Download pdf - Data-Aided Secure Massive MIMO Transmission Under ... - SJTUwnt.sjtu.edu.cn/papers/ieee-tcom-attack.pdf · Data-Aided Secure Massive MIMO Transmission Under the Pilot Contamination

IEEE TRANSACTIONS ON COMMUNICATIONS, VOL. 67, NO. 7, JULY 2019 4765

Data-Aided Secure Massive MIMO TransmissionUnder the Pilot Contamination Attack

Yongpeng Wu , Senior Member, IEEE, Chao-Kai Wen , Member, IEEE, Wen Chen ,

Shi Jin , Senior Member, IEEE, Robert Schober, Fellow, IEEE,and Giuseppe Caire, Fellow, IEEE

Abstract— In this paper, we study the design of secure com-munication for time-division duplex multi-cell multi-user mas-sive multiple-input-multiple-output (MIMO) systems with activeeavesdropping. We assume that the eavesdropper actively attacksthe uplink pilot transmission and the uplink data transmissionbefore eavesdropping the downlink data transmission of the users.We exploit both the received pilot’s and the received data signalsfor uplink channel estimation. We show analytically that whenboth the number of transmit antennas and the length of the datavector tend to infinity, the signals of the desired user and theeavesdropper lie in different eigenspaces of the received signalmatrix at the base station, provided their signal powers are dif-ferent. This finding reveals that decreasing (instead of increasing)the desired user’s signal power might be an effective approachto combat a strong active attack from an eavesdropper. Inspiredby this observation, we propose a data-aided secure downlinktransmission scheme and derive an asymptotic achievable secrecysum-rate expression for the proposed design. For the specialcase of a single-cell single-user system with independent and

Manuscript received November 20, 2018; revised February 19, 2019;accepted March 23, 2019. Date of publication March 27, 2019; date ofcurrent version July 13, 2019. The work of Y. Wu is supported in partby the National Science Foundation (NSFC) under Grant 61701301, theYoung Elite Scientist Sponsorship Program by the China Association forScience and Technology (CAST), and the open research project of theState Key Laboratory of Integrated Services Networks (Xidian University)under Grant ISN20-03. The work of C.-K. Wen was supported in partby the Ministry of Science and Technology of Taiwan under grant MOST107-2221-E-110-026. The work of W. Chen is supported in part by theNSFC under Grant 61671294, STCSM Project under Grant 16JC1402900 and17510740700, National Science and Technology Major Project underGrant 2018ZX03001009–002. The work of S. Jin was supported in part bythe National Science Foundation (NSFC) for Distinguished Young Scholarsof China with Grant 61625106. This paper was presented in part at theIEEE ICC 2018. The associate editor coordinating the review of this paperand approving it for publication was X. Wang. (Corresponding author:Yongpeng Wu.)

Y. Wu is with the Department of Electronic Engineering, Shanghai Jiao TongUniversity, Minhang 200240, China, and also with the State Key Laboratoryof Integrated Services Networks, Xidian University, Xi’an 710126, China(e-mail: [email protected]).

C.-K. Wen is with the Institute of Communications Engineering,National Sun Yat-sen University, Kaohsiung 804, Taiwan (e-mail: [email protected]).

W. Chen is with the Shanghai Institute of Advanced Communications andData Sciences, Department of Electronic Engineering, Shanghai Jiao TongUniversity, Minhang 200240, China (e-mail: [email protected]).

S. Jin is with the National Mobile Communications Research Laboratory,Southeast University, Nanjing 210096, China (e-mail: [email protected]).

R. Schober is with the Institute for Digital Communications, UniversitätErlangen-Nürnberg, D-91058 Erlangen, Germany (e-mail: [email protected]).

G. Caire is with the Institute for Telecommunication Systems, TechnicalUniversity of Berlin, 10587 Berlin, Germany (e-mail: [email protected]).

Color versions of one or more of the figures in this paper are availableonline at http://ieeexplore.ieee.org.

Digital Object Identifier 10.1109/TCOMM.2019.2907943

identically distributed fading, the obtained expression revealsthat the secrecy rate scales logarithmically with the numberof transmit antennas. This is the same scaling law as for theachievable rate of a single-user massive MIMO system in theabsence of eavesdroppers. The numerical results indicate that theproposed scheme achieves significant secrecy rate gains comparedwith alternative approaches based on matched filter precodingwith artificial noise generation and null space transmission.

Index Terms— Massive MIMO, pilot contamination attack,physical layer security.

I. INTRODUCTION

W IRELESS networks are widely used in civilian and mil-itary applications and have become an indispensable

part of our daily lifes. Therefore, secure communication is acritical issue for future wireless networks. As a complementto the conventional cryptographic techniques, new approachesto secure communication based on information theoreticalconcepts, such as the secrecy capacity of the propagationchannel, have been developed and are collectively referred toas physical layer security [1]–[6].

Multiple-input multiple-output (MIMO) technology hasbeen shown to be a promising means for providing mul-tiplexing gains and diversity gains, leading to improvedperformance [7]–[12]. In particular, massive MIMO technol-ogy, which utilizes a very large number of antennas at theBS and simple signal processing to provide services for acomparatively small (compared to the number of antennas)number of active mobile users, is a promising approach forefficient transmission of massive amounts of information andis regarded as a key technology in 5G [13]. Pilot contami-nation is a major impairment in massive MIMO systems [14]and many approaches have been proposed to solve this prob-lem [15]–[18]. For example, the authors of [18] proposed anapproach based on Chu sequences, which efficiently reducesthe effect of pilot contamination.

Most studies on physical layer security in massive MIMOsystems assume that the eavesdropper is passive and does notattack the communication process of the system [19]–[23].However, a smart eavesdropper can perform a pilot contami-nation attack to impair the channel estimation process at thebase station [24]. Due to the channel hardening effect causedby large antenna arrays, it is difficult to exploit the statisticalfluctuations of fading channels to safeguard the transmission.Then, the beamforming direction misled by the pilot contam-ination attack can significantly enhance the performance of

0090-6778 © 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

https://orcid.org/0000-0001-8210-5057

https://orcid.org/0000-0001-5952-232X

https://orcid.org/0000-0003-2133-8679

https://orcid.org/0000-0003-0271-6021

4766 IEEE TRANSACTIONS ON COMMUNICATIONS, VOL. 67, NO. 7, JULY 2019

the eavesdropper. This results in a serious secrecy threatin time division duplex (TDD)-based massive MIMOsystems [24].

Prior works on the pilot contamination attack have stud-ied mechanisms for enhancing the eavesdropper’s perfor-mance [25]–[28]. Other works propose various approaches fordetecting the pilot contamination attack [29]–[33]. Althoughthese schemes can detect a pilot contamination attack withhigh probability, [29]–[33] do not provide an effective trans-mission scheme in the presence of a pilot contamination attack.For secure communication under a pilot contamination attack,the authors of [34] propose a secret key agreement protocol forsingle-cell multi-user massive MIMO systems. An estimatorfor the base station (BS) is designed to evaluate the resultinginformation leakage. Then, the BS and the desired usersperform secure communication by adjusting the length of thesecret key based on the estimated information leakage. Otherworks have studied how to combat the pilot contaminationattack. The authors of [35] investigate the pilot contaminationattack problem for single-cell multi-user massive MIMO sys-tems over independent and identically distributed (i.i.d.) fadingchannels. The eavesdropper is assumed to only know the pilotsignal set whose size scales polynomially with the numberof transmit antennas. For each transmission, the desired usersrandomly select certain pilot signals from this set, which areunknown to the eavesdropper. In this case, it is proved thatthe impact of the pilot contamination attack can be eliminatedas the number of transmit antennas goes to infinity. Under thesame pilot allocation protocol, the authors of [36] and [37]respectively propose a random channel training scheme and ajamming-resistant scheme employing an unused pilot sequenceto combat the pilot contamination attack and to maintainsecure communication. Moreover, by exploiting an additionalrandom sequence, which is transmitted by the legitimate usersbut is unknown to the eavesdropper, an effective blind channelestimation method and a secure beamforming scheme aredeveloped to realize reliable transmission in [38].

However, all the above-mentioned methods rely on a keyassumption: some form of an additional pilot signal protocolwhich is unknown to the eavesdropper is needed to combatthe pilot contamination attack. For the more pessimistic casewhere the eavesdropper knows the desired users’ exact pilotsignal structure for each transmission,1 the secrecy threatcaused by the pilot contamination attack in multi-cell multi-user massive MIMO systems over correlated fading channelsis analyzed in [24]. Based on this analysis, three transmissionstrategies for combating the pilot contamination attack areproposed. Nevertheless, the designs in [24] are not able toguarantee a high (or not even a non-zero) secrecy rate forweakly correlated or i.i.d. fading channels when the power ofthe eavesdropper pilot signal is much larger than that of theusers’ pilot signals.

In this paper, we investigate secure transmission for TDDmulti-cell multi-user massive MIMO systems impaired by

1We note that this case constitutes a worst-case scenario. Hence, if securecommunication can be achieved for this worst case, then secure commu-nication can also be achieved for more optimistic settings as consideredin [36]–[38].

general correlated fading and a pilot contamination attack.We assume the considered system performs first uplink train-ing followed by uplink and downlink data transmission phases.The eavesdropper jams the uplink training phase and the uplinkdata transmission phase and then eavesdrops the downlink datatransmission2 We utilize the data transmitted in the uplinkto aid the channel estimation at the BS. Then, based on theestimated channels, the BS designs precoders for downlinktransmission.

This paper makes the following key contributions:

1) We prove that when the number of transmit antennas andthe amount of transmitted data both approach infinity,the desired users’ and the eavesdropper’s signals lie indifferent eigenspaces of the uplink received signal matrixprovided that their pilot signal powers are different. Ourresults reveal that increasing the power gap betweenthe desired users’ and the eavesdropper’s signals isbeneficial for separating the desired users and the eaves-dropper. This implies that when facing an active attack,decreasing (instead of increasing) the desired users’signal power could be an effective approach for enablingsecrete communication.

2) Inspired by this observation, we propose a joint uplinkand downlink data-aided transmission scheme to com-bat strong3 active attacks from an eavesdropper. Then,we derive an asymptotic expression for the correspond-ing achievable secrecy sum-rate. The derived expressionindicates that the impact of an active attack on uplinktransmission can be effectively eliminated by the pro-posed design.

3) We specialize the asymptotic achievable secrecy sum-rate expression to the case of i.i.d. fading channels. Par-ticularly, for the classical MIMO eavesdropper wiretapmodel, the derived expression indicates that the secrecyrate exhibits a logarithmic growth with the number oftransmit antennas. This is the same growth rate as thatof the achievable rate of a typical point-to-point massiveMIMO system without eavesdropping.

The remainder of this paper is organized as follows.In Section II, the basic system model is introduced andthe uplink channel estimation is investigated. In Section III,the proposed secure downlink transmission scheme is pre-sented and an asymptotic expression for the secrecy rate of theproposed design is derived. Section IV discusses the specialcase of i.i.d. fading in detail. Numerical results are providedin Section V, and conclusions are drawn in Section VI.

2We note that the pilot contamination attack presents a security threat onlyfor the downlink. In fact, in the uplink, if an eavesdropper transmits a strongpilot signal in the uplink together with the legitimate users, it can at most jamthe reception of some users, and therefore disrupt coherent detection, but itwill not be able to improve its ability to eavesdrop the uplink traffic. Sincethis paper studies the pilot contamination attack, we focus on downlink datatransmission. Secure uplink transmission is also relevant and is an interestingtopic for future work (not dedicated to the pilot contamination attack) but isoutside the scope of the present paper.

