Physical Layer Security for 5G Wireless Networks: A Comprehensive Survey

Physical-layer security is emerging approach that can benefit conventional encryption methods. The main idea of physical layer security is to take advantage of the features of the wireless channel and its impairments in order to ensure secure communication in the physical layer. This paper provides a comprehensive review of information-theoretic measures of the secrecy performance in physical layer security. In addition, our work survey research about physical layer security over several enabling 5G technologies, such as massive multiple-input multiple-output, millimeter wave communications, heterogeneous networks, and full-duplex, including the key concepts of each of the aforementioned technologies. Finally, future research directions and technical challenges of physical layer security are identified.


I. INTRODUCTION
In wireless communications, the continuously increasing demands for wireless applications and the exponential growth of the number of connected users have saturated the capacity of current communication systems. These pivotal issues motivate to researchers and network designers to search for novel solutions that guarantee ultra-high data rate, ultra-wide radio coverage, a massive number of efficiently connected devices, ultra-low latency, and efficient energy consumption. In this context, the fifth generation of wireless networks (5G) foresees great advances in solutions that use intelligent and efficient technologies, which will allow promoting economic and social growth on a global scale in very innovative ways [1]. Accordingly, 5G must be prepared to face with major challenges with respect to the reliability, security, and efficiency of the network, in order to meet the high requirements imposed by its implementation. Specifically, the security paradigm protecting the confidentiality of wireless communication is one of the core problems to be considered in 5G [2]. Unlike from the traditional security systems that are based on higher layer cryptographic mechanisms [3], which employ mathematically complex algorithms, physical layer security (PLS) emerges as a strategy that offers secure wireless communications by smartly operating the impairments of the channel [2]. In particular, PLS provides a great advantage compared to cryptography, since it does not depend on computational complexity. Therefore, the level of security achieved will not be affected even if the eavesdropper has powerful computing capabilities. This contrasts with encryption-based approach, which is based on the idea that eavesdropper has limited computational capabilities to solve difficult mathematical problems in limited periods [4].
Cornerstone ideas of PLS are from the seminal paper of Shannon, who laid the basis of secrecy systems [5]. Later, the well-known wiretap channel was introduced by Wyner in 1975 [6]. In that work, Wyner defines that secret messages can be sent by guaranteeing that the wiretap channel is a degraded (much noisier) version of the legitimate link, thus the secrecy capacity is the maximum data rate that can be safely transmitted, without this data being able to be decoded by an eavesdropper. Nevertheless, in real environments, due to the fading, random location, and broadcast nature of the wireless medium, the condition of eavesdropper's channel can be similar or even better than the legitimate channel, particularly when the eavesdropper is closer to the transmitter than the legitimate receiver. So, the Wyner's ideas become impracticable in such environments. Inspired by Wyner's work, investigations of the attainable secrecy capacity against eavesdropping were addressed in [7] for the broadcast channel, and for the Gaussian channel in [8]. These approaches have inspired an important amount of recent research activities from an information theoretic point of view for different types of channels (e.g., κ-µ shadowed, α-η-κ-µ, Fluctuating Two-Ray, and Fisher-Snedecor F) [9]- [12], and network topologies (e.g., Full-Duplex, multiple-input multiple-output (MIMO) Transmit Antenna Selection/ Maximal Ratio Combining (TAS/MRC), and Cognitive Radio Systems) [13]- [18].
The aim of this paper is to provide a comprehensive survey of PLS on enabling technologies for 5G. Firstly, the main PLS performance metrics are introduced, including secrecy capacity, secrecy outage probability, intercept probability, and the probability of strictly positive secrecy capacity. A brief background on these metrics are also provided. Then, we review the basic concepts of emerging 5G technologies. In particular, we focus on the following: massive MIMO, millimeter wave (mm-Wave) communications, heterogeneous networks (HetNet), and full-duplex (FD). Subsequently, we summarize the latest PLS research advances on the aforementioned 5G technologies.
The rest of the paper is organized as follows. Section II presents some fundamentals for PLS and reviews the main secrecy performance metrics. Section III summarizes concepts of promising 5G technologies and presents the recent advances in PLS research on these key 5G technologies. Section IV presents some of the open challenges in wireless security communications, and provides some concluding remarks.

II. FUNDAMENTALS OF PHYSICAL LAYER SECURITY
This section introduces key concepts for understanding information theoretic security in wireless communications systems.

