (8) of Theorem 9 accordng to eavesdropper colluson and denote colludng eavesdroppers observatons by Ỹe for e E {e,e, }. For example, f e and e colludes, ther cumulatve observatons s denoted by Ỹe (SIMO-MAC wth 4 receve antennas). In such a scenaro, the proposed scheme can be used to acheve the followng rate. Corollary : For a gven eavesdropper colluson set E, source-destnaton par K acheves the followng rate wth the proposed ergodc nterference algnment scheme for the ergodc fadng channel model: [ R = mn e E E[I(X ;Ỹ )] ] n E[I(X,,X n ;Ỹe, e)]. (44) Note that the proposed scheme acheves η = [ ] + ne n secure DoFs per user for non-degenerate fadng dstrbutons when all the eavesdroppers collude. (Ths can be shown from (44) by settng E = E, choosng the nput dstrbuton as..d. CN(0,P), dvdng both sdes by log SNR, and takng the lmt SNR for any gven n e and n.) VI. CONCLUSION In ths work, we studed the scalng behavor of the capacty of wreless networks under secrecy constrants. For extended networks wth the path loss model (the exponent s assumed to satsfy α > ), the legtmate nodes and eavesdroppers were assumed to be randomly placed n the network accordng to Posson pont processes of ntensty λ = and λ e, respectvely. It s shown that, when λ e = o ( (logn) ) (, almost all of the nodes acheve a secure rate of Ω n ), showng that securng the transmssons does not ental a loss n the per-node throughput for our model, where transmssons from other users are consdered as nose at recevers. Our achevablty argument s based on novel secure mult-hop forwardng strategy where forwardng nodes are chosen such that no eavesdroppers exst n approprately constructed secrecy zones around them and ndependent randomzaton s employed n each hop. Tools from percolaton theory were used to establsh the exstence of a suffcent number of secure hghways allowng for network connectvty. Fnally, a tme dvson approach was used to accomplsh an end-to-end secure connecton between almost all source-destnaton pars. The same scalng result s also

3 obtaned for the dense network scenaro when λe λ = o( (logn) ). We note that, n the proposed scheme, we assumed that nodes know whether an eavesdropper exst n a certan zone (secrecy zone) or not. An analyss of a more practcal scenaro, n whch legtmate nodes have no (or more lmted) eavesdropper locaton nformaton, would be nterestng. We next focused on the ergodc fadng model and employed ergodc nterference algnment scheme wth an approprate secrecy pre-codng at each user. Ths scheme s shown to be capable of securng each user at any SNR (dependng on the underlyng fadng dstrbutons), and hence provdes performance guarantees even for the fnte SNR regme compared to prevous work. For the hgh SNR scenaro, the scheme acheves [ n ]+ secure DoFs per orthogonal dmenson at each user. Remarkably, the results for the ergodc fadng scenaros do not requre eavesdropper CSI at the legtmate users, only a statstcal knowledge s suffcent. owever, ths gan s obtaned at the expense of large codng delays. Lastly, the effect of the( eavesdropper colluson s analyzed. It s shown that, for the path loss model, the same per-node throughput scalng,.e.,ω n ), s achevable under almost the same eavesdropper ntensty requrement. For the fadng model, the proposed model s shown to endure varous eavesdropper colluson scenaros. In partcular, when all the eavesdroppers collude, a secure DoF of [ ne n ]+ s shown to be achevable. We lst several future drectons here: ) Characterzng the full trade-off between secure throughput vs. eavesdropper node ntensty s of defnte nterest. ) We have not exploted cooperaton technques to enhance securty n ths work. Cooperaton n the sense of [7] may be helpful. For example, n the extended network scenaro, herarchcal cooperaton mght ncrease the per-node throughput for α < 3 or acheve the optmal throughput for α 3 even wth hgher eavesdropper ntenstes. In addton, cooperaton for secrecy strateges (see, e.g., [7], [8] and references theren) may be benefcal n enhancng the scalng results. 