3We refer to a pilot contamination attack as a strong pilot contaminationattack if the pilot signal power of the eavesdropper is much larger than thatof the users.

WU et al.: DATA-AIDED SECURE MASSIVE MIMO TRANSMISSION UNDER THE PILOT CONTAMINATION ATTACK 4767

Fig. 1. Model of considered multi-cell massive MIMO system.

Notation: Vectors are denoted by lower-case bold-face let-ters; matrices are denoted by upper-case bold-face letters.Superscripts (·)T , (·)∗, and (·)H stand for the matrix transpose,conjugate, and conjugate-transpose operations, respectively.We use tr(A) and A−1 to denote the trace and the inverseof matrix A, respectively. diag {b} denotes a diagonal matrixwith the elements of vector b on its main diagonal. Diag {B}denotes a diagonal matrix containing the diagonal elements ofmatrix B on the main diagonal. The M × M identity matrixis denoted by IM , and the M × N all-zero matrix and theN ×1 all-zero vector are denoted by 0. The fields of complexand real numbers are denoted by C and R, respectively. E [·]denotes statistical expectation. [A]mn denotes the element inthe mth row and nth column of matrix A. [a]m denotes themth entry of vector a. ⊗ denotes the Kronecker product.x ∼ CN (0,RN) denotes a circularly symmetric complexvector x ∈ CN×1 with zero mean and covariance matrix RN .var(a) denotes the variance of random variable a. [x]+ standsfor max {0, x}. a � b means that a is much larger than b.f ∈ o(x) means that f/x → 0.

II. UPLINK TRANSMISSION

Throughout the paper, we adopt the following transmissionprotocol. We assume the uplink transmission phase, compris-ing uplink training and uplink data transmission, is followedby a downlink data transmission phase.

We assume the main objective of the eavesdropper is toeavesdrop the downlink data. Nevertheless, the eavesdrop-per also attacks the uplink transmission phase to impairthe channel estimation at the BS. The resulting mismatchedchannel estimation will increase the information leakage in thesubsequent downlink transmission. In the downlink transmis-sion phase, the eavesdropper does not attack but focuses oneavesdropping the data.

We study a multi-cell multi-user MIMO system with L+ 1cells, cf. Figure 1. We assume an Nt-antenna BS and Ksingle-antenna users are present in each cell. The cells areindex by l = (0, . . . , L), where cell l = 0 is the cell ofinterest. We assume an Ne-antenna active eavesdropper4 islocated in the cell of interest and attempts to eavesdrop thedata intended for all users in the cell. The eavesdropper sendspilot signals and artificial noise to interfere channel estimationand uplink data transmission,5 respectively. Let T and τ denotethe coherence time of the channel and the length of the pilotsignal, respectively. Then, for uplink transmission, the received

4An Ne-antenna eavesdropper is equivalent to Ne cooperating single-antenna eavesdroppers.

5We note that if the eavesdropper only attacks the channel estimation phaseand remains silent during the uplink data transmission, then the impact ofthis attack can be easily eliminated with the joint channel estimation anddata detection scheme in [15]. Therefore, a smart eavesdropper will attackthe entire uplink transmission.


pilot signal matrix Ymp ∈ CNt×τ and the received data signal

matrix Ymd ∈ CNt×(T−τ) at the BS in cell m are given by

Ymp =

√P0

K∑

k=1

hm0kωT

k +L∑

l=1

K∑

k=1

√Plhm

lkωTk

+√

Pe

KNeHm

e We + Nmp , (1)

Ymd =

√P0

K∑

k=1

hm0kd

T0k +

L∑

l=1

K∑

k=1

√Plhm

lkdTlk

+√

Pe

NeHm

e A + Nmd , (2)

where P0, ωk ∈ Cτ×1, and d0k ∼ CN (0, IT−τ ) denote theaverage transmit power, the pilot sequence, and the uplinktransmission data of the kth user in the cell of interest,respectively. For simplicity of notation, we assume that allusers in a given cell use the same transmit power [19]. Usingsimilar techniques as presented in this paper, our results canbe easily extended to the case where the users in a cellhave different transmit powers. We assume that the users indifferent cells have different powers. It is assumed that thesame K orthogonal pilot sequences are used in each cell whereωH

k ωk = τ and ωHk ωl = 0, k �= l. We is the pilot attack sig-

nal of the eavesdropper. Pl and dlk denote the average transmitpower and the uplink transmission data of the kth user in thelth cell, respectively. hp

lk ∼ CN (0,Rplk) denotes the channel

between the kth user in the lth cell and the BS in the pth cell,where Rp

lk is the corresponding correlation matrix. Hle and Pe

denote the channel between the eavesdropper and the BS in thelth cell and the average transmit power of the eavesdropper,respectively. Hl

e ∼ CN (0,Rl

E,T ⊗ RlE,R

)represents the

channel between the eavesdropper and the BS in the lth cell,where Rl

E,T and RlE,R are the corresponding transmit and

receive correlation matrices of the eavesdropper. Nmp ∈ CNt×τ

and Nmd ∈ CNt×(T−τ) are noise matrices whose columns are

i.i.d. Gaussian distributed with CN (0, N0INt).During the training phase, the eavesdropper attacks all users

in the cell of interest. In this paper, we adopt the worst-caseassumption that for each transmission, the eavesdropper knowsthe exact pilot sequence ωk of each user. Therefore, it usespilot attack sequences6 We =

∑Kk=1 Wk [35], where Wk =

[ωk · · ·ωk]T ∈ CNt×τ . In the uplink data transmission phase,the eavesdropper generates an artificial noise matrix A ∈CNt×T−τ , whose elements follows an i.i.d. standard Gaussiandistribution.

We define Y0 =[Y0

p Y0d

]and the eigenvalue decompo-

sition 1TNt

Y0YH0 = [v1, · · · ,vNt ]Σ[v1, · · · ,vNt ]H , where

the eigenvalues on the main diagonal of matrix Σ are orga-nized in ascending order. For the following, we make the

6If the eavesdropper is only interested in a particular user, then he canperform a pilot contamination attack specifically for this user as in [24].However, this pilot contamination precoding will not influence the proposedjoint uplink and downlink transmission scheme and the corresponding asymp-totic performance analysis.

important assumption that due to the difference in power7

between the eavesdroppers’ pilots and the users’ pilots in thecell of interest and the large path loss difference between theusers in the cell of interest and the users in the other cells [16],Petr

(R0

E,T

), P0tr

(R0

0k

), and Pltr

(Rl

lk

)have the relation-

ship Petr(R0

E,T

) � P0tr(R0

0k

) � Pltr(Rl

lk

). Define

tr(R0

E,T

)R0

E,R = RE and the eigenvalue decompositionRE = UEΛeUH

E , where Λe = diag (Λ1 · · ·ΛNe). Let M =(L+1)K+Ne and vector (θ1, · · · , θM ) has the same elementsas vector

(P1tr

(R0

11

), · · · , PLtr

(R0

LK

), P0tr

(R0

01

), · · · ,

P0tr(R0

0K

), PeΛ1, · · ·PeΛNe) but with the elements orga-

nized in ascending order such that index 1 ≤ i1 ≤ i2 · · · ≤iK ≤ M satisfies θik

= P0tr(R0

0k

), k = 1, 2, · · · , K .

Define V0eq = [vNt−M+i1 ,vNt−M+i2 , · · · ,vNt−M+iK ],

H0 =[h0

01, · · ·h00K

], and HI =

[h0

11, · · ·h01K , · · · ,

h0L1, · · · ,h0

LK

]. Then, we have the following theorem.

Theorem 1: Let Z0p = 1√TNt

(V0

eq

)HY0

p =

[z0p,1, · · · , z0p,K ] and H0eq = 1√

TNt

(V0

eq

)HH0 =

[heq,01, · · · ,heq,0K ]. Then, when T → ∞ and Nt → ∞,the received signal z = vec (Z0p) and the minimum meansquare error (MMSE) estimate heq,0k of heq,0k based on zare given by

z =√

P0

K∑

t=1

(ωt ⊗ IK)heq,0t + n, (3)

heq,0k =√

P0V0eqR

00k

(V0

eq

)H

×(N0IK + τP0V0

eqR00k

(V0

eq

)H)−1

×(√

P0τV0eqh

00k + neq

), (4)

where

n =

⎡

⎢⎢⎣

(V0

eq

)Hn0

p1...

(V0

eq

)Hn0

pτ

⎤

⎥⎥⎦ (5)

and n0pt in (5) is the tth column of N0

p. neq = V0eqneq and

neq ∼ CN (0, τN0INt).Proof: Please refer to Appendix A. �

Remark 1: The basic intuition behind Theorem 1 is thatwhen T → ∞ and Nt → ∞, each channel tends to bean eigenvector of the received signal matrix. As a result,we project the received signal matrix along the eigenspacewhich corresponds to the desired users’ channel. In this case,the impact of the strong active attack can be effectivelyeliminated, cf. (4).

Remark 2: It should be noted that when Nt → ∞,Petr

(R0

E,T

)> P0tr

(R0

0k

)> Pltr

(Rl

lk

)is enough to

distinguish the eavesdropper, the users in the cell of interest,and the users in the other cells as shown in Appendix A.However, when Nt is large but not infinite, we require

7When the eavesdropper increases the pilot contamination attack power Pe,the users in the cell of interest can intentionally decrease their pilot signalpower P0 to achieve a significant power gap between Pe and P0 based ona power control mechanism. According to Appendix A, this is essential toeliminate the impact of the active eavesdropper. If the eavesdropper does noteavesdrop the signals in the cell in which it is located but the signals in oneof the other cells, then a power control mechanism for Pe and Pl is requiredto combat the pilot contamination attack.


Petr(R0

E,T

) � P0tr(R0

0k

) � Pltr(Rl

lk

)to achieve a good

secrecy performance under the pilot contamination attack.Remark 3: In Theorem 1, we assume that the coherence

time of the channel is significantly larger than the symbolduration [16]. This assumption can be justified based onthe expression for the coherence time in [16, Eq. (1)]. Fortypical speeds of mobile users and typical symbol durations,the coherence time spans several hundred symbol durations.

Remark 4: The simulation results in Section V indicatethat a sufficient power gap between P0 and Pe can guaranteea good secrecy performance when the number of transmitantennas and the coherence time of the channel are large butfinite. We note that allocating a high power to the desired usersto combat a strong active attack is not necessary. In contrast,a large gap between P0tr

(R0

0k

)and Petr

(R0

E,T

)is essential

to approach the channel estimation result in Theorem 1. Thisimplies that decreasing the transmit power of the desired userscan be an effective strategy to ensure secure transmissionunder a strong active attack. As shown in Figure 5 andFigure 6 in Section V, as long as ρ = Pe/(P0K) is largerthan 0 dB, the proposed design is able to achieve a goodsecrecy performance in all considered scenarios.

Based on Theorem 1, in the next section, we can design theprecoders for downlink transmission.

