Physical Layer Security for Multiuser Satellite Communication Systems With Threshold-Based Scheduling Scheme

—Satellite communication (SatCom) has attracted much attention due to its inherent characteristics. Security issues have gained severe concerns in SatCom since it is susceptible to be illegally eavesdropped by malicious ground stations within large-scale wireless coverage. In this paper, we investigate the physical layer security of a multiuser SatCom system in the presence of multipleeavesdroppers.Particularly,weproposeathreshold-based scheduling scheme, where the geographically clustered eavesdrop-perswithboththecolludedandcollaboratedeavesdroppingscenar-iosareassumed.Speciﬁcally,closed-formexpressionforthesecrecy outageprobability(SOP)isderivedforthepassiveeavesdroppingscenariowhenthechannelstateinformation(CSI)oftheeavesdrop-persisunavailable.Moreover,weobtainaclosed-formexpressionfortheaveragesecrecycapacity(ASC)oftheconsideredsystem undertheproposeduserschedulingscheme.Inordertogetfurtherinsightsoftheproposedschedulingschemeathighsignal-to-noise ratios(SNRs),theasymptoticanalysisfortheSOPandASCisalsodemonstrated.Moreover,thereducedpercentagewithrespect tonumberofuserexaminationisalsogiven,whichvalidatesthe


I. INTRODUCTION
D UE to the ability of seamless connectivity and high data rate, satellite communication (SatCom) has been viewed as a key element to bring real-time, higher capacity communication and wider coverage in the connection and deployment of a plethora of applications such as smart grid, Internet-of-Thing (IoT), wireless sensor networks, space-based cloud for big data, vehicular ad-hoc networks etc (see [1], [2] and the references therein). It is viewed as a key element in emergency rescue, such as earthquake, fire disaster and transoceanic communication that the terrestrial communication can not cover [3], [4]. SatCom is the key point of the beyond 5 generation (B5G) networks, which has already attracted much attention [5]- [7].

A. Background
Nevertheless, owing to the inherent nature of satellite broadcasting and coverage of huge areas, SatComs are easily to be exposed to various security issues. Secure information transmission has aroused extensive interest from the wireless communications community in order to prevent eavesdroppers from taking advantage of the broadcast nature of radio propagation medium to intercept confidential messages. Conventionally, various cryptographic protocols have been developed and applied in the upper layers to achieve transmission security on the assumption of an error-free link in the physical layer. However, the limitations behind these cryptographic protocols lie in secret key distribution and management, as well as its extreme computational complexity of mathematical operations [8]. Alternatively, physical layer security (PLS) has been introduced as an attractive method to guarantee secure transmission by exploiting the distinct characteristics of wireless channels (e.g., fading or noise). The concept of PLS was first introduced in Shannon's pioneering work [9] from an information theoretic perspective. 0018-9545 © 2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
Subsequently, wiretap channel was introduced in [10], where it demonstrated that perfect security can be obtained when the quality of legitimate channel is superior to that of the wiretap channel. Traditionally, the security issues in SatComs are also addressed by encryption, such as the advanced encryption standard (AES) [11], [12]. However, the absolute security can not be perfectly guaranteed by the traditional encryption method with the increasing ability of the eavesdropper's computation and decoding [13]. Moreover, PLS provides a prospective approach in the SatComs when compared with such protocols e.g. tunneling may lead to significant transmission overhead in clear detriment of quality of service (QoS).

