Secure transmission in the random cognitive radio networks with secrecy guard zone and artificial noise

: The authors study the secure transmission design in random cognitive radio networks where the primary users, the secondary users and the eavesdroppers are randomly distributed according to Poisson point processes. Centring on this scenario, the authors propose a simple and decentralised secure transmission scheme by jointly incorporating the secrecy guard zone and artificial noise. In particular, this transmission scheme helps to enhance secrecy performance via differentiating between secondary transmitters in accordance with the eavesdropping environment. They then analyse the connection outage and secrecy outage performance of the secondary network, based on which they obtain the closed-form expression of the secrecy throughput. They further determine the optimal transmission power of the secondary transmitters and the optimal power allocation between the information-bearing signal and artificial noise to maximise the secrecy throughput of the secondary network under primary and secondary outage constraints. The authors ’ analysis highlights that introducing secrecy guard zone provides better security performance, and artificial noise performs as additional interference to insert a control between the reliability and security. Numerical results show how the system parameters affect the achievable maximum secrecy throughput, the optimal transmission power and the optimal power allocation between the information-bearing signal and the artificial noise.


Introduction
With the rapid adoption of wireless devices, there is an unprecedented growth in the demand for radio spectrum in 5G mobile communication systems. To address the conflict between spectrum scarcity and spectrum underutilisation, cognitive radio (CR) has been regarded as a promising technology to solve the problem of inefficient spectrum usage in 5G wireless networks, like the cognitive cellular networks. Nevertheless, allowing the spectrum sharing in the cognitive radio network (CRN) is not without drawbacks. The coexistence of licensed and unlicensed users in the same spectrum makes the data transmissions more vulnerable to security attacks [1] compared with the traditional wireless networks. Thus, the secrecy transmission in CRNs becomes a critical issue. As a powerful complement to the traditional cryptographic techniques [2], the physical layer security [3] has been proposed to achieve perfect secrecy without requiring key distribution and complex encryption/decryption algorithms. The fundamental principle of physical layer security is to exploit intrinsic properties of communication channels to restrict the amount of confidential messages that is possibly intercepted by unauthorised receivers [4].
In the past few years, there has been increasing interest in the security issue of CRNs, due to the rapid growing amount of private and sensitive data transmitted in the limited spectrum. From an information-theoretic perspective, the performance of physical layer security in CRNs was studied in, e.g. [5][6][7]. More recently, various signal processing techniques and system design protocols were proposed to improve the secrecy performance of the CRNs [8,9]. However, the aforementioned works did not take a random network topology into account when analysing the secrecy performance of the CRNs. In other words, they only concerned a small number of legitimate nodes and eavesdroppers and assumed that their locations are exactly known and fixed at all times. In a practical network, the location and the number of nodes are usually randomised due to terrain features, site availability and local coverage requirements. In future 5G cellular networks with heterogeneous and smaller cells, the randomness of macro-cell BS locations or small-cell BS locations is expected to increase. Moreover, a passive eavesdropper would not reveal its channel state information (CSI) or location information to the legitimate nodes. Therefore, such concerns and assumptions are not always valid.
With respect to the random topology nature, stochastic geometry model enables a wide range of analytical studies. The performance and design of CRNs with random topology was studied using stochastic geometry in [10,11]. Furthermore, the stochastic geometry modelling has been shown to yield tractable results for secrecy performance of wireless networks. Chae et al. [12] investigated the optimal utilisation of artificial noise for secrecy communication. Zhou et al. [13] introduced secrecy transmission capacity to quantify the achievable rate of successful transmission of secret message per unit area and exploited secrecy guard zone to improve the network throughput. Zheng et al. [14] studied the secure multi-antenna transmission with artificial noise under slow fading channels coexisting with randomly located eavesdroppers. However, the results in [12][13][14] were only limited in one single link or one single network. Shu et al. [15] characterised the secrecy capacity of primary network considering a Poisson CR network, but only focused on the effect of large-scale fading on the secrecy performance ignoring that of small-scale fading. Recently, Win et al. [16] showed that cognitive interference was beneficial for the security of CRNs, while proposed corresponding interference engineering strategies.
In this paper, we study the secure transmission in a random CRN where the primary users (PUs), the secondary users (SUs) and eavesdroppers are randomly distributed according to Poisson point processes (PPPs). The main contribution of this paper can be summarised as follows.