3) A unform rate per user s consdered n ths work. Arbtrary traffc pattern can be consdered for users wth dstnct qualty of servce constrants. 4) Eavesdroppers are assumed to be passve (they only lsten the transmssons). An advanced attack mght nclude actve eavesdroppers, whch may jam the wreless channel. Securng nformaton n such scenaros s an nterestng avenue for further research. APPENDIX A LEMMAS USED IN SECTION III Lemma (Theorem 7.65, []): Let d,k. Consder random varables Y x and Zx π takng values n {0,}, for x Zd. Denote Z π = {Zx π : x Zd } as a famly of ndependent random varables satsfyng Pr{Zx π = } = Pr{Zπ x = 0} = π. Also, denote Eucldean dstance n Z d as d(, ). If Y = {Y x : x Z d } s a k-dependent famly of random varables,.e., f any two sub-famles {Y x : x A} and {Y x : x A } are ndependent whenever d(x,x ) > k, x A, x A, such that Pr{Y x = } δ, x Z d, then there exst a famly of ndependent random varables Z π(δ) such that Y statstcally domnates Z π(δ), where π(δ) s a non-decreasng functon π : [0,] [0,] satsfyng π(δ) as δ. Proof: The proof s gven n [], where the authors also provde a constructon of the ndependent model. See also []. Lemma 3 (Theorem 5, []): Consder dscrete edge percolaton wth edge exstence probablty p on a square grd of sze m m m (number of edges). For any gven κ > 0, partton the area nto (κlogm ǫ rectangles of sze m (κlogm ǫ m) m), where ǫ m = o() as m and s chosen to have nteger number of rectangles. Denote the maxmal number of edgedsjont left to rght crossngs of the th rectangle as Cm and let N m mn Cm. Then, κ > 0 and p (5 6,) satsfyng κlog(6( p)) <, δ > 0 such that Proof: The proof s gven n [, Appendx I]. See also [0, Theorem 4.3.9]. Lemma 4: Consder a Posson random varable X of parameter λ. Then, lm Pr{N m δlogm} = 0. (45) m P(X x) e λ (eλ) x x x, for x > λ. (46) Proof: The proof follows by an applcaton of the Chernoff bound. Please refer to [, Appendx II] or [0, Appendx]. Lemma 5: Consder a Posson random varable X of parameter λ. Then, for any ǫ (0,), and Proof: The proof follows by utlzng the Chebyshev s nequalty. lm P(X ( ǫ)λ) = 0, (47) λ lm P(X (+ǫ)λ) =. (48) λ

4 APPENDIX B R > R FOR SOME CONSTANT R > 0 IN (43) AS n Consder that the statstcs of h,e s are gven by ) q E[R{h,e }]+je[i{h,e }] s a complex number wth fnte real and n magnary parts, and ) s E[ h,e ] s a fnte real number, K,e E. Let us further assume that I + P N 0 =,e,e s a postve defnte matrx. Focusng on the second term of (43), we obtan [ ( )] ( n E log det I + P n (a),e N,e 0 n logdet I + P n ] ) E[,e N,e (49) = 0 = ) (b) = (+ n log PN0 ns+ P n (s q 4 ) (50) = O(log(n)), (5) n where (a) s due to Jensen s nequalty as log det( ) functon s concave n postve defnte matrces, and (b) follows from ( ) h,e,e,e = h,e h,e h,e h,e h,e, whch mples ] ( s q E [,e,e = q s Thus, the second term of (43) becomes nsgnfcant, o() as n ; and R > 0 such that R > R, K for suffcently n large n. Note that the assumpton that I + P N 0,e,e s a postve defnte matrx holds n the lmt of large n almost surely. (ere, due to strong law of large numbers, the sum converges to ne = APPENDIX C PROOF OF TEOREM 0 ). [,e,e ] N 0 wth probablty.) The proof follows along the same lnes of the proof of Theorem 6 by generalzng the secrecy zone approach to mult-level zones, where the area of each zone s carefully chosen to obtan a (statstcally) workng bound for the SNR of the colludng eavesdropper. In Fg. 