B. Related Works
The information-theoretic basis in PLS, such as average secrecy capacity (ASC), secrecy outage probability (SOP) and etc are the fundamentals for the transmission of confidential data over wireless channels [14]. In [15], the authors analyzed the non-zero probability of secrecy capacity, SOP and ASC for the SatComs in the Shadowed-Rician (SR) channel. In [16], the authors investigated the secrecy performance of a hybrid satellite-terrestrial relay network.
It is worth to note that future SatCom systems are required to provide high information transfer rate to a large number of users at a reasonable cost and preferable QoS [17]. However, the aforementioned works on PLS in SatComs merely considered the cases with a single legitimate user and eavesdropper, which is an unrealistic assumption and quite limited in practical scenarios. Moreover, the multiuser transmission in SatComs also results in a higher opportunities for the leakage of confidential messages, thus increasing the risk of being eavesdropped. In [18], the authors proposed a novel optimization problem to satisfy the need to frame multiple users per transmission. In [19], the authors studied the problem of pre-coding, scheduling and link adaptation in mobile interactive SatComs.
However, the former works mainly considered a single legitimate user and a single eavesdropper. In practical scenes, multiple legitimate users and eavesdroppers is a common scene in satellite communication systems [20]- [24]. In [21], the secrecy performance of SatComs was analyzed with multiple legitimate users and a single eavesdropper in the SatComs. In [22] and [23], the secrecy performance of SatComs with multiple legitimate users and one eavesdroppers was analyzed. In [24], the ASC was analyzed for the satellite communication systems with a proposed legitimate users scheduling. In [25], the authors analyzed the secrecy performance for satellite communication systems with one user and one eavesdropper. In [26], the authors obtained the closed-form expressions for the SOP and ASC of the considered network with maximal ratio combining (MRC) scheme using in the legitimate user and analyzed the PLS. In [27], the authors analyzed the PLS for the SatComs with multiple legitimate users and channel estimation errors. In [28], the authors investigated the outage performance for the decode-and-forward (DF) satellite relaying network with multiple legitimate users and threshold-based scheme. In [29] and [30], the authors analyzed the secrecy performance for the integrated satellite terrestrial relay networks with multiple eavesdroppers and multiple legitimate users with a single terrestrial relay. However, until now, there is few published paper analyzing the secrecy performance for satellite communication system with multiple legitimate users and multiple eavesdroppers on the foundation of user scheduling. In [16] and [31], the authors analyzed the secrecy problem in hybrid satellite-terrestrial relay networks with multiple legitimate users, multiple eavesdroppers and multiple terrestrial relays.