III. DOWNLINK TRANSMISSION

In this section, we consider the downlink transmissionphase. We assume that the BSs in all L + 1 cells performchannel estimation according to Theorem 1 by replacingheq,0k , heq,0k , P0, and V0

eq by heq,lk , heq,lk, Pl, and Vleq ,

respectively. Then, the lth BS designs the transmit signal asfollows

xl =√

PK∑

k=1

tlkslk, l = 0, · · · , L, (6)

where P is the downlink transmission power, tlk =(Vl

eq

)H heq,lk

‖heq,lk‖ , and slk is the downlink transmitted signal

for the kth user in the lth cell.We note that unlike for the scheme in [24], for the proposed

precoder design, the base station does not need to know thefull statistical channel state information of the eavesdropper.As long as Petr

(R0

E,T

) � P0tr(R0

0k

) � Pltr(Rl

lk

)

holds, the base station can identify the relevant columns in1

TNtY0YH

0 = [v1, · · · ,vNt ]Σ[v1, · · · ,vNt ] for computationof V0

eq . For the legitimate users in the cell of interest, the BSneeds to know their covariance matrices R0

0k to performchannel estimation, see Theorem 1.

Because each user in the cell of interest has the risk of beingeavesdropped, based on [39] and [24], the achievable ergodic(the codewords are sent over a large number of fading blocks)secrecy sum-rate can be expressed as

Rsec =K∑

k=1

[Rk − Cevek ]+ (7)

where Rk and Cevek denote an achievable ergodic rate between

the BS and the kth user and the ergodic capacity between the

BS and the eavesdropper seeking to decode the informationof the kth user, respectively.

The received signal y0k at the kth user in the cell of interestis given by

y0k =L∑

l=0

(h0

lk

)Hxl + nd

=√

P(h0

0k

)H (V0

eq

)H heq,0k∥∥∥heq,0k

∥∥∥

s0k

+√

P(h0

0k

)H (V0

eq

)HK∑

t=1,t�=k

heq,0t∥∥∥heq,0t

∥∥∥

s0t

+√

P

L∑

l=1

(h0

lk

)H (Vl

eq

)HK∑

t=1

heq,lt∥∥∥heq,lt

∥∥∥

slt + nd, (8)

where nd ∼ CN (0, N0d) is the noise affecting the receiveddownlink signal.

The achievable ergodic rate Rk is given by

Rk = E [log (1 + γk)] , (9)

where

γk =

∣∣∣g0

0k,k

∣∣∣2

N0d +K∑

t=1,t�=k

∣∣∣g0

0t,k

∣∣∣2

+L∑

l=1

K∑

t=1

∣∣∣g0

lt,k

∣∣∣2, (10)

and g0lt,k =

√P(h0

lk

)H (Vl

eq

)H heq,lt

‖heq,lt‖ .

The ergodic capacity of the eavesdropper for decoding theinformation intended for user k, Ceve

k , is given by8

Cevek = E

[log2

(1 + P (t0k)HH0

eQ−1k

(H0

e

)Ht0k

)], (11)

where

Qk =(H0

e

)HK∑

p=1,p�=k

t0t(t0k)HH0e

+L∑

l=1

(Hl

e

)HK∑

k=1

tlk(tlk)HHle + N0dINe . (12)

Based on (7), (9), and (11), we obtain the followingtheorem.

Theorem 2: For the considered multi-cell multi-user mas-sive MIMO system, an asymptotic achievable secrecy sum-ratefor the transmit signal design in (6) is given by

Rsec, achNt→∞→

K∑

k=1

log (1 + γk) , (13)

8It should be noted that here we consider the practical scenario where theeavesdropper is not able to decode and cancel the signals of the intra-celland inter-cell users from the received signal. For a more pessimistic setting,where the eavesdropper has access to the data of all intra-cell and inter-cellinterfering users, we can also obtain a lower bound on the ergodic secrecyrate as in [24]. However, the two expressions exhibit no difference as far asthe subsequent analysis is concerned since the eavesdropper’s rate will besuppressed to zero based on the proposed data-aided transmission scheme.


where

γk =Pa0

0k,2

a00k,1

(

N0d + PK∑

t=1,t�=k

b00t,k

a00t,1

+ PL∑

l=1

K∑

t=1

cllt,k

allt,1

) ,

(14)

allt,1 = P0τ

⎛

⎝P0τ

⎡

⎣K∑

p=1,p�=t

[Al

lt,4

]pp

tr(Rl

ltRllp

)

+[Al

lt,4

]tttr2

(Rl

lt

)]+N0

K∑

p=1

[Al

lt,4

]pp

tr(Rl

lk

))

,

(15)

Allt,4 = Al

lt,3diag(tr(Rl

l1

), · · · ,

(Rl

lK

)), (16)

Allt,3 =

(Al

lt,1

)2(Al

lt,2

)2, Al

lt,2 =(N0IK + τP0Al

lt,1

)−1,

(17)

Allt,1 = diag

⎛

⎝ tr(Rl

l1Rllt

)

tr(Rl

l1

) , · · · ,tr((

Rllt

)2)

tr(Rl

lt

) , · · · ,

tr(Rl

ltRllK

)

tr(Rl

lK

)

)

, l=0, 1, · · · , L, t=1, · · · , K,

(18)

a00k,2 = P0

(P0τ

2([

A00k,5

]kk

tr2(R0

0k

)

+K∑

t=1,t�=k

[A0

0 k,5

]tttr(R0

0kR00t

)⎞

⎠

2⎞

⎟⎠

+ P0N0τ([

A00k,4

]kk

tr2(R0

0k

)

+K∑

t=1,t�=k

[A0

0k,4

]tttr(R0

0kR00t

)⎞

⎠, k = 1, · · · , K,

(19)

Allt,5 = Al

lt,2Allt,1diag

(tr(R0

01

), · · · ,

(R0

0K

))

= Allt,2A

llt,1Rl, l = 0, 1, · · · , L, t = 1, · · · , K,

(20)

b00t,k =

(P0τtr

(R0

0k

) [A0

0t,5

]kk

)2

tr(R0

0kR00t

)

+ P0τN0tr3(R0

0k

) ([A0

0t,5

]kk

)2

, (21)

cllt,k = PIτN0

(K∑

p=1

[Al

lt,5

]2pp

tr(R0

lkRllp

)tr(Rl

lp

)

+K∑

p=1

K∑

m=1,m �=p

[Al

lt,5

]pp

[Al

lt,5

]mm

× tr(Rl

lpR0lkR

llm

))

. (22)

Proof: Please refer to Appendix B. �Remark 5: Theorem 2 is a unified expression which is valid

for arbitrary K and L and general correlated channels. Also,Theorem 2 indicates that when Nt tends to infinity, the impactof the active attack from the eavesdropper vanishes if the

proposed joint uplink and downlink transmission approach isadopted.

Remark 6: Although the rigorous theoretical analysis inTheorem 2 requires that both Nt and T tend to infinity, oursimulation results in Section V indicate that even for shortpacket communication (e.g., T = 128) and a finite number oftransmit antennas (e.g., Nt = 64), the proposed joint uplinkand downlink transmission approach is still able to provide agood secrecy performance under a strong pilot contaminationattack.

Remark 7: It is important to note that the proposed schemedoes not require joint channel estimation and data detec-tion or an additional pilot sequence hopping mechanism.In fact, the uplink data only has to be exploited to generatematrix V0

eq . Then, simply projecting the transmit signal alongthe eigenspace, V0

eq , is enough to effectively combat the strongpilot contamination attack without any further computationaloperations or extra resources.

IV. THE I.I.D. FADING CASE

In order to obtain more insightful results, in this section,we analyze the asymptotic achievable secrecy rate of massiveMIMO systems for the i.i.d. fading case. For general multi-cell multi-user massive MIMO systems, we have the followingtheorem.

Theorem 3: For multi-cell multi-user massive MIMO sys-tems with i.i.d. fading where Rp

lk = βplkINt ,9 the asymptotic

achievable secrecy sum-rate for the transmit signal designin (6) is given by

Rsec, iidNt→∞→

K∑

k=1

log (1 + γk,iid) , (23)

where

γk,iid =Pa1k,iid

N0d + PK∑

t=1,t�=k

a2kt,iid + PL∑

l=1

K∑

t=1a3ktl,iid

, (24)

a1k,iid

=P0τ

(β0

0kNt+β00k (K−1)

)2+N0

(Ntβ

00k+(K−1)β0

0k

)

P0τβ00k (Nt+K−1)+KN0

,

(25)

a2kt,iid =P0τNtβ

00kβ0

0t + N0Ntβ00k

(P0τβ00t (Nt + K − 1) + KN0)

, (26)

a3ktl,iid =PIτNtβ

0lkβ0

lt + β0lkN0

(K+K(K−1)

Nt

)

PIτβllt (Nt + K − 1) + KN0

. (27)

Proof: The theorem can be proved by substituting Rplk =

βplkINt into (13) and performing some simplifications. �Remark 8: Theorem 3 indicates that the secrecy rate is

a monotonically increasing function of the signal-to-noiseratio (SNR) SNR = P/N0d even in the presence of anactive eavesdropper. This behavior is in sharp contrast withthe scheme proposed in [24, Theorem 3], for which thesecrecy rate decreases for increasing SNR in the high SNR

9It should be noted that here we do not require the channels of theeavesdropper to be i.i.d., i.e., Rl

E,T and RlE,R can be arbitrary matrices.


regime if all the available power at the BS is allocated tothe information-carrying signals. For the proposed data-aidedsecure massive MIMO transmission, V0

eq naturally forms anasymptotic orthogonal space to the eavesdropper’s channel.As a result, the null space of the transmit correlation matrixof the eavesdropper’s channel [24] is not essential anymore tocombat the strong pilot contamination attack. The proposedjoint uplink and downlink transmission scheme can guaranteereliable secure communication even for i.i.d. fading channels.

To provide more insights into the impact of the proposedscheme on secure communication in massive MIMO systems,we simplify the system model further to the single-cell single-user case. Based on Theorem 3 and [40, Corollary 1], we havethe following corollary.

Corollary 1: For a single-cell single-user system (L =0, K = 1) with i.i.d. fading, the asymptotic achievable secrecyrate for the transmit signal design in (6) is given by

Rsec, iid, single = log(

1 +PNtβ

001

N0d+ o(Nt)

). (28)

Proof: By setting L = 0, K = 1 in (23) and consideringthe asymptotic case, we obtain (28). �

Remark 9: The asymptotic secrecy rate in (28) grows loga-rithmically with the number of transmit antennas. This is iden-tical to the growth rate of the asymptotic rate for single-usermassive MIMO systems without eavesdropper. This is in sharpcontrast to the conclusions in [24, Theorem 9], where securecommunication is unachievable for the single-cell single-useri.i.d. fading case for high pilot contamination attack powers.Corollary 1 reveals that by exploiting the uplink transmissiondata, we can find a promising solution that facilitates securecommunication for i.i.d. fading massive MIMO systems withactive eavesdropper.

V. NUMERICAL RESULTS

In this section, we present numerical results to evaluatethe proposed scheme and the obtained analytical results.To the best of our knowledge, although there has been alarge amount of research on active eavesdropping in thepast few years [35]–[38], most of these schemes requiresome additional pilot signal protocol which is unknown tothe eavesdropper to combat the pilot contamination attack.These schemes are not compatible with the assumptions inour paper, where the eavesdropper perfectly knows the desiredusers’ exact pilot signal structure for each transmission. Hence,we compare the proposed scheme with matched filter precod-ing and AN generation (we refer to this design as MF-ANscheme) and the null space scheme in [24], which both alsodo not require a modified pilot protocol.