For transmission design, we propose a simple and decentralised transmission scheme to safeguard the secure transmission in the secondary network against the eavesdropping. We jointly incorporate the secrecy guard zone and the artificial noise in the transmission scheme. Specifically, we exploit the secrecy guard zone centred at each secondary transmitter (SU-Tx) to classify all the SU-Txs into two types: the first-type SU-Txs are the ones in whose secrecy guard zone there exists no eavesdropper and the second-type SU-Txs are the ones in whose secrecy guard zone there exist one or more eavesdroppers. We differentiate between the first-type SU-Txs and the second-type SU-Txs: the first-type SU-Txs only transmit information-bearing signal while the second-type SU-Txs transmit artificial noise along with information-bearing signal. Our analysis highlights that introducing the secrecy guard zone provides better security performance, and the artificial noise performs as additional interference to insert a control between the reliability and security.
For information-theory analysis, we derive the secrecy outage probabilities (SOPs) of the first-type and the second-type secondary links to characterise the security performance, the connection outage probabilities (COPs) of the primary link, the first-type and the second-type secondary links to characterise the reliability performance. We find that both the transmission power of the SU-Txs and the artificial noise give positive and negative effects on the reliability and security performance. Specifically, the transmission power of the SU-Txs arouses a tradeoff between the reliability performance and the security performance of both the first-type and second-type secondary links. The artificial noise acts as an additional noise to arouse a tradeoff between the reliability performance and the security performance of the second-type secondary links. Finally, the overall performance of the secondary network is measured by the secrecy throughput defined as the achievable average rate of secure and reliable transmissions per unit area.
We further optimise the design of the transmission scheme. To this end, we study the optimisation problem of achieving the maximal secrecy throughput of the secondary network with respect to the transmission power and power fraction factor with given COP and SOP constraints. We first study the conditions on the constraints under which a non-zero secrecy throughput is achievable. We then obtain the closed-form solutions of the optimal power fraction factor k for information-bearing signal with given transmission power P S and numerically find the optimal transmission power P S that maximise the secrecy throughput. Numerical results show how the system parameters affect the maximal value of the secrecy throughput, the optimal transmission power and the optimal power allocation between the artificial noise and the information-bearing signal. It is also verified that our proposed transmission scheme can provide an enhancement of the secrecy throughput.
The rest of this paper is organised as follows. Section 2 gives the network descriptions and performance metrics. Sections 3 and 4 evaluate and optimise the transmission protocols, respectively. Section 5 presents the numerical results. Finally, Section 6 concludes the paper.
2 System model 2.1 Network descriptions As Fig. 1 illustrated, we consider an underlaid CRN consisting of primary transmitter-receiver pairs, secondary transmitter-receiver pairs and a set of eavesdroppers over a large two-dimensional space. The secondary network shares ratio frequency channels with the primary networks while satisfying the primary network outage constraint. In addition, the eavesdroppers try to intercept the secret message transmission of the secondary network.
The distribution of the primary transmitters (PU-Txs) follows a homogeneous PPP Φ P with spatial density l P . The distribution of the SU-Txs also follows a PPP Φ S with spatial density l S . Moreover, the distribution of the eavesdroppers follows another PPP Φ E with density l E . Different from the deterministic model, the spatial PPP introduces total randomness for the node deployment, and only the node density variable is required to characterise this stochastic process. In addition, the randomness introduced by the PPP-based model has the advantage of being tractable in performance analysis, since it often leads to closed-form results on statistical analysis for signal attenuation laws [17].
Some detail settings and assumptions are given below: (a) All the nodes are assumed with single antenna due to size, cost or hardware limitations, e.g. handsets and sensors. Each PU-Tx or SU-Tx communicates with one intended receiver with transmission power P P or P S . The associated primary receiver (PU-Rx) or secondary receiver (SU-Rx) is assumed to be located at a fixed (It is noted that other distance distributions can be easily incorporated into the framework.) distance l P or l S away from the transmitter with isotropic directions. In addition, each transmitter is assumed to have no CSI of the intended link due to the lack of feedback. (b) The secondary links are assumed to be eavesdropped in the model. The eavesdroppers are assumed to be passive and thus, they do not feed any CSI of the eavesdropping links back to the SU-Txs. In addition, the eavesdroppers do not collude with each other and hence, must decode the confidential message individually. Therefore, the security level is determined by the eavesdropper with the highest received power.