A. General System Model
The general PLS model consists of three main communication nodes as depicted in Fig. 1. The first node is the legitimate transmitter (also known as Alice in network security jargon), the second node is the intended receiver (also known as Bob), and the third node is the eavesdropper (also known as Eve). The channel between Alice and Bob is known as the main channel, while the link between Alice and Eve is called the wiretap channel (also known as Eavesdropper channel). In this setup, the transmitter (Alice) sends a confidential message to the legitimate receiver (Bob), while the eavesdropper (Eve) receives the signal and intends to decode it. Therefore, Alice's goal is to use a transmission approach that can deliver the uncharted secret information to Bob, while making sure that Eve can not decode the transmitted secret information. To attain secrecy in wireless systems, PLS uses signal processing techniques designed to take advantage of specific features of the channel including fading, noise, interference, diversity, among others. Another important aspect to take into account in the system model (see, Fig. 1) is the availability of channel state information (CSI) at the nodes varies from complete to partial to even zero knowledge. This fact is important because if the CSI of the main channel is available, Alice can decide whether or not transmit and at which rate, thus attaining a considerable reduce on the secrecy outage probability. However, in real communication systems, all nodes can only obtain some kind of information about the channel between them and the other nodes. Furthermore, Alice is typically assumed to know Bob's channel but not to know Eve's channel. This is because Eve is usually passive (i.e., Eve monitors the network, intercepts messages and does not communicate with other nodes in the system). Several works such as [23]- [25] have done performance analysis of PLS with passive eavesdropper. On the other hand, there are scenarios in which Eve is active and performs some of the following actions: intentional interference (also known as jamming), adulteration and modification or denial of service [19]. Performance analysis of PLS, which consider Alice knows Eves channel (i.e., active eavesdropper) can be found in [20]- [22]. It is worthwhile to mention that in the performance evaluations of PLS, Eves and Bobs channels are typically assumed to be independent of each other (i.e., both channels are separated at least half wavelength). On the other hand, the links (i.e., Alice-to-Bob and Alice-to-Eve) do not meet the aforementioned condition (i.e., correlated channels) are investigated in [26]- [28].

B. Performance Metrics
Some of the main secrecy performance metrics most used in the literature are explained in this section. A good knowledge of these metrics will ease the understanding of the works to be addressed in the following sections, 1) Secrecy Capacity: The secrecy capacity C S for a wireless channel is the most used metric in PLS evaluation. C S is defined as the capacity difference between the main and wiretap channels. Rigorously speaking, it defines the maximum secret rate at which the secret message reliably recovers at Bob while remaining unrecoverable at Eve [29]. Mathematically, the secrecy capacity for a channel in a quasistatic fading scenario is given as in [6] by where |·| is the absolute value, γ X = |hAX| 2 PA N0 for X ∈ {B, E} is signal-to-noise ratio (SNR), h AB and h AE are the channel coefficients of the main and wiretap channels, respectively. P A is the transmit power at Alice, N 0 is the average noise power, and C B and C E are the capacities of the main and wiretap channels, respectively. Without loss of generality, it is assumed a normalized bandwidth W = 1 in the previous capacity definitions. In this scenario, it is possible to attain secure communications only if the main link has a better SNR than the wiretap link, i.e., It is worth mentioning that secrecy capacity is widely extended by researchers to secrecy outage probability (SOP) in order to measure the resulting secrecy in different network typologies [30].
2) Secrecy Outage Probability: The SOP is defined as the probability that the secrecy capacity falls below a target secrecy rate threshold R th . In other words, when the current secrecy capacity C S is not more than a pre-established threshold R th , the secrecy outage happens, which means the current secrecy rate cannot guarantee the security requirement. It can be formulated as in [31] by where Pr {·} indicates probability. The SOP in (3) indicates that whenever C S < R th , the wiretap channel will be worse than the main channel, so a secure communication is possible [32]. Despite of the important insights that the SOP provides in the characterization of the security performance of wireless communications, it has the following drawbacks: i) it lacks the ability to quantify the amount of information leaking to the eavesdroppers when the outage occurs; ii) it cannot offer any information about the eavesdropper's ability to decode confidential messages successfully; iii) it cannot be directly linked to the Quality of Service (QoS) requirements for different services [33]. Motivated by the limitations of the secrecy outage probability, the authors in [34], [35] proposed new metrics to overcome the three aforementioned demerits of the SOP. Thus, the authors give more insights into physical layer security and how secrecy is measured. It is worthwhile to mention that the concept of secrecy outage probability and secrecy outage capacity can also be extended to the case with multiple antennas at different nodes. Readers are referred to [36]- [38] for further studies on this topic. Next, according to the classical SOP defined above, alternative secrecy outage formulations from (3) are defined to follow.
3) Intercept Probability: An intercept event occurs when the C S is negative or falls below 0, which means that the wiretap channel has a better SNR than the main channel, it can be expressed as in [39] by Although this metric has not been widely explored in the literature, it is currently being investigated in evaluating and characterizing the security performance of wireless channels.
Readers are referred to [40]- [42] for more detailed information of this field of research.