5, we show the zones around a transmttng square: Zone of level k for k {,,L} has an area of A lk, and the assocated dstance s denoted wth f lk dc wth some f lk and f lk f lk. Note that, we take f lk as a desgn parameter. We wll choose f lk dfferently, dependng on whether a node s forwardng data over a hghway or accessng to/accessed by a hghway. Furthermore, d and f lk may depend on n,.e., expected number of users. We now provde generalzaton of Lemma to the colludng eavesdropper case. Lemma 6 (Secure Rate per op): In a communcaton scenaro depcted n Fg. 5 (no eavesdroppers n the frst zone), the rate R TR = (f t d) [ log(+snrtr ) log(+snr E ) ] +, (5) where SNR TR S(α) SNR E P(d+) α c α ( ) α N o +P8(f t ) α d α c α S(α), (53) ( 0.5) α, (54) = P(+ǫ)9c α d α N 0 λ e d L (f lk ) (f lk ) α, (55) f t (d+), (56) d s w.h.p. securely and smultaneously achevable between any actve transmtter-recever par f f lk s chosen such that k= λ e d (f lk ), as n, for k =,3,. (57)

5 Proof: The steps of the proof are smlar to that of Lemma. ere, we need to derve a workng upper bound for the colludng eavesdropper SNR. In our case, secrecy s guaranteed assumng that the eavesdroppers are located on the boundary of each level of zones. We frst bound the number of eavesdroppers at each level. We have A lk (df lk +) c 9d (f lk ) c, (58) as d and f lk. ence, the number of eavesdroppers n layer l k can be bounded, usng the Chebyshev s nequalty (see Lemma 5), by w.h.p., for a gven ǫ > 0, as long as we choose f lk to satsfy E l k (+ǫ)λ e 9c d (f lk ) (59) λ e d (f lk ), as n. Now, we place E l k number of eavesdroppers from layer k at dstance f lk dc for k =,3,. Ths s referred to as confguraton E. These colludng eavesdroppers can do maxmal rato combnng (ths gves the best possble SNR for them) to acheve the followng SNR. SNR E = P L El k (f lk ) α c α d α k= N 0 P(+ǫ)9c α d α N 0 λ e d L (f lk ) (f lk ) α k= SNR E. (60) Note that the challenge here s to choose f lk such that SNR E <, and at the same tme to satsfy (57). Wth some approprate choces of these parameters, we generalze Lemma 4 and Lemma 5 to the colludng eavesdropper case. Lemma 7 (Rate per Node on the ghways): If λ e = O((logn) ), each node on the constructed hghways can transmt to ther next hop at a constant secure rate. Furthermore, f the number of nodes each hghway serves s O( ( n), each hghway can w.h.p. carry a per-node throughput of Ω n ). Proof: We show the result for λ e = Θ ( (logn) ), whch wll mply the desred result (as lowerng the eavesdropper densty can not degrade the performance). Consequently, there exsts constants Λ, Λ, and n such that Λ(logn) λ e Λ(logn), for n n, (6) where Λ < Λ. We choose each level of zones over the hghways by settng ( ) δ f lk = (logn) ( α 9Λc d )k. (6) ere, λ e (f l d+) c λ e 9(f l ) d c (63) δ(logn) = λ e Λ (64) δ, for n n. (65) Therefore, due to our percolaton result,.e., Lemma 3, each member of a gven hghway does not have any eavesdropper wthn ther frst level secrecy zone as δ can be chosen arbtrarly small. Now, as the above choce also satsfes we can utlze Lemma to acheve a secrecy rate of λ e d (f lk ), as n, for k =,3,, R TR = (f t d) [ log(+snr TR) log(+snr E ) Now, we provde an upper bound for SNR E. Frst, note that our setup results n ( ) α δ (f lk ) (f lk ) α =. 9Λc d ]. (66)