(c) To fight against eavesdropping, each SU-Tx adopts Wyner code [3] to encode the data before transmission. Since each SU-Tx does not have any CSI of the legitimate link and the eavesdropping link, a constant secret message rate R s is preferred. By arbitrarily selecting codeword transmission rate R t (R t > R s ), a Wyner's codebook can be constructed, where a codebook of rate R s for secret message is nested in a codebook of rate R t for transmitted codewords.
To enhance the secure transmission of the secondary network, we propose a simple and decentralised transmission scheme, which jointly incorporates the secrecy guard zone and artificial noise. We assume that the SU-Txs are able to detect the existence of eavesdroppers within a finite range (A transmitter can detect the existence of eavesdroppers by scanning nearby devices with the help of various detecting devices such as a metal detector, X-ray detector, evolved heat detector or the leaked local oscillator power detector [18] before transmission.). As per the mechanism of secrecy guard zone [13,19], we model this range as a disk with radius D centred at each SU-Tx. Through the secrecy guard zones, we classify all the SU-Txs into two types: the first-type SU-Txs are the ones in whose secrecy guard zone there exist no eavesdropper; the second-type SU-Txs are the ones in whose secrecy guard zone there exist one or more eavesdroppers. Obviously, the second-type SU-Txs are under serious security threats. In order to enhance the security, the second-type SU-Tx sends artificial Gaussian noise along with information-bearing signal. Specifically, the second class SU-Tx transmits the information-bearing signal with power kP S and transmits the artificial noise with power (1 − k)P S simultaneously by applying Fig. 1 Illustration of a random CRN where primary, secondary and eavesdropper nodes are randomly distributed according to PPPs. (The squares are the primary nodes, the triangles are the eavesdroppers, the black circles are the first-type secondary nodes and the red circles are the second-type secondary nodes. Besides, the grey disks are the secrecy guard zones.) superposition coding [20], where k [ (0, 1] is the power allocation factor for the information-bearing signal. The first-type SU-Txs still only transmit information-bearing signal with power P S . Since each SU-Txs only needs the local information about the existence of eavesdroppers, the proposed transmission scheme can be applied in a decentralised way. The set of the first-type SU-Tx locations is denoted by F I ( ) S with the density of l I ( ) S = l S exp −pD 2 l E , where the exponential term is the probability of no eavesdropper located inside the secrecy guard zone of an arbitrary SU-Tx. The set of the second-type SU-Tx locations is denoted by F II It is worth mentioning that similar secrecy guard zone transmission schemes have been previously studied in, e.g. [13,21] and the references therein. In these works, the transmission of information-bearing signal only happens at the transmitter where there is no eavesdropper inside the secrecy guard zone. Different from the existing works, both the first-type SU-Txs and the second-type SU-Txs transmit information-bearing signal in our proposed transmission scheme. We further exploit the artificial noise to insert an intelligence control of the positive and the negative effects for the second-type SU-Txs.
Note that since spectrum-sharing networks can be regarded as interference-limited environments, the thermal noise is ignored and the signal-to-interference ratio (SIR) is used for the sake of simplicity [22]. Let G ab and l ab denote the Rayleigh fading channel gain and the distance between node a and node b, respectively. Then, the instantaneous SIR received by a PU-Rx v 0 from a PU-Tx u 0 is given by (1) The instantaneous SIR received by a SU-Rx v 1 from a first-type SU-Tx u 1 is given by Similarly, the instantaneous SIR received by an eavesdropper e 1 from the first-type SU-Tx u 1 is given by On the other hand, since the second-type SU-Tx sends artificial noise along with secret message, the instantaneous SIR received by a SU-Rx v 2 from a second-type SU-Tx u 2 is given by (see (4)) Similarly, the instantaneous SIR received by an eavesdropper e 2 from the second-type SU-Tx u 2 is given by (see (5)) From the SIR expressions (1)-(5), we find that interferences give both positive and negative impacts on the secure transmission since they degrade not only the received SIR at the legitimate receiver but also the received SIR at the eavesdroppers. It is also shown that for the second-type SU-Tx, the artificial noise acts as an additional interference and asymmetrically amplifies the positive and the negative effects of the interference.
2.2 Performance metric 2.2.1 Connection outage probability: In both primary network and secondary network, if the capacity of the channel from the legitimate transmitter to the legitimate receiver is less than the transmission rate, there will be a connection outage event. The probability of this event happening is referred to as the COP. We denote the COPs of the primary link, the first-type secondary link and the second-type secondary link by p co,P , p I ( ) co,S and p II ( ) co,S , respectively. Note that the coexistence of the primary and the secondary networks requires that the secondary network guarantees the predefined outage probability of the primary network, i.e. p co,P ≤ δ P , where δ P is the predefined COP constraint of the primary network.