We define SNR = P/N0d and set P0 = P1 = ... = PL.Also, we define10ρ = Pe/(P0K). We consider both correlatedfading channels and i.i.d. fading channels. For correlatedfading channels, a uniform linear array is used at the BS withhalf a wavelength antenna spacing. The angle of arrival (AoA)

10It should be noted that the eavesdropper attacks the K users simultane-ously. For each user, the pilot contamination attack power is Pe/K . Hence,we define ρ = Pe/(P0K).

Fig. 2. MSE vs. T for L = 3, K = 5, Nt = 128, ρ = 1 dB, τ = 64,N0 = 1, correlated fading with θb = π, and different P0.

interval is A = [−θb, θb]. The channel power angle spectrumis modeled as a truncated Laplacian distribution [41]

p (θ) =1

√2σ

(1 − e−

√2π/σ

)e−√

2‖θ−θ‖σ , (29)

where σ and θ are the angular spread and the mean AoA of thechannel, respectively. The angular spread σ in (29) is assumedto be identical for the channels of all users and the eavesdrop-per and is set to be σ = π/2. The mean channel AoAs, θ, of allusers and the eavesdropper in (29) are generated at random.Based on [41, Eq. (3.14)], we generate the channel transmitcorrelation matrices of all users, Rp

lk, and the eavesdropper,Rl

E,T . Moreover, we impose a channel power normalizationsuch that the trace of the channel transmit correlation matrixbetween a user and the BS in its own cell and between auser and the BSs in the other cells are equal to Nt andβNt, respectively. We set β = 0.1. The receive correlationmatrices of the eavesdropper, Rl

E,R, are generated using theexponential correlation model

[Rl

E,R

]i,j

= ϕ|i−j|, ϕ ∈ (0, 1),where ϕ is generated at random. For i.i.d. fading channels,we set Rl

lk = βllkINt , Rp

lk = βplkINt , Rl

E,T = βleINt ,

and RlE,R = INe . Here, we set βl

lk = 1 and βplk = 0.1,

k = 1, · · · , K , l = 1, · · · , L, p = 1, · · · , L, p �= l. Also,we set β0

e = 1 and βle = 0.1, l = 2, · · · , L. Throughout this

section, we assume Ne = 2. Table I summarizes the values ofmain parameters used in the simulations in each figure.

Figure 2 shows the normalized mean squared error (MSE)∑Kk=1 ‖ heq,0k − V0

eqh00k ‖2 / ‖ V0

eqh00k ‖2 versus (vs.) T

for the MMSE estimation scheme in Theorem 1 for L = 3,K = 5, Nt = 128, ρ = 0 dB, τ = 64, N0 = 1, correlatedfading with θb = π, and different P0. We observe fromFigure 2 that the MSE is below 10−3 for all consideredP0 and T . This demonstrates that the proposed data-aidedestimation method is an effective approach to distinguish theactual channel of each user from the eavesdropper’s channelunder the pilot contamination attack.

Figure 3 shows the secrecy rate performance vs. SNR forthe proposed scheme for L = 3, K = 5, T = 1024, τ = 64,


TABLE I

VALUES OF MAIN PARAMETERS USED IN SIMULATIONS

Fig. 3. Secrecy rate vs. SNR for L = 3, K = 5, T = 1024, τ = 64,ρ = 20 dB, P0 = 10, N0 = 1, correlated fading with θb = π, anddifferent Nt.

ρ = 20 dB, P0 = 10, N0 = 1, correlated fading with θb = π,and different Nt. We observe from Figure 3 that the asymptoticsecrecy rates in Theorem 2 provide a good approximation forthe exact secrecy rates. The accuracy of the approximationincreases with the number of transmit antennas as expected.Also, we observe from Figure 3 that the secrecy rate is amonotonically increasing function of the SNR even under astrong pilot contamination attack.

Figure 4 shows the secrecy rate performance of the proposedscheme vs. Nt for L = 0, K = 1, ρ = 20 dB, P0 = 10,N0 = 1, i.i.d. fading, and different SNRs. We set τ = 64 andT = 16 Nt. We observe from Figure 4 that the secrecy ratesscale logarithmically with the number of transmit antennas,as predicted by Corollary 1. Figure 4 also shows that thetheoretical secrecy rates provide good approximations for theexact secrecy rates for the i.i.d. fading case.

Figure 5 shows the exact secrecy rate performance vs. ρ forthe proposed scheme and the null space (NS) scheme [24]for L = 3, K = 5, Nt = 128, ρ = 20 dB, P0 = 10,N0 = 1, SNR = 20 dB, correlated fading with θb = π,and different T . We observe from Figure 5 that even for

Fig. 4. Secrecy rate vs. Nt for L = 0, K = 1, ρ = 20 dB, P0 = 10,N0 = 1, i.i.d. fading, and different SNRs.

short packet communication when T = 128, the proposedscheme can achieve an obvious secrecy performance gaincompared to the null space scheme. Also, we observe fromFigure 5 that when the power of the active attack is strong, thenull space scheme maintains an almost constant secrecy rate.However, as ρ increases, the gap between P0R0

0k and PeΛi

increases. Therefore, the secrecy rates of the proposed schemeincrease with ρ. Moreover, Figure 5 reveals that increasingT is beneficial for the secrecy performance of the proposedscheme.

Figure 6 shows the exact secrecy rate performance vs. ρfor the proposed scheme and the MF-AN scheme [24] forL = 3, K = 5, Nt = 128, ρ = 20 dB, P0 = 10, N0 = 1,SNR = 20 dB, i.i.d. fading, and different T . We observe fromFigure 6 that when the power of the active attack is strong,the MF-AN scheme cannot provide a non-zero secrecy rate.However, our proposed scheme performs well in the entireconsidered range of ρ. When the power of the active attack isclose to the power of the desired user’s pilot signal where ρ issmall, the asymptotic estimation error in Theorem 1 increases.As a result, our proposed scheme suffers a slight performanceloss comparing to the MF-AN scheme.


Fig. 5. Secrecy rate vs. ρ for L = 3, K = 5, Nt = 128, P0 = 10,N0 = 1, SNR = 20 dB, correlated fading with θb = π, different schemes,and different T .

Fig. 6. Secrecy rate vs. ρ for L = 3, K = 5, Nt = 128, P0 = 10, N0 = 1,SNR = 20 dB, i.i.d. fading, different schemes, and different T .

Fig. 7. Secrecy rate vs. θb for L = 3, K = 5, Nt = 128, T = 1024,τ = 64, ρ = 10 dB, P0 = 10, N0 = 1, SNR = 15 dB, correlated fading,and different schemes.

Figure 7 shows the exact secrecy rate performance vs. θb forthe proposed scheme, the null space scheme, and the MF-ANscheme for L = 3, K = 5, Nt = 128, T = 1024, τ = 64,

ρ = 10 dB, P0 = 10, N0 = 1, SNR = 15 dB, and correlatedfading. It should be noted that the rank of the correlationmatrix generated by (29) decreases as θb decreases. This meanswhen θb is small, the channel is highly correlated. We observefrom Figure 7 that the proposed scheme provides the bestsecrecy performance throughout the entire considered rangeof θb. Also, we observe from Figure 7 that a small value of θb

is beneficial for the null space scheme since the rank of theeavesdropper’s transmit correlation matrix is low.

VI. CONCLUSIONS

In this paper, we have proposed a data-aided secure trans-mission scheme for general correlated fading channels andmulti-cell multi-user massive MIMO systems which are undera strong active attack. We exploit the received uplink datasignal for joint uplink channel estimation and secure downlinkdata transmission. We show analytically that when the numberof transmit antennas and the length of the data vector bothapproach infinity, decreasing (instead of increasing) the desireduser’s pilot signal power to generate an obvious gap tothe eavesdropper’s pilot signal power could be an effectiveapproach for distinguishing the desired user’s and the eaves-dropper’s channels. Based on this, we propose an effectiveapproach to eliminate the impact of an active pilot contam-ination attack. For the proposed data-aided secure downlinktransmission scheme, we obtain a general asymptotic achiev-able secrecy sum-rate expression. Interestingly, we reveal thatfor the special case of the classical MIMO wiretap channel,the obtained expression exhibits the same scaling law as theachievable rate of a single-user massive MIMO system with-out eavesdropping. Numerical results validate our theoreticalanalysis and demonstrate the effectiveness of the proposedscheme to mitigate strong active attacks compared to matchedfilter precoding with artificial noise generation and a null spacebased scheme.

APPENDIX APROOF OF THEOREM 1

We define Ω0 = [ω1, · · · , ωK ]T , D0 =√P0 [d01, · · · ,d0K ]T , ΩL =

[√P1ΩT

0 , · · · ,√

PLΩT0

]T

, DL

=[√

P1d11, · · · ,√

P1d1K , · · · ,√

PLdL1, · · · ,√

PLdLK

]T,

X0 =[√

P0Ω0 D0

], XI = [ΩL DL], Xe =[√

Pe

KNe

K∑

k=1

Wk

√Pe

NeA]

.

Based on (1) and (2), the received signal Y0 can bere-expressed as

Y0 = H0X0 + HIXI + H0eXe + N (30)

where N =[N0

p N0d

].

For massive MIMO with correlated fading, when Nt → ∞,we have

1Nt

HH0 H0 =

1Nt

⎡

⎢⎢⎣

(h0

01

)Hh0

01 · · · (h0

0K

)Hh0

01...

. . ....

(h0

01

)Hh0

0K · · · (h0

0K

)Hh0

0K

⎤

⎥⎥⎦ .

(31)


Based on [40, Corollary 1], we obtain

1Nt

HH0 H0

Nt→∞→ 1Nt

⎡

⎢⎢⎢⎢⎣

tr(R0

01

)0 · · · 0

0. . .

. . ....

.... . .

. . . 00 · · · 0 tr

(R0

0K

)

⎤

⎥⎥⎥⎥⎦

=1Nt

R0. (32)

Similarly, we have

1Nt

HHI HI

Nt→∞→ 1Nt

⎡

⎢⎢⎢⎢⎣

tr(R0

11

)0 · · · 0

0. . .

. . ....

.... . .

. . . 00 · · · 0 tr

(R0

LK

)

⎤

⎥⎥⎥⎥⎦

=1Nt

RI . (33)

Also, based on [42, Eq. (102)], we have

1Nt

[HH

e He

]ij

=1Nt

(h0

E,i

)Hh0

E,j

= eHi

(R0

E,R

)1/2(G0

E

)H(R0

E,T

)1/2

× (R0

E,T

)1/2G0

E

(R0

E,R

)1/2eH

j

= tr(eH

i

(R0

E,R

)1/2(G0

E

)H(R0

E,T

)1/2(R0

E,T

)1/2

× G0E

(R0

E,R

)1/2ej

)

Nt→∞→ 1Nt

tr((

R0E,R

)1/2ejeH

i

(R0

E,R

)1/2)

tr(R0

E,T

)

=1Nt

{R0

E,R

}ij

tr(R0

E,T

)(34)

where h0E,i denotes the ith column of matrix He, G0

E ∼CN (0, INt ⊗ INe), and ei is a Nt × 1 vector with the ithelement being one and the other elements being zero.