C. Our Contributions
In this paper, by considering the satellite links undergo SR fading and the impacts of satellite beam pattern and path loss on deploying reliable SatComs, a threshold-based scheduling scheme is proposed to enhance the secrecy performance of a multiuser satellite communication system while maintaining low implementation complexity. In an effort to quantify the system performance and validate the proposed scheme, exact SOP and ASC, asymptotic SOP and ASC, along with the reduced percentage with respect to the number of legitimate user examination, are derived, respectively.
The main contributions of this paper is summarized as follows: r We provide a secrecy satellite communication model with multiple users. Particularly, a new user-scheduling scheme is proposed to enhance the secrecy system performance.
r We derive the closed-form expressions for the SOP based on the proposed user scheduling scheme, which provide efficient ways to evaluate the SOP.
r To gain the impact of the proposed user scheduling scheme on the ASC, the closed-form expressions for the ASC are also derived, which give the useful methods to estimate ASC.
r In order to obtain the secrecy performance at high signalto-noise ratios (SNRs), the asymptotic expressions for SOP and ASC of the considered system are obtained to show the secrecy diversity order and coding gain.
r The average number of legitimate user examinations is also derived to show the advantage of our proposed user scheduling scheme. The rest of this paper is organized as follows. Section II introduces the system model followed by the problem formulation. In Section III, the secrecy performance analysis of the considered system is conducted. In particular, the analytical expressions for the OP and ASC are derived. In addition, the asymptotic expressions of the OP and ASC under the high SNR assumption are also given in Section III. In Section IV, the average number of legitimate user examinations is given. In Section V, some numerical results are provided to validate the analytical performance evaluation. In Section VI, a brief summary of our work in this paper is given.
Notations: Vectors are represented by lowercase bold typeface letters, (·) H denotes the Hermitian transpose, · represents the Euclidean norm of a vector, | · | stands for the absolute value of a complex scalar. exp(·) is the exponential function, E[·] denotes the expectation operator, CN (a, B) represents the complex Gaussian distribution of a random vector a and covariance matrix B, C M ×N stands for an M -by-N dimensional complex positive semi-definite matrix. f x (·) and F x (·) denote the probability density function (PDF) and the cumulative distribution function (CDF) of random variable x, respectively. The abbreviations and acronyms are given in Table I. II. SYSTEM MODEL As illustrated in Fig. 1, we consider a multiuser downlink wiretap satellite network, where a satellite (Alice) equipped with single antenna, N B legitimate terrestrial users (Bobs) in the presence of N E eavesdroppers (Eves). On the assumption that all Bobs and Eves are equipped with single antenna, which is practical in certain multiuser scenarios such as wireless sensors, IoT and broadcasting networks. 1 Without loss of generality, we assume that the main links and the eavesdroppers' links are subject to independent and non-identically distributed (i.n.i.d) block 1 We should note that, in order to simplify the analysis, we assume that all nodes are equipped with a single antenna in this paper. However, the following analysis is still fit for the case that all nodes are equipped with multiple antennas. It is very interesting for us to investigate the case that the satellite is equipped with multiple antennas in our future work. Nevertheless, our presented results will serve as a benchmark of the secrecy system performance and provide useful guidelines for the secrecy land mobile satellite (LMS) communication systems. SR fading. 2 For notational convenience, the channel coefficient between the satellite and the i-th legitimate user is denoted as h b i , and the channel coefficient between the satellite and the j-th eavesdropper is termed as h e j . By exploiting time division multiple access (TDMA) scheme, only a single scheduled legitimate user is in service at each time slot. Let s(t) denote the confidential signal transmitted by the satellite satisfying E[|s(t)| 2 ] = 1, the signals received at the i-th Bob and the j-th Eve are, respectively, written as where P is the transmit power at Alice, n b i (t) and n e j (t) are the additive white Gaussian noise (AWGN) at the i-th Bob and j-th Eve with zero mean and variance δ 2 b i , δ 2 e j , respectively. Specifically, h b i and h e j can be uniformly written as where g P is the channel coefficient following SR fading [33], [34], [35], and Q P is the scaling parameter including various practical effects, such as free-space loss (FSL) and on-board beam gain, which is given by where C is the light velocity, f is the frequency of the carrier, d P is the propagation distance. K W = 1.38 × 10 −23 J/m is the Boltzman constant, T W is the receive noise temperature, and W denotes the carrier bandwidth. Meanwhile, F r,P presents the receiving gain.
According to [36], the antenna gain for the Earth Station (ES) with parabolic antenna can be approximately expressed as where G max is the maximum beam gain at the boresight, and β is the off-boresight angle.
F t,P presents the beam gain of the satellite, which can be nearly given by [37] where F max denotes the maximal satellite beam gain and x = 2.07123 sin θ/ sin θ 3dB , where θ is the angle between the location of the corresponding receiver and the beam carrier with respect to the satellite, and θ 3dB is the 3 dB angle, J 1 and J 3 present the first kind bessel function of order 1 and 3, respectively [38]. In order to get the best system performance, hence we set θ → 0, as a result of F t,P ≈ F max . On this foundation, . From (1a) and (1b), the instantaneous received SNR at the i-th Bob and the j-th Eve can be, respectively, given by is the average SNR of the satellite to the i-th Bob link andγ e j = P Q 2 e j /δ 2 e j that of the satellite to the j-th Eve link.

III. SECRECY PERFORMANCE ANALYSIS
In this section, a comprehensive analysis on the secrecy performance of the system based on the proposed threshold-based scheme are derived.