Secrecy outage probability:
In secondary network, if the capacity of the channel from the transmitter to one or more eavesdroppers is larger than the rate increment R t − R s , there will be a secrecy outage event. The probability of this event happening is referred to as the SOP. We denote the SOPs of the first-type secondary link and the second-type secondary link by p I ( ) so,S and p II ( ) so,S , respectively.

Secrecy throughput:
The overall performance of the system is measured by the secrecy throughput taking into account the network density, the security performance and the reliability performance together. We define the secrecy throughput of a network as the product of the transmitter density, the connection probability, the secrecy probability and the secrecy rate, which is given by [23,24] where p co and p so are the COP and the SOP of the typical link in the network.
It is worth mentioning that the definition of secrecy throughput in (6) is different from the definition adopted in [25,26], which quantises the average secrecy rate at which the messages are reliably transmitted. We find that the definition of throughput in [25,26] does not reflect whether the transmission is secure, and hence it is not very appropriate to characterise the overall performance of the secure transmission. Of course, it is impossible for the receiver to identify which messages are securely transmitted and which messages are leaked in the passive eavesdropping scenario. However, the secrecy throughput definition in our paper is still meaningful since it quantifies the average amount of the reliably and securely transmitted messages and provides the transmitter useful insights for transmission design.
In our work, the secrecy throughput of the whole secondary network is the sum of the secrecy throughput of the first-type SUs and the secrecy throughput of the second-type SUs. Denote h I ( ) S and h II ( ) S as the secrecy throughput of the first-type SUs and the second-type SUs. Then, the secrecy throughput of the secondary network is expressed as g II In this section, we derive the closed-form expressions for the COP, SOP and the secrecy throughput. We first seek to understand the effects of the system parameters on the outage probabilities. Then, we will derive the secrecy throughput of the secondary network. Note that we focus on analysing the performance of typical links since the signal-reception statistics experienced by the other links are same with that experienced by the typical links, which comes from the stationarity of Poisson process.

COP analysis
Define a threshold SIR value for connection outage of the typical primary link as θ co,P = 2 R0 − 1, where R 0 is the transmission rate of the PU-Txs. Then, the COP of the typical primary link is given by Considering the random distributions of PU-Txs and SU-Txs, p co,P is further expressed as [13] p co, where Since the location sets of the PU-Txs and the SU-Txs follow independent HPPP distributions, the Laplace transforms are known in closed forms [27]. As such, the COP of the typical primary link is given by p co,p = 1 − exp −pc 0 u 2/a co,P l 2/a P l P + P S P P 2/a l S , where c 0 = G 1 + (2/a) G 1 − (2/a) . It is shown that p co,P is an increasing function of P S . Therefore, P S is upper bounded to satisfy the outage constraint of the primary network, i.e. p co,p ≤ δ P , described as Similarly, define a threshold SIR value for connection outage of the typical first-type secondary link as θ co,S = 2 R t − 1. Then, the COP of the typical first-type secondary link is given by Following the same steps of (9), the COP of the typical first-type secondary link is given by co,S = 1 − exp −pc 0 u 2/a co,S l 2/a S P P P S 2/a l P + l S .
It is shown that p I