As a result, we have

1Nt

HHe He

Nt→∞→ 1Nt

R0E,Rtr

(R0

E,T

)=

1Nt

RE . (35)

When T → ∞, based on [40, Corollary 1], we have

1T

X0XH0

T→∞→ P0IK , (36)

1T

XIXHI

T→∞→ PIILK , (37)

1T

XeXHe

T→∞→ PeINe . (38)

Then, we obtain (39), given at the top of the next page.Based on [40, Corollary 1], we obtain (40), given at the

top of next page from (39).Now, we re-write (40) as (41), given at the top of the next

page.We define

UY =[UW HIR

−1/2I HeR

−1/2E H0R

−1/20

](42)

where UW ∈ CNt×(Nt−M) has orthogonal columns.

Based on (32)–(35), we know

1Nt

UHY UY

Nt→∞→ INt . (43)

From (39)–(43), we know that for T → ∞, Nt → ∞, UY

is the right singular matrix of Y0. Therefore, we obtain

Z0p =1√TNt

(V0

eq

)HY0

p

Nt→∞→ 1√TNt

(V0

eq

)H√P0Ω0X0

+1√TNt

(V0

eq

)HN0

p. (44)

Define z = vec (Z0p), where Z0p is defined in Theorem 1.From (44), we can re-express the equivalent received signalduring the pilot transmission phase as follows

z =√

P0

K∑

t=1

(ωt ⊗ IK)heq,0t + n (45)

where

n =

⎡

⎢⎢⎣

(V0

eq

)Hn0

p1...

(V0

eq

)Hn0

pτ

⎤

⎥⎥⎦ (46)

and n0pt in (46) is the tth column of N0

p.Based on (45), the MMSE estimate of heq,0k is given by

heq,0k =√

P0V0R00kV

H0 (ωk ⊗ IK)H

×(

N0IKτ + P0

K∑

t=1

(ωk ⊗ IK)

×V0R00tV

H0 (ωk ⊗ IK)H

)−1

z

=√

P0V0R00kV

H0

(N0IK + τP0V0R0

0kVH0

)−1

×(√

P0τheq,0k + (ωk ⊗ IK)Hn)

. (47)

For the noise term in (47), we have

(ωk ⊗ IK)Hn =(V0

eq

)Hτ∑

t=1

ω∗ktn

0pt

=(V0

eq

)Hneq = neq (48)

where ωkt is the tth element of ωk.Combining (47) and (48) completes the proof.

APPENDIX BPROOF OF THEOREM 2

From (40), we know(V0

eq

)H= H0R

−1/20 =

[h0

01, · · ·h00K

]R−1/2

0 , (49)(Vl

eq

)H= HlR

−1/2l =

[h0

01, · · ·h00K

]R−1/2

l . (50)

First, we consider

∣∣g00k,k

∣∣2 =P(h0

0k

)H (Vl

eq

)Hheq,0khH

eq,0kVleqh

00k

∥∥∥heq,0k

∥∥∥

2 . (51)


1NtT

YYH

Nt→∞,T→∞→ 1NtT

H0X0XH0 HH

0 +1

NtTHIXIXH

I HHI +

1NtT

HeXeXHe HH

e +N0

NtINt

=1Nt

[UW HIR

−1/2I HeR

−1/2E H0R

−1/20

]

×

⎡

⎢⎢⎢⎢⎢⎣

N0INt−M 0 · · · 0

0 R1/2I XIX

HI R

1/2I

T + N0I(L−1)K

. . ....

.... . . R

1/2E XeX

He R

1/2E

T + N0INe 0

0 · · · 0 R1/20 X0X

H0 R

1/20

T + N0IK

⎤

⎥⎥⎥⎥⎥⎦

×

⎡

⎢⎢⎢⎣

UHW

R−1/2I HH

I

R−1/2E HH

e

R−1/20 HH

0

⎤

⎥⎥⎥⎦

.

(39)

1NtT

YYH Nt→∞,T→∞→ 1Nt

[UW HIR

−1/2I HeR

−1/2E H0R

−1/20

]

×

⎡

⎢⎢⎢⎢⎣

N0INt−M 0 · · · 0

0 PIRI + N0ILK. . .

......

. . . PeRe + N0INe 00 · · · 0 P0R0 + N0IK

⎤

⎥⎥⎥⎥⎦

⎡

⎢⎢⎢⎣

UHW

R−1/2I HH

I

R−1/2E HH

e

R−1/20 HH

0

⎤

⎥⎥⎥⎦

. (40)

1NtT

YYH Nt→∞,T→∞→ =1Nt

[UW HIR

−1/2I HeR

−1/2E UE H0R

−1/20

]

×

⎡

⎢⎢⎢⎢⎣

N0INt−M 0 · · · 0

0 PIRI + N0I(L−1)K

. . ....

.... . . PeΛe + N0INe 0

0 · · · 0 P0R0 + N0IK

⎤

⎥⎥⎥⎥⎦

⎡

⎢⎢⎢⎣

UHW

R−1/2I HH

I

UHE R−1/2

E HHe

R−1/20 HH

0

⎤

⎥⎥⎥⎦

. (41)

Based on (4), we have∥∥∥heq,0k

∥∥∥

2

= P0

(√P0τV0

eqh00k + V0

eqneq

)H

×(N0IK +τP0V0

eqR00k

(V0

eq

)H)−1

V0eqR

00k

(V0

eq

)H

×V0eqR

00k

(V0

eq

)H(N0IK +τP0V0

eqR00k

(V0

eq

)H)−1

×(√

P0τV0eqh

00k + V0

eqneq

). (52)

Based on (49) and [40, Corollary 1], we have

1Nt

V0eqR

00k

(V0

eq

)H(53)

=1

NtR−1/2

0

[h0

01, · · ·h00K

]HR0

0k

[h0

01, · · ·h00K

]R−1/2

0

Nt→∞→ 1Nt

R−1/20 diag

(tr(R0

01R00k

), · · · , tr

((R0

0k

)2),

· · · , tr(R0

01R00K

))R−1/2

0

=1Nt

diag

⎛

⎝ tr(R0

01R00k

)

tr (R001)

· · ·tr((

R00k

)2)

tr (R00k)

· · ·

tr(R0

0kR00K

)

tr (R00K)

)

= A00k,1. (54)

By substituting (54) into (52) and simplifying, we have

1Nt

∥∥∥heq,0k

∥∥∥

2

=1Nt

P0

(√P0τV0

eqh00k + V0

eqneq

)H

A00k,3

×(√

P0τV0eqh

00k + V0

eqneq

)

Nt→∞→ 1Nt

P0

(P0τ

2(h0

0k

)H (V0

eq

)HA0

0k,3h00k

+ (neq)H (

V0eq

)HA0

0k,3V0eqneq

), (55)

where A00k,3 is defined in (17).


For the first term on the right hand side of (55), we obtain

1Nt

(h0

0k

)H (V0

eq

)HA0

0k,3V0eqh

00k

=1Nt

(h0

0k

)H [h0

01, · · ·h00K

]R−1/2

0 A00k,3

×R−1/20

[h0

01, · · ·h00K

]Hh0

0k

=1Nt

⎡

⎣K∑

t=1,t�=k

(h0

0k

)Hh0

0t

[A0

0k,4

]tt

(h0

0t

)Hh0

0k (56)

+(h0

0k

)Hh0

0k

[A0

0k,4

]kk

(h0

0k

)Hh0

0k

], (57)

where A00k,4 is defined in (17).

Based on [40, Corollary 1], we obtain

1Nt

(h0

0k

)H (V0

eq

)HA0

0k,3V0eqh

00k

Nt→∞→ 1Nt

⎡

⎣K∑

t=1,t�=k

[A0

0k,4

]tttr(R0

0kh00t

(h0

0t

)H)

+[A0

0k,4

]kk

tr2(R0

0k

)]

Nt→∞→ 1Nt

⎡

⎣K∑

t=1,t�=k

[A0

0k,4

]tttr(R0

0kR00t

)

+[A0

0k,4

]kk

tr2(R0

0k

)]. (58)

For the second term on the right hand side of (55), we have

1Nt

(neq)H (

V0eq

)HA0

0k,3V0eqneq (59)

Nt→∞→ 1Nt

τN0tr((

V0eq

)HA0

0k,3

(V0

eq

))

=1Nt

τN0

× tr([

h001, · · ·h0

0K

]R−1/2

0 A00k,3R

−1/20

× [h0

01, · · ·h00K

]H)

=1Nt

τN0

K∑

t=1

[A0

0k,4

]tttr(h0

0t

(h0

0t

)H)

=1Nt

τN0

K∑

t=1

[A0

0k,4

]tttr(R0

0t

). (60)

Combining (55)–(60) yields

1Nt

∥∥∥heq,0k

∥∥∥

2 Nt→∞→ 1Nt

a00k,1, (61)

where a00k,1 is defined in (15).

For the numerator in (51), we have (62), given at the topof the next page, where A0

0k,1 and A00k,2 are defined in (18)

and (17), respectively.According to the definition of V0

eq in (49), we obtain

1Nt

(h0

0k

)H(V0

eq

)HA0

0k,2A00k,1V

0eqh

00k

=1Nt

(h0

0k

)H [h0

01, · · ·h00K

]R−1/2

0 A00k,2A

00k,1

×R−1/20

[h0

01, · · ·h00K

]Hh0

0k

=1Nt

K∑

t=1

(h0

0k

)Hh0

0t

[A0

0k,5

]tt

(h0

0t

)Hh0

0k. (63)

We can further simplify (63) as follows:

1Nt

[A0

0k,5

]tt

(h0

0k

)Hh0

0t

(h0

0t

)Hh0

0k

Nt→∞→ 1Nt

[A0

0k,5

]tttr(h0

0t

(h0

0t

)HR0

0k

)

Nt→∞→ 1Nt

[A0

0k,5

]tttr(R0

0kR00t

)

1Nt

[A0

0k,5

]kk

(h0

0k

)Hh0

0k

(h0

0k

)Hh0

0k

Nt→∞→ 1Nt

[A0

0k,5

]kk

tr2(R0

0k

). (64)

Then, we have

1Nt

(h0

0k

)H(V0

eq

)HA0

0k,2A00k,1V

0eqh

00k

Nt→∞→ 1Nt

[A0

0k,5

]kk

tr2(R0

0k

)

+1Nt

K∑

t=1,t�=k

[A0

0k,5

]tttr(R0

0kR00t

). (65)

Also, we have

1Nt

(neq)H(

V0eq

)HA0

0k,2A00k,1V

0eqh

00k

(h0

0k

)H(V0

eq

)H

×A00k,1A

00k,2V

0eqneq

Nt→∞→ 1Nt

τN0tr((

V0eq

)HA0

0k,2A00k,1V

0eqh

00k

(h0

0k

)H(V0

eq

)H

× A00k,1A

00k,2V

0eq

)

=1Nt

τN0

(h0

0k

)H(V0

eq

)H(A0

0k,1A00k,2

)2V0

eqh00k

=1Nt

τN0

(h0

0k

)H [h0

01, · · ·h00K

] (A0

0k,1A00k,2

)2

×R−10

[h0

01, · · ·h00K

]Hh0

0k

Nt→∞→ 1Nt

τN0

([A0

0k,4

]kk

tr2(R0

0k

)

+K∑

t=1,t�=k

[A0

0k,4

]tttr(R0

0kR00t

)⎞

⎠ . (66)

Substituting (65) and (66) into (62), we obtain

1Nt

(h0

0k

)H(V0

eq

)Hheq,0k

(heq,0k

)H

V0eqh

00k

Nt→∞→ 1Nt

P0

(P0τ

2([

A00k,5

]kk

tr2(R0

0k

)(67)