4) Probability of Strictly Positive Secrecy Capacity:
The Probability of strictly positive secrecy capacity (SPSC) is the probability that the secrecy capacity C S remains higher than 0, which means that security in communication has been attained 1 . Mathematically, it can be written as in [43] by In [44]- [46], researchers investigated the security performance of wireless systems based on the SPSC metric over different fading channels models.

III. NEXT GENERATION PHYSICAL LAYER TECHNOLOGIES
Future mobile networks are expected to achieve high capacity rates and reduced latency to support the rapid growth of data traffic. The combination of 5G key technologies is considered as a cost-effective solution to fulfill these stringent requirements in the 5G wireless networks. However, the dramatically increasing in the data amount and complex communication environment put forward higher requirements on the security of mobile communications. In this section, we review the concepts of each of the promising enabling technologies for 5G, including their advantages and disadvantages. Next, we summarize the latest research results of PLS from the point of view of 5G technologies.

A. Massive MIMO
Massive MIMO is a multi-user scheme in which the base station (BS) is equipped with an big number of antennas as depicted in Fig. 2. These arrangement provide several degrees of freedom for wireless systems, better performance in channel capacities and improve communication qualities in the 5G networks [48]. For security purposes, massive MIMO gives very directed beam patterns to the location of the legitimate user so that the information leakage is reduced to undesired locations (i.e., Eve) significantly [49].
The authors in [47] were the first to investigate the drawbacks of PLS performance when the number of antennas approaches infinity in massive MIMO scenarios. Compared to tradicional MIMO, the massive MIMO introduces the following challenges: 1) the CSI estimation process is highly complex; 2) the channels models are correlated as the distances of antennas are very shorter than a half of the wavelength. Therefore, massive MIMO is still an open research field [50]. Next, we survey the current security attacks of massive MIMO technology based on passive and active eavesdropper scenarios, respectively.

1) Passive Eavesdropper Scenarios:
The key concept here is that the existence of a passive eavesdropper does not affect at all the beam of transmission at the BS, so it has a negligible effect on the secret capacity. Recently, in [51] was developed an algorithm to optimize power allocation of beam transmission for single-cell massive MIMO in presence of passive eavesdropper with multiple antennas. The results showed that beam domain transmission can achieve optimal performance in terms of secrecy capacity. Authors in [52] investigated secure transmissions of multi-pair massive MIMO AF relaying system over Ricean fading channels, where using a simple power control scheme the achievable sum secrecy rate is maximized. The use of artificial noise (AN)-aiding schemes to degrade the eavesdropping channel to improve the security in massive MIMO was analyzed in [53].
Other massive MIMO approaches with passive eavesdroppers include: impact of hardware deficiencies on the secret performance of massive downlink MIMO systems in the existence of eavesdropper with multiple antennas [54], performance analysis of wireless communications in a multi-user massive MIMO by considering imperfect CSI [55], secrecy outage probability analysis performance for massive MIMO scenarios [56], etc.
2) Active Eavesdropper Scenarios: A large number of PLS research works assume that the perfect CSI of the legitimate node channel is available in the transmitter and do not take into account the process for obtaining this channel information. In time duplex division (TDD) massive MIMO systems, during the uplink phase, legitimate nodes transmit pilot signals to the BS to estimate the channel for the later transmission of the downlink. At the same time, an active eavesdropper can interfere in the training phase to cause pilot contamination at the transmitter BS (see, for instance, Fig. 3). This forces in the transmission phase (i.e., downlink) of the BS to inherently beamform towards the eavesdropper, so increasing its received signal power [57]. This fact compromises that a positive secrecy rate may not be achievable. The result of this attack is that the advantages of PLS for massive MIMO are lost [58]. To circumvent the referred limitation, the following works investigated techniques to avoid the pilot contamination attack (PCA). In [59], the authors proposed a reliable communication that does not require statistical information about the links for a TDD massive MIMO with an active eavesdropper. In the proposed transmission scheme, an asynchronous protocol is used instead of the conventional synchronous protocol. A transmit power control policy was designed in [60] to efficiently allocate transmit power at the BS/relay for payload data and AN sequences for maximizing the achievable secrecy rate in Massive MIMO Downlink. For PLS in massive MIMO, in [61] was designed robust scheme together with AN beamforming to offer legitimate nodes and eavesdroppers with different signal-to-interference-and-noise ratio (SINR), while minimizing the transmit power of BS.
In [7] was designed simultaneous robust information and AN beamforming to offer the legiteme nodes and Eavesdropper with different signal-to-interference-and-noise ratio (SINR), meanwhile minimizing the transmit power of BS.
Other secure massive transmissions against active eavesdropper include: cooperative scheme strategy [62], data-aided secure downlink transmission scheme [63], and the secure communications design based on game theory [64], etc.