( )
co,S is a decreasing function of P S . Therefore, P S is lower bounded to satisfy the connection outage constraint of the first-type secondary links, i.e. p co,S ≤ δ S,1 , described as On the other hand, since the second-type SU-Txs transmit the information-bearing signal with power kP S and artificial noise with power (1 − k)P S simultaneously, the COP of the typical second-type secondary link is given by Considering the random distributions of PU-Txs and SU-Txs, we can express the COP of the typical second-type secondary link as (see (16)) where (16), the power fraction for the informationbearing signal must satisfy k [ u co,S /(1 + u co,S ), 1 . Otherwise, the secret message transmission of the typical second-type secondary link would be always in outage. Then, given power fraction k [ u co,S /(1 + u co,S ), 1 , the COP of the typical second-type secondary link is given by where b co,S = u co,S /(k − 1 − k ( )u co,S ). It is shown that p II ( ) co,S is a decreasing function of P S and k. Therefore, for a given k, P S is lower bounded to satisfy the connection outage constraint of the second-type secondary links, i.e. p II ( ) co,S ≤ d S,2 , described as P S ≥ P S,LB 2 = P P ( ln (1/(1 − d S,2 ))/pc 0 b 2/a co,S l 2/a S ) − l S l P −a/2 .
Also, for a given P S , k is lower bounded to satisfy the connection outage constraint of the second-type secondary links, described as From (10) and (13), we see that P S arouses a tradeoff between the COP of the primary link and the COP of the first-type secondary link. From (10) and (17), we see that P S arouses a tradeoff between the COP of the primary link and the COP of the second-type secondary link. Therefore, to satisfy the COP constraint of the primary network, the reliability performance of the secondary network should be compromised (i.e. larger values of p II ( ) co,S and p II ( ) co,S ). In other words, to satisfy the COP constraints of the primary network and the secondary network simultaneously, a moderate value of P S is preferred.

Secrecy outage probability
In this subsection, we derive the SOP of the secondary network to characterise the security performance. The SOP equals to the probability that at least one of the eavesdroppers in Φ E causes a secrecy outage. Define a threshold SIR value for secrecy outage of the secondary network as θ so,S = 2 R t − R s − 1. Then, the SOP of the typical second-type secondary link is expressed as (see (20)) where I P e 1 = y[F P P P G ye l −a ye 1 and I S e 1 = z[F S / u 1 { } P S G ze 1 l −a ze 1 . Using the generating function of the PPP Φ E [28], we can express (20) as (see (21)) Since it is difficult to exactly express p I ( ) so,S in a closed form, we look for an analytical bound on the SOP. Jensen's inequality gives an upper bound on p I ( ) so,S as (see (22)) where r e 1 denotes the distance between the typical first-type SU-Tx to the eavesdropper located at e 1 , (22) is arrived in the same way as (13) followed by changing the polar coordinates. Then, by directly evaluating the integral in (22) the upper bound of the SOP is obtained as It is shown that p I ( ),UB so,S is a decreasing function of D. This implies that a larger secrecy guard zone can achieve a higher security level. However, at the same time, a larger secrecy guard zone will certainly increase the hardware complexity and realisation difficulty. In addition, p I ( ),UB so,S is an increasing function of P S . Therefore, P S is upper bounded to satisfy the secrecy outage constraint of the first-type secondary link, i.e. p I ( ),UB so,S ≤ 1 S,1 , described as Similarly, the SOP of the typical second-type secondary link is expressed as (see (25)) Following the same steps, an upper bound on p II ( ) so,S is given by where b so,S = u so,S /(k − 1 − k ( )u so,S ). It is shown that p II ( ) so,S is an increasing function of P S and k. Therefore, for a given k, P S is upper bounded to satisfy the secrecy outage constraint of the second-type secondary link, i.e. p II ( ),UB so,S ≤ 1 S,2 , described as Also, for a given P S , k is upper bounded to satisfy the secrecy outage constraint of the second-type secondary link, described as (see (28) at the bottom of the next page) Note that the upper bound technique gives accurate approximations of p I

( )
so,S and p II ( ) so,S over the whole range of (0, 1] [29]. We also verified the accuracy of the upper bounds in the numerical results section. Thus, we can use it in the following analysis and discussion.  I P e 2 + I S e 2 , u so,S Remark 1: From the COP and the SOP results, we verify that the transmission power of the SU-Tx and the power fraction for secret message transmission affects both the reliability performance and the security performance. Specifically, the power fraction arouses a tradeoff between the reliability performance and the security performance of the second-type secondary link. A smaller power fraction for secret message transmission can achieve a higher security level while leading to a lower reliability level. The transmission power of the SU-Tx arouses a tradeoff between the reliability performance and the security performance of both the first-type and second-type secondary links. A larger transmission power can achieve a higher reliability level while leading to a lower security level.