+K∑

t=1,t�=k

[A0

0k,5

]tttr(R0

0kR00t

)⎞

⎠

2⎞

⎟⎠+

1Nt

P0N0τ

×⎛

⎝[A0

0k,4

]kk

tr2(R0

0k

)+

K∑

t=1,t�=k

[A0

0k,4

]tt

× tr(R0

0kR00t

))

= a00k,2. (68)


1Nt

(h0

0k

)H(V0

eq

)Hheq,0k

(heq,0k

)H

V0eqh

00k

=1

Nt

(h0

0k

)H(V0

eq

)H√P0V0

eqR00k

(V0

eq

)H(N0IK + τP0V0

eqR00k

(V0

eq

)H)−1 (√

P0τV0eqh

00k + V0

eqneq

)

×√

P0

(√P0τV0

eqh00k + V0

eqneq

)H(N0IK + τP0V0

eqR00k

(V0

eq

)H)−1

V0eqR

00k

(V0

eq

)HV0

eqh00k

=1

NtP0

(√P0τV0

eqh00k + V0

eqneq

)H(N0IK + τP0V0

eqR00k

(V0

eq

)H)−1

V0eqR

00k

(V0

eq

)HV0

eqh00k

× (h0

0k

)H(V0

eq

)HV0

eqR00k

(V0

eq

)H(N0IK + τP0V0

eqR00k

(V0

eq

)H)−1 (√

P0τV0eqh

00k + V0

eqneq

)

Nt→∞→ 1Nt

P0

(√P0τV0

eqh00k + V0

eqneq

)H(N0IK + τP0A0

0k,1

)−1A0

0k,1V0eqh

00k

× (h0

0k

)H(V0

eq

)HA0

0k,1

(N0IK + τP0A0

0k,1

)−1(√

P0τV0eqh

00k + V0

eqneq

)

=1

NtP0

(√P0τ

(h0

0k

)H(V0

eq

)HA0

0k,2A00k,1V

0eqh

00k + (neq)

H(V0

eq

)HA0

0k,2A00k,1V

0eqh

00k

)

×(√

P0τ(h0

0k

)H(V0

eq

)HA0

0k,1A00k,2V

0eqh

00k+

(h0

0k

)H(V0

eq

)HA0

0k,1A00k,2V

0eqneq

), (62)


1Nt

∣∣g0

0k,k

∣∣2 Nt→∞→ P

Nt

a00k,2

a00k,1

. (69)

For∣∣∣g0

0t,k

∣∣∣2

, we obtain

∣∣g0

0t,k

∣∣2 = P

(h0

0k

)H (V0

eq

)H heq,0thHeq,0t

∥∥∥heq,0t

∥∥∥

2 V0eqh

00k. (70)

Following a similar approach as in (52)–(61), the denomi-nator of (76) is given by

1Nt

∥∥∥heq,0t

∥∥∥

2

Nt→∞→ 1Nt

P0

⎡

⎣P0τ2

⎛

⎝K∑

p=1,p�=t

[A0

0t,4

]pp

tr(R0

0tR00p

)

+[A0

0t,4

]tttr2

(R0

0t

))+τN0

K∑

p=1

[A0

0t,4

]pp

tr(R0

0p

)]

= a00t,1. (71)

For the numerator of (76), we have (72), given at the topof the next page.

Substituting the expression for V0eq in (49) into (72),

we obtain (73), given at the top of the next page.By applying [40, Corollary 1] to

(h0

0k

)H [h0

01, · · ·h00K

],

we have1Nt

(h0

0k

)H(V0

eq

)Hheq,0thH

eq,0tV0eqh

00k

Nt→∞→ 1Nt

(P0τ)2tr(R0

0k

) [A0

0t,5

]kk

eHk

[h0

01, · · ·h00K

]Hh0

0t

× (h0

0t

)H [h0

01, · · ·h00K

]ektr

(R0

0k

) [A0

0t,5

]kk

+1

NtP0tr

(R0

0k

) [A0

0t,5

]kk

eHk

[h0

01, · · ·h00K

]Hneq

× (neq)H [

h001, · · ·h0

0K

]−1/2

0ektr

(R0

0k

) [A0

0t,5

]kk

,

(74)

which can be simplified further as

1Nt

(h0

0k

)H(V0

eq

)Hheq,0thH

eq,0tV0eqh

00k

=1Nt

(P0τtr

(R0

0k

) [A0

0t,5

]kk

)2(h0

0k

)Hh0

0t

(h0

0t

)Hh0

0k

+1Nt

P0

(tr(R0

0k

) [A0

0t,5

]kk

)2(h0

0k

)Hneq(neq)

Hh00k

Nt→∞→ 1Nt

(P0τtr

(R0

0k

) [A0

0t,5

]kk

)2

tr(R0

0kR00t

)

+1Nt

P0τN0tr3(R0

0k

) ([A0

0t,5

]kk

)2

= b00t,k. (75)

By combining (69), (71), and (75), we obtain

1Nt

∣∣g0

0t,k

∣∣2 Nt→∞→ P

Nt

b00t,k

a00t,1

. (76)

Then, we consider∣∣∣g0

lt,k

∣∣∣2

, which leads to

P

Nt

∣∣g0

lt,k

∣∣2=

P

Nt

(h0

lk

)H (Vl

eq

)Hheq,lt

(heq,lt

)H

∥∥∥heq,lt

∥∥∥

2 Vleqh

0lk.

(77)

Following a similar approach as in (52)–(61), the denomi-nator of (77) is obtained as

1Nt

∥∥∥heq,lt

∥∥∥

2Nt→∞→ 1Nt

PI

⎡

⎣PIτ2

⎡

⎣K∑

p=1,p�=t

[Al

lt,4

]pp

tr(Rl

ltRllp

)

+[Al

lt,4

]tttr2

(Rl

lt

)]

+ τN0

K∑

p=1

[Al

lt,4

]pp

tr(Rl

lp

)]

= allt,1. (78)


1Nt

(h0

0k

)H(V0

eq

)Hheq,0thH

eq,0tV0eqh

00k

=1Nt

(h0

0k

)H(V0

eq

)H√P0V0

eqR00t

(V0

eq

)H(N0IK + τP0V0

eqR00t

(V0

eq

)H)−1

×(√

P0τV0eqh

00t + V0

eqneq

)√P0

(√P0τV0

eqh00t + V0

eqneq

)H(N0IK + τP0V0

eqR00t

(V0

eq

)H)−1

×V0eqR

00t

(V0

eq

)HV0

eqh00k

Nt→∞→ 1Nt

P0

(h0

0k

)H(V0

eq

)HA0

0t,1A00t,2

(√P0τV0

eqh00t + V0

eqneq

)

×(√

P0τV0eqh

00t + V0

eqneq

)H

A00t,2A

00t,1V

0eqh

00k

=1Nt

(P0τ )2(h0

0k

)H(V0

eq

)HA0

0t,1A00t,2V

0eqh

00t

(V0

eqh00t

)HA0

0t,2A00t,1V

0eqh

00k

+1Nt

P0

(h0

0k

)H(V0

eq

)HA0

0t,1A00t,2V

0eqneq

(V0

eqneq

)HA0

0t,2A00t,1V

0eqh

00k. (72)

1Nt

(h0

0k

)H(V0

eq

)Hheq,0thH

eq,0tV0eqh

00k =

1Nt

(P0τ )2(h0

0k

)H [h0

01, · · ·h00K

]R−1/2

0 A00t,1A

00t,2R

−1/20

[h0

01, · · ·h00K

]Hh0

0t

× (h0

0t

)H[h0

01, · · ·h00K

]HR−1/2

0 A00t,2A

00t,1R

−1/20

[h0

01, · · ·h00K

]Hh0

0k

+1Nt

P0

(h0

0k

)H [h0

01, · · ·h00K

]R−1/2

0 A00t,1A

00t,2R

−1/20

[h0

01, · · ·h00K

]Hneq

× (neq)H [

h001, · · ·h0

0K

]R−1/2

0 A00t,2A

00t,1R

−1/20

[h0

01, · · ·h00K

]h0

0k

=1Nt

(P0τ )2(h0

0k

)H [h0

01, · · ·h00K

]A0

0t,5

[h0

01, · · ·h00K

]Hh0

0t

× (h0

0t

)H[h0

01, · · ·h00K

]HA0

0t,5

[h0

01, · · ·h00K

]Hh0

0k

+1Nt

P0

(h0

0k

)H [h0

01, · · ·h00K

]A0

0t,5

[h0

01, · · ·h00K

]Hneq

× (neq)H [

h001, · · ·h0

0K

]A0

0t,5

[h0

01, · · ·h00K

]h0

0k. (73)

1Nt

(h0

lk

)H(Vl

eq

)Hheq,lthH

eq,ltVleqh

0lk

=1Nt

(h0

lk

)H(Vl

eq

)H√PIVl

eqRllt

(Vl

eq

)H(N0IK + τPIVl

eqRllt

(Vl

eq

)H)−1 (√

PIτVleqh

llt + Vl

eqneq

)

×√

PI

(√PIτVl

eqhllt + Vl

eqneq

)H(N0IK + τPIVl

eqRllt

(Vl

eq

)H)−1

VleqR

llt

(Vl

eq

)HVl

eqh0lk

Nt→∞→ 1Nt

PI

(h0

lk

)H(Vl

eq

)HAl

lt,1Allt,2

(√PIτVl

eqhllt + Vl

eqneq

)(√PIτVl

eqhllt + Vl

eqneq

)H

Allt,2A

llt,1V

leqh

0lk

Nt→∞→ 1Nt

PItr(R0

lk

(Vl

eq

)HAl

lt,1Allt,2

(√PIτVl

eqhllt + Vl

eqneq

)(√PIτVl

eqhllt + Vl

eqneq

)H

Allt,1A

llt,2V

leq

). (79)

For the numerator of (77), we have (79), given at the topof this page.

Based on (50), we can re-express (79) as (80), given at thetop of the next page.

For the first term on the right hand side of (80), wehave (81), given at the top of the next page.

For the second term on the right hand sideof (80), we have (82), given at the top of the nextpage.