6 ence, SNR E = P(+ǫ)9 ( ) α δ λ e (L ) N 0 9Λ P(+ǫ)9 ( δ Λ(logn) (L ) ) α (67), N 0 9Λ for n n (68) 0, as n, (69) where the last step s due to the observaton that the number of levels can be upper bounded by L log(logn) log( α ). (70) Therefore, there exsts n such that for all n n, the rate expresson satsfes R TR R for some constant R. The second clam follows from Lemma 3. Lemma 8 (Access Rate to ghways): Almost all source (destnaton) nodes can w.h.p. smultaneously transmt (receve) ther messages to (from) hghways wth a secure rate of Ω ( (logn) 3 α), f λ e = O ( (logn) (+ρ)) for any ρ > 0. Proof: We show the result for λ e = Θ ( (logn) (+ρ)), whch wll mply the desred result (as lowerng the eavesdropper densty can not degrade the performance). Consequently, there exsts constants Λ, Λ, and n 3 such that Λ(logn) (+ρ) λ e Λ(logn) (+ρ), for n n 3, (7) where Λ < Λ. At ths pont, we can upper bound the fracton of nodes that can not access to a hghway due to an exstence of an eavesdropper n ther frst secrecy zone. Followng the analyss n Lemma 5, as long as we satsfy λ e (f l ) d 0, as n, (7) almost all the nodes can access to the hghways. To compute the achevable secrecy rate wth Lemma, we need to satsfy Further, we can show that as long as we satsfy λ e (f lk ) d, as n, for k =,3,. (73) L λ e d (f lk ) (f lk ) α C, as n, (74) k= for some constant C, the achevable rate R TR n Lemma 6 scales lke Ω ( (logn) α) as d = κ logn. Due to tme-dvson among the legtmate nodes accessng the hghways (there are w.h.p. O(log n) nodes wthn small squares), the secrecy rate per user satsfes Ω ( (logn) 3 α). ere, to satsfy (7), (73), (74) wth d = κ logn, we choose the secrecy zones as wth some r satsfyng ρ α < r < ρ. f lk = (logn) r(α )k, (75) Note that, Lemma that the per hop securty mples the mult-hop securty also holds for the colludng eavesdropper scenaro. That s, the securty obtaned for confguraton E for each hop s suffcent to ensure secrecy aganst colludng eavesdroppers lstenng all the hops. Combnng these results wth the percolaton result gven n Lemma 3 concludes the proof.

7 REFERENCES [] P. Gupta and P. R. Kumar, The capacty of wreless networks, IEEE Trans. Inf. Theory, vol. 46, no., pp. 388 404, Mar. 000. [] M. Franceschett, O. Dousse, D. N. C. Tse, and P. Thran, Closng the gap n the capacty of wreless networks va percolaton theory, IEEE Trans. Inf. Theory, vol. 53, no. 3, pp. 009 08, Mar. 007. [3] B. Nazer, S. A. Jafar, M. Gastpar, and S. Vshwanath, Ergodc nterference algnment, n Proc. 009 IEEE Internatonal Symposum on Informaton Theory (ISIT), Jun. 009. [4] V. R. Cadambe and S. A. Jafar, Interference algnment and degrees of freedom for the K-user nterference channel, IEEE Trans. Inf. Theory, vol. 54, no. 8, pp. 345 344, Aug. 008. [5] M. A. Maddah-Al, A. S. Motahar, and A. K. Khandan, Communcaton over MIMO X channels: Interference algnment, decomposton, and performance analyss, IEEE Trans. Inf. Theory, vol. 54, no. 8, pp. 3457 3470, Aug. 008. [6] U. Nesen, Interference algnment n dense wreless networks, 009, submtted for publcaton. [7] A. Özgür, O. Lévêque, and D. N. C. Tse, erarchcal cooperaton acheves optmal capacty scalng n ad hoc networks, IEEE Trans. Inf. Theory, vol. 53, no. 0, pp. 3549 357, Oct. 007. [8] U. Nesen, P. Gupta, and D. Shah, On capacty scalng n arbtrary wreless networks, IEEE Trans. Inf. Theory, vol. 55, no. 9, pp. 3959 398, Sep. 009. [9] J. Ghader, L.-L. Xe, and X. Shen, erarchcal cooperaton n ad hoc networks: Optmal clusterng and achevable throughput, IEEE Trans. Inf. Theory, vol. 55, no. 8, pp. 345 3436, Aug. 009. [0]. Delfs and. Knebl, Introducton to Cryptography: Prncples and Applcatons, nd ed. Sprnger, 007. [] G. S. Vernam, Cpher prntng telegraph systems for secret wre and rado telegraphc communcatons, J. Amer. Inst. Elect. Eng., vol. 55, pp. 09 5, 96. [] C. E. Shannon, Communcaton theory of secrecy systems, The Bell System Techncal Journal, vol. 8, pp. 656 75, 949. [3] V. Bhandar and N.. Vadya, Secure capacty of mult-hop wreless networks wth random key pre-dstrbuton, n Proc. 008 IEEE INFOCOM Workshops, Apr. 008. [4] A. Wyner, The wre-tap channel, The