B. mm-Wave
Nowadays, most wireless systems are allocated in the band spectrum of 300 MHz to 3 GHz, which is extremely full. In this context, millimeter-Wave (mm-Wave) 2 is a very innovative key solution for next wireless networks (5G and beyond) to overcome this limitation. The idea behind mm-Wave communications is to take advantage of the unexploited high frequency mm-wave band, ranging from 3-300 GHz to cope with future multi-gigabit-per-second mobile, imaging, and multimedia applications. Compared to microwave networks, mm-Wave networks have several novel features, such as large number of antennas 3 , short range, different propagation laws, highly dense mm-Wave small cells, and beamforming as the main technique, which denotes that mm-Wave networks are implicitly directional [67].The adoption of PLS mm-Wave networks systems is a remarkably emerging topic of research. The general model of PLS for mm-Wave, massive MIMO, Full-Duplex, and Small Cells for 5G is presented in Fig. 4. Several approaches have been developed in this domain 4 , here we review some of the current works to highlight the potential of this emerging field. Most of the current research is focused on the 28, 38, and 60 GHz band [69]. In [70], in order to maximize the signal power of interest and neglect interference among different data flows (i.e., to improve the secrecy capacity), the authors proposed an AN aided two stages secure hybrid beamforming algorithm in MIMO mm-Wave relay eavesdropping scenario. Here, the combination of two stage hybrid beamforming algorithm with AN allows guaranteeing both high throughput and communication security. Next, based on multi-input single-output (MISO) mm-Wave system, where multiple single-antenna eavesdroppers are randomly located, the authors in [71] investigated secure communications techniques: maximum ratio transmitting (MRT) beamforming and AN beamforming. Particularly, it was developed the optimal power allocation between AN and the signal of interest that maximizes the secrecy throughput for AN beamforming. With regard to vehicular environments, in [72], the researchers proposed a location-based PLS technique for secure mm-Wave vehicular communication. Such a proposed technique takes advantage of the large antenna at the mm-Wave frequencies to jam eavesdroppers with sensitive receivers. The technique proved to offer good performance in terms of safety when an eavesdropper can have access to the direct path either by directly intercepting it or via a reflected path.
Other approaches include: PLS Analysis of Hybrid Millimeter Wave Networks [73], secrecy capacity of 5G mm-Wave Small Cells [74].

C. Heterogeneous Networks -Small Cells
Traditionally, macro cellular network is efficient in providing area coverage for voice applications and services that sup-port low data traffic, but limited in providing high data rates, so one of the promising solutions for users is to reduce the size of the cell in future wireless networks [75]. In this context, the Heterogeneous Networks (HetNet) will perform a pivotal role to meet the demands of 5G. The goal of HetNet is to offer a spectrum efficient solution that satisfies the spectacular growth of the data demands of the upcoming wireless services. In the HetNet topology, users with different capabilities (i.e., transmission powers, coverage areas, etc.) are implemented to be part of a multi-tier hierarchical architecture, as depicted in Fig.  5. The high-power nodes (HPNs) with broad radio coverage fields are located in macro cell, meanwhile low-power nodes (LPNs) with limited radio coverage fields are located in small cells [4]. The small cells ( typically with coverage of a few meters) can have different configurations, the femto cells that are usually used in homes and development companies, and the pico cells that are used for ample outdoor coverage or to fill the empty spaces of macro cell coverage [75]. In addition, HetNet includes a device level that supports device-to-device (D2D) communications. D2D communication favors nearby devices to connect directly and collaborate with each other without using HPNs/LPNs, making them a powerful tool of low-latency, and high-performance data services [76]. On the other hand, the multi-tier topology in HetNet entails technical challenges (e.g., self-organization, backhauling, handover, and interference) to the investigation of PLS compared to the traditional single-tier architecture [77]. Then, we review the most current works that address the aforementioned challenges in HetNet in the field of PLS. In two novel approaches [78], [79], PLS in a multi-cell wireless caching network has been studied. The researchers have taken advantage of cooperative multi-antenna transmissions to improve the secrecy capacity against a single eavesdropper in [78] and multiple non-reliable cache helpers in [79]. In [80], the authors proposed an interference-canceled opportunistic antenna selection (IC-OAS) scheme to enhance PLS for the HetNet, where a passive eavesdropper is assumed to tap the transmissions of both the macro cell and small cell. Here, it was shown that the IC-OAS method outperforms the conventional IC-OAS scheme not only brings security-reliability tradeoff benefits to the macro cell, but also has the potential of improving the security-reliability tradeoff of small cell.
Other secure communications works in HetNet systems include: Stochastic Geometry strategies [81], secrecy outage analysis over Nakagami-m fading channels [82], and secure communications design based on game theory [83], etc.