1Nt

(h0

lk

)H(Vl

eq

)Hheq,lthH

eq,ltVleqh

0lk

Nt→∞→ 1Nt

P 2I τ2tr2

(Rl

lt

) [Al

lt,5

]2tt

tr(Rl

ltR0lk

)

+1

NtPIτN0

(K∑

p=1

[Al

lt 5

]2pp

tr(R0

lkRllp

)tr(Rl

lp

)


1Nt

(h0

lk

)H(Vl

eq

)Hheq,lthH

eq,ltVleqh

0lk

=1

NtPI

(√PIτVl

eqhllt + Vl

eqneq

)H

Allt,1A

llt,2R

−1/2l

[hl

l1, · · ·hllK

]HR0

lk

[hl

l1, · · ·hllK

]R−1/2

l

×Allt,1A

llt,2

(√PIτVl

eqhllt + Vl

eqneq

)

Nt→∞→ 1Nt

P 2I τ2

(hl

lt

)H(Vl

eq

)HAl

lt,1Allt,2R

−1/2l

[hl

l1, · · ·hllK

]HR0

lk

[hl

l1, · · ·hllK

]R−1/2

l Allt,1A

llt,2V

leqh

llt

+1Nt

PI(neq)H(

Vleq

)HAl

lt,1Allt,2R

−1/2l

[hl

l1, · · ·hllK

]HR0

lk

[hl

l1, · · ·hllK

]R−1/2

l Allt,1A

llt,2V

leqneq . (80)

1Nt

(hl

lt

)H(Vl

eq

)HAl

lt,1Allt,2R

−1/2l

[hl

l1, · · ·hllK

]HR0

lk

[hl

l1, · · ·hllK

]R−1/2

l Allt,2A

llt,1V

leqh

llt

Nt→∞→ 1Nt

(hl

lt

)H [hl

l1, · · ·hllK

]R−1/2

l Allt,1A

llt,2R

−1/2l

[hl

l1, · · ·hllK

]H

×R0lk

[hl

l1, · · ·hllK

]R−1/2

l Allt,2A

llt,1R

−1/2l

[hl

l1, · · ·hllK

]Hhl

lt

Nt→∞→ 1Nt

tr(Rl

lt

) [Al

lt,5

]eH

t

[hl

l1, · · ·hllK

]HR0

lk

[hl

l1, · · ·hllK

]ettr

(Rl

lt

) [Al

lt,5

]

Nt→∞→ 1Nt

tr2(Rl

lt

) [Al

lt,5

]2tt

tr(Rl

ltR0lk

). (81)

1Nt

(neq)H(

Vleq

)HAl

lt,1Allt,2R

−1/2l

[hl

l1, · · ·hllK

]HR0

lk

[hl

l1, · · ·hllK

]R−1/2

l Allt,2A

llt,1V

leqneq

Nt→∞→ 1Nt

τN0tr([

hll1, · · ·hl

lK

]Al

lt,5

[hl

l1, · · ·hllK

]HR0

lk

[hl

l1, · · ·hllK

]Al

lt,5

[hl

l1, · · ·hllK

]H)

=1Nt

τN0tr

(K∑

p=1

[Al

lt,5

]pp

hllp

(hl

lp

)HR0

lk

K∑

m=1

[Al

lt,5

]mm

hllm

(hl

lm

)H

)

=1Nt

τN0

(K∑

p=1

[Al

lt,5

]2pp

tr(hl

lp

(hl

lp

)HR0

lkhllp

(hl

lp

)H))

+K∑

p=1

K∑

m=1,m �=p

[Al

lt,5

]pp

[Al

lt,5

]mm

tr(hl

lp

(hl

lp

)HR0

lkhllm

(hl

lm

)H)

Nt→∞→ 1Nt

τN0

⎛

⎝K∑

p=1

[Al

lt,5

]2pp

tr(R0

lkRllp

)tr(Rl

lp

)+

K∑

p=1

K∑

m=1,m �=p

[Al

lt 5

]pp

[Al

lt 5

]mm

tr(Rl

lpR0lkR

llm

)⎞

⎠ . (82)

+K∑

p=1

K∑

m=1,m �=p

[Al

lt,5

]pp

[Al

lt,5

]mm

× tr(Rl

lpR0lkR

llm

))

= cllt,1. (83)

By combining (77), (78), and (83), we obtain

P

Nt

∣∣g0

lt,k

∣∣2 Nt→∞→ P

Nt

cllt,1

allt,1

. (84)

For Cevek in (11), we know from (43) that when Nt → ∞,

V0eqH

0e → 0. Therefore, we have

Cevek

Nt→∞→ 0. (85)

Substituting (69), (76), (77), and (85) into (7) completes theproof.

REFERENCES

[1] A. D. Wyner, “The wire-tap channel,” Bell Syst. Tech. J., vol. 54, no. 8,pp. 1355–1387, Oct. 1975.

[2] F. Oggier and B. Hassibi, “The secrecy capacity of the MIMO wiretapchannel,” IEEE Trans. Inf. Theory, vol. 57, no. 8, pp. 4961–4972,Aug. 2011.

[3] Y. Wu, C. Xiao, Z. Ding, X. Gao, and S. Jin, “Linear precoding forfinite-alphabet signaling over MIMOME wiretap channels,” IEEE Trans.Veh. Technol., vol. 61, no. 6, pp. 2599–2612, Jul. 2012.

[4] Y. Wu, J.-B. Wang, J. Wang, R. Schober, and C. Xiao, “Securetransmission with large numbers of antennas and finite alphabet inputs,”IEEE Trans. Commun., vol. 65, no. 8, pp. 3614–3628, Aug. 2017.

[5] Y. Wu, A. Khisti, C. Xiao, G. Caire, K.-K. Wong, and X. Gao, “A surveyof physical layer security techniques for 5G wireless networks and chal-lenges ahead,” IEEE J. Sel. Areas Commun., vol. 36, no. 4, pp. 679–695,Apr. 2018.


[6] Z. Li, L. Guan, C. Li, and A. Radwan, “A secure intelligent spectrumcontrol strategy for future THZ mobile heterogeneous networks,” IEEECommun. Mag., vol. 56, no. 6, pp. 116–123, Jun. 2018.

[7] Y. Wu, M. Wang, C. Xiao, Z. Ding, and X. Gao, “Linear precoding forMIMO broadcast channels with finite-alphabet constraints,” IEEE Trans.Wireless Commun., vol. 11, no. 8, pp. 2906–2920, Aug. 2012.

[8] Y. Wu, C. Xiao, X. Gao, J. D. Matyjas, and Z. Ding, “Linear precoderdesign for MIMO interference channels with finite-alphabet signaling,”IEEE Trans. Commun., vol. 61, no. 9, pp. 3766–3780, Sep. 2013.

[9] Y. Wu, S. Jin, X. Gao, M. R. Mckay, and C. Xiao, “Transmit designs forthe MIMO broadcast channel with statistical CSI,” IEEE Trans. SignalProcess., vol. 62, no. 17, pp. 4451–4466, Sep. 2014.

[10] S. Chen and J. Zhao, “The requirements, challenges, and technologiesfor 5G of terrestrial mobile telecommunication,” IEEE Commun. Mag.,vol. 52, no. 5, pp. 36–43, May 2014.

[11] S. Chen, S. Sun, Q. Gao, and X. Su, “Adaptive beamforming inTDD-based mobile communication systems: State of the art and 5Gresearch directions,” IEEE Wireless Commun., vol. 23, no. 6, pp. 81–87,Dec. 2016.

[12] Y. Wu, C. Xiao, Z. Ding, X. Gao, and S. Jin, “A survey on MIMOtransmission with finite input signals: Technical challenges, advances,and future trends,” Proc. IEEE, vol. 106, no. 10, pp. 1779–1833,Oct. 2018.

[13] J. G. Andrews et al., “What will 5G be?” IEEE J. Sel. Areas Commun.,vol. 32, no. 6, pp. 1065–1082, Jun. 2014.

[14] T. L. Marzetta, “Noncooperative cellular wireless with unlimited num-bers of base station antennas,” IEEE Trans. Wireless Commun., vol. 9,no. 11, pp. 3590–3600, Nov. 2010.

[15] C.-K. Wen, Y. Wu, K.-K. Wong, R. Schober, and P. Ting, “Performancelimits of massive MIMO systems based on bayes-optimal inference,”in Proc. IEEE. Int. Conf. Commun. (ICC), London, U.K., Jun. 2015,pp. 1783–1788.

[16] R. R. Müller, L. Cottatellucci, and M. Vehkaperä, “Blind pilot deconta-mination,” IEEE J. Sel. Topic Signal Process., vol. 8, no. 5, pp. 773–786,Oct. 2014.

[17] S. Haghighatshoar and G. Caire, “Massive MIMO pilot decontaminationand channel interpolation via wideband sparse channel estimation,” IEEETrans. Wireless Commun., vol. 16, no. 12, pp. 8316–8332, Dec. 2017.

[18] S. Ni, J. Zhao, and Y. Gong, “Optimal pilot design in massive MIMOsystems based on channel estimation,” IET Commun., vol. 11, no. 7,pp. 975–984, May 2017.

[19] J. Zhu, R. Schober, and V. K. Bhargava, “Secure transmission inmulticell massive MIMO systems,” IEEE Trans. Wireless Commun.,vol. 13, no. 9, pp. 4766–4781, Sep. 2014.

[20] X. Chen, L. Lei, H. Zhang, and C. Yuen, “Large-scale MIMO relayingtechniques for physical layer security: AF or DF?” IEEE Trans. WirelessCommun., vol. 14, no. 9, pp. 5135–5146, Sep. 2015.

[21] J. Chen, X. Chen, W. H. Gerstacker, and D. W. K. Ng, “Resourceallocation for a massive MIMO relay aided secure communication,”IEEE Trans. Inf. Forensics Security, vol. 11, no. 8, pp. 1700–1711,Aug. 2016.

[22] J. Zhu, D. W. K. Ng, N. Wang, R. Schober, and V. K. Bhargava,“Analysis and design of secure massive MIMO systems in the presenceof hardware impairments,” IEEE Trans. Wireless Commun., vol. 16,no. 3, pp. 2001–2016, Mar. 2017.

[23] N.-P. Nguyen, H. Q. Ngo, T. Q. Duong, H. D. Tuan, and K. Tourki,“Secure massive MIMO with the artificial noise-aided downlink train-ing,” IEEE J. Sel. Areas Commun., vol. 36, no. 4, pp. 802–816,Apr. 2018.

[24] Y. Wu, R. Schober, D. W. K. Ng, C. Xiao, and G. Caire, “Securemassive MIMO transmission with an active eavesdropper,” IEEE Trans.Inf. Theory, vol. 62, no. 7, pp. 3880–3900, Jul. 2016.

[25] X. Zhou, B. Maham, and A. Hjorungnes, “Pilot contamination foractive eavesdropping,” IEEE Trans. Wireless Commun., vol. 11, no. 3,pp. 903–907, Mar. 2012.

[26] J. Xu, L. Duan, and R. Zhang, “Proactive eavesdropping via jammingfor rate maximization over Rayleigh fading channels,” IEEE WirelessCommun. Lett., vol. 5, no. 1, pp. 80–83, Feb. 2016.

[27] N.-P. Nguyen, H. Q. Ngo, T. Q. Duong, H. D. Tuan, andD. B. da Costa, “Full-duplex cyber-weapon with massive arrays,” IEEETrans. Commun., vol. 65, no. 12, pp. 5544–5558, Dec. 2017.

[28] K.-W. Huang, H.-M. Wang, Y. Wu, and R. Schober, “Pilot spoofingattack by multiple eavesdroppers,” IEEE Trans. Wireless Commun.,vol. 17, no. 10, pp. 6433–6447, Oct. 2018.

[29] D. Kapetanovic, G. Zheng, K.-K. Wong, and B. Ottersten, “Detection ofpilot contamination attack using random training and massive MIMO,” inProc. IEEE 24th Annu. Int. Symp. Pers., Indoor, Mobile Radio Commun.(PIMRC), London, U.K., Sep. 2013, pp. 13–18.

[30] D. Kapetanovic, G. Zheng, and F. Rusek, “Physical layer security formassive MIMO: An overview on passive eavesdropping and activeattacks,” IEEE Commun. Mag., vol. 53, no. 6, pp. 21–27, Jun. 2015.

[31] Q. Xiong, Y.-C. Liang, K. H. Li, and Y. Gong, “An energy-ratio-based approach for detecting pilot spoofing attack in multiple-antennasystems,” IEEE Trans. Inf. Forensics Security, vol. 10, no. 5,pp. 932–940, May 2015.