Secrecy throughput analysis
In this subsection, we quantify the secrecy throughput of the secondary network. Having p I − l E exp −c 0 pu 2/a so,S l S + P P /P S 2/a l P D 2 c 0 u 2/a so,S l S + P P /P S 2/a l P .
Similarly, having p II

Secrecy throughput optimisation
From previous sections, we find that each of P S and k play a very important role in the performance of the secure transmission. Specifically, the value of k incurs a tradeoff between the reliability performance and the security performance of the second-type secondary links. The value of P S arouses tradeoffs between the reliability performance and the security performance of both the first-type and the second-type secondary links.
Thus, to optimise the performance of the transmission protocols, in this section, we obtain the optimal k and P S that maximise the secrecy throughput subject to secrecy outage and connection outage constraints. The optimisation problem is formulated as where δ P denotes the COP constraint of the primary network, δ S,1 and ɛ S,1 denote the COP constraint and the SOP constraint of the first-type secondary links, δ S,2 and ɛ S,2 denote the COP constraint and the SOP constraint of the second-type secondary links. The COP constraint represents the required reliability level while the SOP constraint represents the required security level. Note that when all of the COP and the SOP constraints are satisfied, non-zero secrecy throughput of the secondary network can be achieved. As such, we first give the condition under which the non-zero secrecy throughput exists before solving the optimisation problem.

Condition for non-zero secrecy throughput
From the COP and SOP results in previous section, we obtain the conditions for non-zero secrecy throughput of the first-type SUs and the second-type SUs in the following theorems.
Theorem 1: The conditions under which non-zero secrecy throughput of secondary network exists are given by Remark 2: The conditions in (32) and (33) give tradeoffs between the reliability level of the primary network and the reliability levels of secondary network. This implies that in order to guarantee the reliability performance of the primary network, the reliability performance of the secondary network should be compromised. The conditions in (34)-(37) give tradeoffs between the reliability level and the security level of the secondary network, which implies that in order to achieve a higher security level, the reliability level needs to be compromised in the secondary network. From (34)-(37), we find that the tradeoffs between the reliability and the security in the secondary network do not depend on the transmission power P S , the density of SU-Txs l S and the density of PU-Txs l P . This implies when the conditions are not met, only changing the transmission power and/or the density of the legitimate nodes cannot achieve non-zero secrecy throughput. We also find that the tradeoff can be improved by decreasing k ≤ k UB = min u so,S 1 + u so,S 1 + l E pc 0 ln (1/(1 − 1 S,2 )) l S + P P /P S 2/a l P h II ( ) S = l S 1 − exp −pD 2 l E exp −pc 0 l 2/a S b 2/a co,S l S + P P P S 2/a l P − l E c 0 b 2/a so,S l S + P P /P S 2/a l P ⎡ ⎣ ⎤ ⎦ .
distance of the communication link l S . Furthermore, comparing (34) and (35), we see that having the secrecy guard zone can also improve the tradeoffs.

Solution
Since k only affects the secrecy throughput of the second-type SUs, we first determine optimal value of k for given P S . The optimisation problem with respect to k is formulated as Then, the optimal value of k is given in the following theorem.
Theorem 2: For given transmission power P S , the optimal power fraction that maximises the secrecy throughput of the second-type SUs for given connection and secrecy outage constraints is given by where c 1 = (1/l E )pc 2 0 l 2 S l S + P P /P S 2/a l P 2 . □ Proof: See proof in Appendix. Remark 3: From Theorem 2, we can see that the optimal k depends on the ratio l 2 S l S + P P /P S 2/a l P 2 /l E . Specifically, as the ratio increases, k opt increases and approaches to 1. This is because higher density of interferences and longer communication distance make the connection outage more dominant than the secrecy outage. On the contrary, as the ratio decreases, k opt decreases and approaches to u co,S /(1 + u co,S ). This is because higher density of eavesdroppers makes the secrecy outage more dominant than the connection outage.
Next, we determine the optimal value of P S that maximises the secrecy throughput of the secondary network. The optimisation problem is formulated as We note that the closed-form expression for the optimal P S is mathematically intractable due to the sum formulation of the secrecy throughput of the secondary network. As such, we present Algorithm 1 (see Fig. 2) to numerically determine the optimal value of P S , denoted as P S,opt , and the maximum value of η S , denoted as η S,max . Note that the value of k opt can also be obtained by using (39) with P S,opt .