A. Preliminaries
Owing to every Eve has access to the source signal, several diversity combining schemes can be applied to strengthen the wiretapping. Without loss of generality, we consider a worse-case scenario where the eavesdroppers are geographically located in clustering environment. Hence, a colluded and collaborated eavesdropping can be implemented among the multiple Eves. By considering the MRC linear processing scheme among Eves, we obtain the equivalent instantaneous SNR of Eves as 3 Before analyzing the secrecy performance of the system, we first give the CDF of γ b i and the PDF of γ e [39], respectively, as with Ω l , 2b l and m l (l ∈ {b i , e}) are the average power of line-of-sight (LOS), multiple path components and the fading severity parameters, respectively, and ) denotes the Beta function [38].
Traditional scheduling schemes select the best user to be served based on the CSI examination of each user, which requires computationally demanding iterative process [19]. Given the constrained feedback resources and limited on-board processing capability in the satellite network, we design a threshold-based user scheduling scheme for the secure transmission for SatComs in the presence of multiple Eves. Our proposed scheme can be explained as follows: r Firstly, a scheduling threshold γ T is set, Alice first check chosen. Otherwise, Alice will not check the N B -th link and choose the N B -th link directly as the transmitted link no matter what the SNR is, i.e., According to the detailed scheduling scheme, we can obtain the following scheduling process as Fig. 2.
Theorem 1. Based on the aforementioned analysis and assuming all Bobs' links having the identical fading parameters, we can obtain the CDF of γ b as where F γ b i (x) has been derived in (8a).
Proof: See Appendix A.

B. Secrecy Outage Probability
The knowledge of eavesdroppers' CSI is commonly unavailable at the satellite, thus the transmission rate can not be adapted according to the CSI. In this case, the SOP, which is defined as the probability that the secrecy capacity falls below a predefined secrecy rate R 0 [14], is mathematically formulated as 4 where R 0 = log 2 (1 + γ 0 ), γ 0 is the outage threshold of the system, C S = C B − C E , C B = log 2 (1 + γ b ), and C E = log 2 (1 + γ e ). By substituting these equations into (11), it can be expressed as From (10), we know that the proposed scheduling scheme relies on the predefined threshold γ T , here we recommend a boundary point H(γ T ) = γ T −γ 0 γ 0 +1 to make SOP more tractable. 5 Hence, the SOP can be rewritten as where Y (x) = γ 0 + (γ 0 + 1)x.

C. Average Secrecy Capacity
In this subsection, in order to investigate the secrecy performance deeply, we analyze the ASC of the considered system.
By recalling the definition of the achieved secrecy rate, we can obtain From [24], in order to evaluate the above integrals, we first evaluate the inner integral by applying integration by parts, and after some mathematical steps, the ASC can be represented as follows: Next, the closed-form expression for (19) can be obtained in the following Theorem 2.
Theorem 2. The ASC of the considered system is where C 1 and C 2 are given in (23) and (24) shown at the bottom of this page, with H 1 (a, b, c) and H 2 (a, b, c) are, respectively, as follows: and where Γ(·, ·) is the incomplete gamma function [38, eq. 8.35].
Proof: See Appendix B.

D. Asymptotic Analysis 1) Asymptotic Secrecy Outage Probability:
Although the exact expression of SOP has been obtained, it is hard to derive more insights from (13). Therefore, in what follows, the asymptotic analysis for the SOP will be derived. In the high SNR regime, i.e., γ b i → ∞. Hence, only the first summation term of F γ b i (x) should be taken into consideration, since it momentously affects the overall performance while all the other terms approach zero. Accordingly, (8a) can be further expressed as [27] F ∞ where o(x) is the high order infinitesimal of x. Theorem 3. In order to analyze the diversity order and coding gain conveniently, the asymptotic SOP can be expressed as where the secrecy diversity order Ψ = 1 and the secrecy coding gain is