[32] J. K. Tugnait, “Self-contamination for detection of pilot contaminationattack in multiple antenna systems,” IEEE Wireless Commun. Lett.,vol. 4, no. 5, pp. 525–528, Oct. 2015.

[33] Q. Xiong, Y.-C. Liang, K. H. Li, Y. Gong, and S. Han, “Securetransmission against pilot spoofing attack: A two-way training-based scheme,” IEEE Trans. Inf. Forensics Security, vol. 11, no. 5,pp. 1017–1026, May 2016.

[34] S. Im, H. Jeon, J. Choi, and J. Ha, “Secret key agreement withlarge antenna arrays under the pilot contamination attack,” IEEE Trans.Wireless Commun., vol. 14, no. 12, pp. 6579–6594, Dec. 2015.

[35] Y. O. Basciftci, C. E. Koksal, and A. Ashikhmin. (May 2015).Securing Massive MIMO at the Physical Layer. [Online]. Available:https://arxiv.org/abs/1505.00396

[36] H.-M. Wang, K.-W. Huang, and T. A. Tsiftsis, “Multiple antennas securetransmission under pilot spoofing and jamming attack,” IEEE J. Sel.Areas Commun., vol. 36, no. 4, pp. 860–876, Apr. 2018.

[37] T. T. Do, E. Björnson, E. G. Larsson, and S. M. Razavizadeh, “Jamming-resistant receivers for the massive MIMO uplink,” IEEE Trans. Inf.Forensics Security, vol. 13, no. 1, pp. 210–223, Jan. 2018.

[38] J. K. Tugnait, “Pilot spoofing attack detection and countermeasure,”IEEE Trans. Commun., vol. 66, no. 5, pp. 2093–2106, May 2018.

[39] G. Geraci, M. Egan, J. Yuan, A. Razi, and I. B. Collings, “Secrecysum-rates for multi-user MIMO regularized channel inversion precod-ing,” IEEE Trans. Commun., vol. 60, no. 11, pp. 3472–3482, Nov. 2012.

[40] J. Evans and D. N. C. Tse, “Large system performance of linearmultiuser receivers in multipath fading channels,” IEEE Trans. Inf.Theory, vol. 46, no. 6, pp. 2059–2078, Sep. 2000.

[41] Y. S. Cho, J. Kim, W. Y. Yang, and C. G. Kang, MIMO-OFDM WirelessCommunications With MATLAB. Singapore: Wiley, 2010.

[42] C.-K. Wen, G. Pan, K.-K. Wong, M. Guo, and J.-C. Chen, “A deter-ministic equivalent for the analysis of non-Gaussian correlated MIMOmultiple access channels,” IEEE Trans. Inf. Theory, vol. 59, no. 1,pp. 329–352, Jan. 2013.

Yongpeng Wu (S’08–M’13–SM’17) received theB.S. degree in telecommunication engineering fromWuhan University, Wuhan, China, in 2007, and thePh.D. degree in communication and signal process-ing from the National Mobile CommunicationsResearch Laboratory, Southeast University, Nanjing,China, in 2013.

During his doctoral studies, he conducted coop-erative research at the Department of ElectricalEngineering, Missouri University of Science andTechnology, USA. He was a Senior Research Fellow

with the Institute for Communications Engineering, Technical University ofMunich, Germany, and a Humboldt Research Fellow and Senior ResearchFellow with the Institute for Digital Communications, University Erlangen-Nürnberg, Germany. He is currently a Tenure-Track Associate Professor withthe Department of Electronic Engineering, Shanghai Jiao Tong University,China. His research interests include massive MIMO/MIMO systems, massiveaccess, physical-layer security, and power-line communication.

Dr. Wu has been a TPC Member of various conferences, including Globe-com, ICC, VTC, and PIMRC. He received the IEEE Student Travel Grantsfrom the IEEE International Conference on Communications (ICC) in 2010,the Alexander von Humboldt Fellowship in 2014, the Travel Grants fromthe IEEE Communication Theory Workshop in 2016, the Excellent DoctoralThesis Award from the China Communications Society in 2016, the Exem-plary Editor Award from the IEEE COMMUNICATION LETTERS in 2017, andthe Young Elite Scientist Sponsorship Program by CAST 2017. He was anExemplary Reviewer of the IEEE TRANSACTIONS ON COMMUNICATIONS

in 2015, 2016, and 2018. He was the Lead Guest Editor for the special issue“Physical Layer Security for 5G Wireless Networks” of the IEEE JOURNAL

ON SELECTED AREAS IN COMMUNICATIONS and the Guest Editor for thespecial issue “Safeguarding 5G-and-Beyond Networks with Physical LayerSecurity” of the IEEE WIRELESS COMMUNICATION. He is currently anEditor of the IEEE TRANSACTIONS ON COMMUNICATIONS and the IEEECOMMUNICATIONS LETTERS.


Chao-Kai Wen (S’00–M’04) received the Ph.D.degree from the Institute of Communications Engi-neering, National Tsing Hua University, Taiwan,in 2004. He was with the Industrial TechnologyResearch Institute, Hsinchu, Taiwan, and MediaTekInc., Hsinchu, from 2004 to 2009, where he wasinvolved in broadband digital transceiver design.Since 2009, he has been with the Institute ofCommunications Engineering, National Sun Yat-senUniversity, Kaohsiung, Taiwan, where he is cur-rently a Professor. His research interest includes theoptimization in wireless multimedia networks.

Wen Chen is currently a Professor of wireless com-munications with Shanghai Jiao Tong University. Hisarea of expertise covers massive access, networkcoding, and MIMO-OFDM. In these areas, he haspublished 95 papers in IEEE journals and more than100 papers in IEEE conferences.

Dr. Chen received the Ariyama Memorial ResearchAward in 1997, the JSPS Fellowship in 1999, and thePIMS Fellowship in 2001. He received the Honors ofNew Century Excellent Scholar in China in 2006 andthe Pujiang Excellent Scholar in Shanghai in 2007.

He received the Shanghai Excellent Master Thesis Supervision Award andthe Best Paper Award of Chinese Information Theory Society in 2013,the Best Service Award of the Chinese Institute of Electronics and the BestPresentation Paper Awards of the Chinese Information Theory Society in 2014,the Innovate 5G Competition Award and the IEEE WCSP Best Paper Awardin 2015, the IEEE APCC Keynote Speaker Appreciation in 2016, the ExcellentPh.D. Thesis Supervision Award of the Chinese Institute of Communicationsin 2018, and the Excellent Researcher Award of the Chinese Institute of Elec-tronics in 2019. He received the IEEE VTS 2018 Chapter-of-the-Year Award.He is an IEEE Distinguished Lecturer of the Communications Society. He isthe Shanghai Chapter Chair of the IEEE Vehicular Technology Society. He isan Editor of the IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS,the IEEE TRANSACTIONS ON COMMUNICATIONS, and the IEEE ACCESS.

Shi Jin (S’06–M’07–SM’17) received the B.S.degree in communications engineering from theGuilin University of Electronic Technology, Guilin,China, in 1996, the M.S. degree from the Nan-jing University of Posts and Telecommunications,Nanjing, China, in 2003, and the Ph.D. degreein information and communications engineeringfrom Southeast University, Nanjing, in 2007. From2007 to 2009, he was a Research Fellow with Adas-tral Park Research Campus, University College Lon-don, London, U.K. He is currently with the faculty

of the National Mobile Communications Research Laboratory, Southeast Uni-versity. His research interests include space–time wireless communications,random matrix theory, and information theory. He and his coauthors receivedthe 2011 IEEE Communications Society Stephen O. Rice Prize Paper Awardin the field of communication theory and the 2010 Young Author Best PaperAward from the IEEE Signal Processing Society. He serves as an AssociateEditor for the IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS,the IEEE COMMUNICATIONS LETTERS, and the IET Communications.

Robert Schober (S’98–M’01–SM’08–F’10)was born in Neuendettelsau, Germany, in 1971.He received the Diplom (Univ.) and Ph.D. degreesin electrical engineering from the University ofErlangen-Nuermberg in 1997 and 2000, respectively.From 2001 to 2002, he was a Post-Doctoral Fellowwith the University of Toronto, Canada, sponsoredby the German Academic Exchange Service(DAAD). Since 2002, he has been with TheUniversity of British Columbia (UBC), Vancouver,Canada, where he is currently a Full Professor.

Since 2012, he has been an Alexander von Humboldt Professor and theChair for Digital Communication at Universität Erlangen-Nürnberg (FAU),Erlangen, Germany. His research interests fall into the broad areas ofcommunication theory, wireless communications, and statistical signalprocessing.

Dr. Schober is a fellow of the Canadian Academy of Engineering andthe Engineering Institute of Canada. He received several awards for hiswork, including the 2002 Heinz Maier-Leibnitz Award of the GermanScience Foundation (DFG), the 2004 Innovations Award of the VodafoneFoundation for Research in Mobile Communications, the 2006 UBC KillamResearch Prize, the 2007 Wilhelm Friedrich Bessel Research Award of theAlexander von Humboldt Foundation, the 2008 Charles McDowell Awardfor Excellence in Research from UBC, the 2011 Alexander von HumboldtProfessorship, and the 2012 NSERC E.W.R. Steacie Fellowship. In addition,he received the Best Paper Awards from the German Information TechnologySociety (ITG), the European Association for Signal, Speech and ImageProcessing (EURASIP), the IEEE WCNC 2012, the IEEE Globecom 2011,the IEEE ICUWB 2006, the International Zurich Seminar on BroadbandCommunications, and European Wireless 2000. From 2012 to 2015, he wasthe Editor-in-Chief of the IEEE TRANSACTIONS ON COMMUNICATIONS.He currently serves as a Member-at-Large on the Board of Governors of theIEEE Communication Society and the Chair of the IEEE TRANSACTIONS

ON MOLECULAR, BIOLOGICAL AND MULTISCALE COMMUNICATIONS.

Giuseppe Caire (S’92–M’94–SM’03–F’05) wasborn in Torino in 1965. He received the B.Sc.degree in electrical engineering from the Politecnicodi Torino in 1990, the M.Sc. degree in electricalengineering from Princeton University in 1992, andthe Ph.D. degree from the Politecnico di Torino in1994.

He has been a Post-Doctoral Research Fellow withthe European Space Agency (ESTEC), Noordwijk,The Netherlands, from 1994 to 1995, an AssistantProfessor in telecommunications with the Politec-

nico di Torino, an Associate Professor with the University of Parma, Italy,a Professor with the Department of Mobile Communications, the EurecomInstitute, Sophia-Antipolis, France, and a Professor of electrical engineeringwith the Viterbi School of Engineering, University of Southern California, LosAngeles, CA, USA. He is currently an Alexander von Humboldt Professorwith the Faculty of Electrical Engineering and Computer Science, TechnicalUniversity of Berlin, Germany. His main research interests include commu-nications theory, information theory, and channel and source coding withparticular focus on wireless communications.

Dr. Caire was a recipient of the Jack Neubauer Best System Paper Awardfrom the IEEE Vehicular Technology Society in 2003, the IEEE Communi-cations Society and Information Theory Society Joint Paper Award in 2004and 2011, the Okawa Research Award in 2006, the Alexander von HumboldtProfessorship in 2014, the Vodafone Innovation Prize in 2015, and the ERCAdvanced Grant in 2018. He has served in the Board of Governors of theIEEE Information Theory Society from 2004 to 2007, and as an Officer from2008 to 2013. He was the President of the IEEE Information Theory Societyin 2011.