Bell System Techncal Journal, vol. 54, no. 8, pp. 355 387, Oct. 975. [5] I. Csszár and J. Körner, Broadcast channels wth confdental messages, IEEE Trans. Inf. Theory, vol. 4, no. 3, pp. 339 348, May 978. [6] S. Leung-Yan-Cheong and M. ellman, The gaussan wre-tap channel, IEEE Trans. Inf. Theory, vol. 4, no. 4, pp. 45 456, Jul. 978. [7] M. aengg, The secrecy graph and some of ts propertes, n Proc. 008 IEEE Internatonal Symposum on Informaton Theory (ISIT), Jul. 008, pp. 539 543. [8] P. C. Pnto, J. Barros, and M. Z. Wn, Physcal-layer securty n stochastc wreless networks, n Proc. th IEEE Sngapore Internatonal Conference on Communcaton Systems (ICCS), Nov. 008, pp. 974 979. [9], Wreless physcal-layer securty: The case of colludng eavesdroppers, n Proc. 009 IEEE Internatonal Symposum on Informaton Theory (ISIT), Jun. 009, pp. 44 446. [0] M. Franceschett and R. Meester, Random Networks for Communcaton: From Statstcal Physcs to Informaton Systems. Cambrdge Unversty Press, 007. [] G. Grmmett, Percolaton, nd ed. Sprnger, 999. [] T. M. Lggett, R.. Schonmann, and A. M. Stacey, Domnaton by product measures, Annals of Probablty, vol. 5, no., pp. 7 95, 997. [3] O. O. Koyluoglu,. El Gamal, L. La, and. V. Poor, Interference algnment for secrecy, IEEE Trans. Inf. Theory, to appear. [Onlne]. Avalable: http://arxv.org/abs/080.87 [4] O. O. Koyluoglu, C. E. Koksal, and. El Gamal, On the effect of colludng eavesdroppers on secrecy capacty scalng, n Proc. 6th European Wreless Conference (EW 00), Lucca, Italy, Apr. 00. [5] T. Cover and J. Thomas, Elements of Informaton Theory. John Wley and Sons, Inc., 99. [6] S. Goel and R. Neg, Secret communcaton n presence of colludng eavesdroppers, n Proc. IEEE Mltary Communcatons Conference (MILCOM), Oct. 005, pp. 50 506. [7] O. O. Koyluoglu and. El Gamal, On the secrecy rate regon for the nterference channel, n Proc. IEEE 9th Internatonal Symposum on Personal, Indoor and Moble Rado Communcatons (PIMRC 008), Cannes, France, Sep. 008. [8], Cooperatve bnnng and channel prefxng for secrecy n nterference channels, IEEE Trans. Inf. Theory, submtted for publcaton.

8 s e e e 3 e E d Fg.. A typcal mult-hop route conssts of four transmsson phases: ) From source node to an entry pont on the horzontal hghway, ) Across horzontal hghway (message s carred untl the desred vertcal hghway member), 3) Across vertcal hghway (message s carred untl the ext node), and 4) From the ext node to the destnaton node. f t dc e f e dc dc c e e Fg.. The transmtter located at the center of the fgure wshes to communcate wth a recever that s d squares away. The second square surroundng the transmtter s the secrecy zone, whch s the regon of ponts that are at most f e d squares away from the transmtter. Sde length of each square s denoted by c. The tme dvson approach s represented by the shaded squares that are allowed for transmsson. It s evdent from the dashed square that the tme dvson requres (f t d) tme slots.

9 n (m = n c edges) c c Fg. 3. orzontal and vertcal edges n the dscrete bond percolaton model are denoted by dotted lnes. A dotted edge s open (used for the hghway constructon) f the correspondng square s open. There are Θ(n) number of edges n the random graph. n κ log n ǫ w Fg. 4. There are δlogn number of dsjont hghways wthn each rectangle of sze (κlogn ǫ) n. The legtmate users n the slab, denoted by dotted lnes, of the rectangle s served by the hghway denoted wth red bold lne. f t dc f l dc e f l dc dc c e A l e A l Fg. 5. The second square surroundng the transmtter s the secrecy zone (zone of level ), whch s the regon of ponts that are at most f l d squares away from the transmtter. The zone of level k s denoted wth dstance f lk dc and has an area of A lk.