2) Asymptotic Average Secrecy Capacity:
In what follows, to evaluate the impact of key system parameters on the average secrecy capacity in depth, we also look into the ASC at high SNRs. To this end, we give two representative issues to characterize the asymptotic ASC, i.e., the high SNR slope and the high SNR power offset. Also, the CDF of γ e is given by where Theorem 4. The ASC in high SNR regime is derived as where w 1 and w 2 are given as where and ψ(·) is the digamma function [38, eq. 8.36]. and, respectively, where and Ei(·) is the exponential integral function [38, eq. 8.21].
Proof: See Appendix D.
To obtain further insights, we investigate the high SNR slope and the high SNR power offset, as two important parameters affecting the ASC at high SNRs. Hence, we rewrite the asymptotic ASC in (29) in a general form as [14], [24] where S ∞ is the high SNR sloper in bits/s/Hz (3 dB) and T ∞ is the high SNR power offset in 3 dB units. We first express the high SNR slope as By substituting (30) into (35), it can be easily extracted that From (36), we can conclude that the key parameters, such as the number of the legitimate users, the number of the eavesdroppers, the fading severity parameters and the switching threshold γ T , have no effect on the high SNR slope.
In the following, the high SNR power offset T ∞ as It is clear from (37) that the effects of the main channel and the eavesdropper' channel on the asymptotic ASC rely on T ∞ . By inserting (36) and (29) into (37), we obtain T ∞ as where and Remark 1: From the above analysis, we find that the high SNR power offset is independent of γ b and the contributions of the main channel and eavesdropper channel to T ∞ are characterized by T b ∞ and T e ∞ , respectively. In particular, T e ∞ quantifies the loss of ASC due to eavesdropping and as T e ∞ increases with N E with ASC decreasing.

IV. AVERAGE NUMBER OF LEGITIMATE USER EXAMINATIONS
According to the proposed scheduling scheme, once an user is acceptable, the other users will be not checked. Hence the average user examinations' number can be written as As it is fact that F γ b i (γ T ) ≤ 1, we can obtain that . So in this assumption, if we want to have a smaller N A , γ T should be larger.
Furthermore, from a more intuitive perspective, we employ the reduced percentage in terms of the number of legitimate user examinations (RPN) to justify the advantage of the proposed scheme, which can be expressed as

V. NUMERICAL REPRESENTATIVE RESULTS
In this section, we perform numerical results for the abovementioned secrecy analysis and validate the proposed scheme through Monte-Carlo (MC) simulations by Matlab. The system parameters are given in Table II [37] and the shadowing coefficients of the satellite channel are provided in Table III [33], respectively. Without loss of generality, we set δ 2 b i = δ 2 e j = 1 and in all the plots we denote γ b i = γ b . Moreover, the SR channel and the MC approach 10 8 iterations for Figs. 1-3 and Figs. 5-8, besides 10 11 iterations for Fig. 4. Fig. 3 plots the SOP of the considered system versus γ b with γ T = 5 dB and γ e = 10 dB for AS. As shown in this figure, we can observe that the MC simulation results are tight across the analytical results versus the whole SNRs. Besides we find that at high SNRs, the asymptotic results are the same with the MC simulations results, which prove the correctness of our analysis. Furthermore, just as we analyzed before, the secrecy diversity remains one and the key system parameters, including γ T , N B and N E , influence the system performance by affecting the secrecy coding gain. We observe that the secrecy coding gain will be lower when a larger N B or γ T is presented. In addition, we can also find that the secrecy coding gain will be degraded when N E is larger.   Fig. 4 depicts the SOP versus γ T with γ b =40 dB for different shadowing scenarios. From the figure, we know that the optimal value of γ T which means the lowest SOP will change according to different channel shadowing severities. The heavier channel shadowing is, the smaller γ T will be. Moreover, we can obtain  that the SOP will be larger with the increasing SNR of the eavesdropper. Fig. 5 provides the ASC versus differentγ b , differentγ e and different channel shadowing with γ T =5 dB, N E =1 and N B =3. We can find that, the ASC will increase to be infinity whenγ b grows infinity. Moreover, we observe that whenγ E is larger, the ASC will be lower in the case of larger eavesdroppers' power. At end, the ASC will be larger when the channel is under light shadowing. Fig. 6 examines the ASC versus differentγ b , different N E and different γ T withγ e =5 dB and N B =3: FHS. It can be seen that, when γ T is larger, the ASC is improved, for the reason that better legitimate user's link is selected. More interestingly, we derive that whenγ b is larger enough, the values for different γ T cases are same, because whenγ b is larger enough, every legitimate user's link is better enough to overcome γ T , which means every link is better enough. Lastly, it is noted that when N E is larger, the ASC will be lower. Fig. 7 plots the ASC versus differentγ b , different N B and different γ T withγ e =5 dB and N E =1: FHS. We still find that whenγ b is larger enough, at high SNRs, the values of ASC for  different cases are same, which also means that all links are the suitable links to transmit the signals. However, whenγ b is lower, there is a turning point showing that at lower SNRs (before the turning point), we should set γ T larger, at high SNRs (behind the turning point, not larger enough), the lower γ T is suitable. Fig. 8 provides the reduced percentage in terms of the number of user examinations versus γ T with different N B and γ b for FHS. As illustrated in this figure, we compare our proposed scheme with the maximal selection (MS) scheme (which is the best scheduling scheme [18], [19]). Intuitively, we can find that the reduced percentage of MS scheme is always zeros, which means that all users will be examined when choosing the suitable user. However, the reduced percentage of our proposed scheme depends on the value of γ T , when γ T is large enough, the reduced percentage will decrease to zero. Whereas, when reviewing the results derived from Fig. 3, the lowest SOP occurs with a special γ T . In this special γ T , the corresponding reduced percentage is higher enough, which validates the advantage of our proposed scheme.