D. Full-Duplex
Among the promising technologies for 5G, the Full Duplex (FD) technology carries both opportunities and challenges for PLS communications. On one hand, FD allows the destination node to create AN to interfere with the eavesdropper and receive the information at the same time. On the other hand, if the eavesdropper has the FD technology, it can actively attack the receiver in the transmission process while eavesdropping. In addition, FD communications can double the spectral efficiency with regard to the traditional half-duplex communications. However, the main drawback that affects the transmission of FD is the management of the strong selfinterference signal imposed by the transmission antenna on the receiving antenna within the same transceiver [84]. The research on FD PLS communication can be classified in four categorizations of FD PLS communications, including the FD receiver, the FD transmitter and receiver, the FD BS, and the FD eavesdropper [68]. Next, we review the most current works with regard to the different configurations aforementioned FD technology. In [85], the authors proposed a novel channel training (CT) scheme for a full-duplex receiver to improve PLS. In this setup, the receiver (i.e., Bob) is equipped with N B antennas, so it can simultaneously receive the information signal and transmits AN to the eavesdropper. Here, in order to diminish the non-cancelable self-interference due to the transmitted AN, the the destination node has to estimate the self-interference channel prior to the data communication phase. In [86] was considered a problem of a passive and smart eavesdropping attack on MIMO wiretap scenario, where the receiver operates with FD mode. In such a system model, the smart eavesdropper can cancel jamming (caused by the receiver) by stealing the CSI between legitimate nodes. To counteract this, the authors proposed a cooperative jamming solution between transceivers to achieve the optimal secrecy performance. With regard to FD active eavesdropper (FDAE), in [87], was analyzed the anti-eavesdropping and anti-jamming performance of D2D communications. In this scenario, the FDAE can passively intercept confidential messages in D2D communications and actively jam all legitimate channels. In this respect, the authors proposed a hierarchical and heterogeneous power control mechanism with multiple D2D node equipment and one cellular node equipment to combat the smart FDAE.
Other works include: FD strategies in HetNet [88], [89], secrecy rate maximization in Wireless Multi-Hop FD Networks [90], secure communication based on joint design of information and AN beamforming for the FD simultaneous wireless information and power transferring (FD-SWIPT) systems with loopback self-interference cancellation [91].

IV. CONCLUSIONS AND FUTURE RESEARCH DIRECTIONS
In this paper, we have presented a comprehensive overview of PLS for 5G wireless networks. The following research topics emerge from the reviewed technologies in this survey: • Traditionally in most of the PLS works (as illustrated along of paper), the performance of secure communication is only measured using the metrics of secrecy capacity or outage probability, which as seen in section II, these metrics have their drawbacks. In this context, the optimal design of secrecy, reliability, throughput and the trade-off among them is still a challenge research field, and should be the target of future research work. • Providing PLS usually entails compromising other system requirements. For instance, moderate levels of security sacrifice throughput, while AN schemes compromise power efficiency, where the AN power is transmitted to the eavesdropper. Based on these factors, the characterizing the security performance in novel adversary models wireless scenarios through new metrics that take into account the main demerits of the conventional metrics are essential tracks in future research. Some of these metrics include: average fractional equivocation, average information leakage rate, and generalized secrecy outage probability [33]. • In the security paradigms, a promising direction of research is the integration of PLS and the classic wireless cryptography. In particular, the physical layer features of the wireless medium can be exploited for designing new security algorithms to improve the current authentication and key management in higher layers. • In the scenarios with passive eavesdroppers, a realistic assumption is that the transmitter does not know their locations either their CSI. In this context, an interesting future research direction could be to combine techniques such as channel coding and injection of AN (i.e., noise/interfering signals). The challenge would be to find a trade-off between the merits and demerits of the aforementioned techniques while seeking to maximize the secrecy capacity.