VI. CONCLUSION
In this paper, we have proposed a scheduling scheme based on the predefined threshold for the security enhancement of multiuser satellite communication networks with multiple eavesdroppers. Next, closed-form expressions for the SOP and ASC of the considered system have been derived. To get more insights at high SNRs, asymptotic expressions for the SOP and ASC have also been obtained. Moreover, the average number of user examinations were also given, which validated the simplification of our proposed scheduling scheme. We found that when the SNR of the system was larger enough, γ T and N B did not affect the ASC. Nevertheless at lower SNRs, it had serious effects. Finally, numerical results have pointed out that our work has given a computationally efficient method to evaluate the secrecy performance of SatComs.

APPENDIX A PROOF OF THEOREM 1
Based on the proposed scheduling scheme, we can get the CDF of γ b as Since all of the satellite links undergo independent identically distributed (i.i.d) SR fading, (44) can be rewritten as After some simplification, (45) can be rewritten as (10). The proof is completed.

APPENDIX B PROOF OF THEOREM 2
Before doing this, with the help of [39], we first give the CDF of γ e as F γ e (x) x t e −Δ e x (46) From (19) and (20), we can obtain that Then, by substituting the second part of (10) and (46) into (47), (47) can be rewritten as where With the help of [24, eq. 48], Q 1 can be obtained as Then with the similar methods, J 3 and J 4 can be derived as Then by substituting (49), (50), (52) and (53) into (48), (23) will be derived. Now, we refer to C 2 . Also from (10) and (46), C 2 is given by Then by inserting the first part of (10) and (46) into (54), (54) can be rewritten as where J 5 and J 6 are, respectively, given by With the help of [24, eq. 50], Q 2 can be rewritten as Then, using the same ways, J 6 is obtained as Then, inserting (56) and (58) into (55), (24) will be derived.
Finally, taking C 1 and C 2 into (20), the proof is completed.

APPENDIX C PROOF OF THEOREM 3
In order to investigate the asymptotic analysis, we should obtain the asymptotic expressions for I 1 , I 2 and I 3 .

APPENDIX D PROOF OF THEOREM 4
Next, w 1 and w 2 will be derived. Recalling (20), it can be rewritten as where We should note that whenγ b is large enough, we obtain ln(1 + x) ≈ ln x [14], [27] and the SNR of every Bob's transmitted link is good enough to receive the signal, hence we have Then, with the help of (67), (66a) and [38, eq. 4.352.1], w 1 will derived.
To obtain the asymptotic expression for w 2 , we change the order of integration in (66b) as We can easily get that F γ b (z) 0 whenγ b → ∞. Then by substituting (28) into (68), and after some algebraic manipulations, w 2 will be derived with the help of [38, eq. 3.353.5].
The proof is completed.