Numerical results
In this section, we first present the impacts of the transmission power of SU-Txs P S and power fraction factor for secret message k on the reliability and security performance. Then, we show the interaction of different design parameters and their impacts on the maximised secrecy throughput. Finally, we compare the performance of the proposed transmission protocol to two other transmission protocols to show the performance improvement. The system parameters are assumed as: P  Secrecy throughput and the optimal power fraction for secret message for given values of COP and SOP constraints of the second-type secondary links P S . It is seen that the analytical results match well with the numerical results, which verifies the exactness of the COP analysis and the accuracy of the SOP approximation. We note that as P S increases, p co,P , p (I) so,S and p (II) so,S keep increasing while p (I) co,S and p (II) co,S keep decreasing. This verifies the results that the transmission power of SU-Txs inserts a tradeoff between the reliability level of primary network and the reliability level of secondary network, and a tradeoff between the security level and reliability level of the secondary network. Fig. 4 plots p (II) co,S and p (II) so,S versus k with different values of θ co,S and θ so,S . It is observed that the analytical results match well with the numerical results, which again verifies the exactness of the COP analysis and the accuracy of the SOP approximation. Note that as k increases, p (II) so,S keeps increasing while p (I) so,S and p (II) co,S keeps decreasing. This verifies the results that the power fraction factor for secret message inserts a tradeoff between the security level and reliability level of the second-type secondary link. It is also observed that p (II) co,S increases as θ co,S increases and p (II) so,S decreases as θ so,S increases. This is because the SU-Rxs and eavesdroppers cannot obtain any information from the secret message if g (II) S , u co,S and g (II) E , u so,S . Then, we study the impacts of some typical system parameters on the value of η S,max and P S,opt and k S,opt . Fig. 5 plots η S,max , k S,opt and P S versus the density of eavesdroppers l E . Note that we normalise the value of η S,max , k S,opt and P S,opt in order to put them in the same figure. It is shown that η S,max and P S keep decreasing with l E . This is initiative because a larger l E results in worse security performance and a smaller P S can cease the impact of l E . It is also observed that k S,opt first decreases and then begins to increase at a certain l E . This is because when P S,opt is very small, k S,opt should increase to satisfy the COP constraint of the second-type secondary link. These observations verify that optimal power allocation and artificial noise with optimal power fraction improves the secrecy throughput faced with high security threats. Fig. 6 plots the secrecy throughput and the optimal transmission power P S,opt for given values of COP and SOP constraints. It is shown that the optimal transmission power P S,opt increases as the COP constraints of the secondary network (δ S,1 and δ S,2 ) decreases but decreases as the SOP constraints of the secondary network (ɛ S,1 and ɛ S,2 ) and/or the COP constraints of the primary network (δ P ) decreases. This implies when connection outage constraint of secondary network is more stringent, using a larger transmission power is more beneficial in terms of secrecy throughput. When SOP constraints of the secondary network and/or the COP constraints of the primary network are more stringent, using a smaller transmission power is more beneficial. Fig. 7 plots the secrecy throughput of the second-type secondary links η S,2 and the optimal power fraction k opt for given values of COP and SOP constraints. It is shown that the optimal power fraction increases as the COP constraints of the second-type secondary link (δ S,2 ) decreases but decreases as the SOP constraints of second-type secondary link (ɛ S,2 ) decreases. This implies when connection constraint of the second-type secondary link is more stringent, allocating more power to the secret message is more beneficial in terms of secrecy throughput. When SOP constraint of the second-type secondary link is more stringent, allocating more power to the artificial noise is more beneficial.
Finally, we compare our proposed transmission scheme to other two reference schemes in terms of secrecy throughput by Fig. 8. The first reference scheme, denoted as full transmission (FT) scheme, is the case where there is no secrecy guard zone and all SU-Txs transmit information-bearing signal with FT power. The second reference scheme, denoted as cooperative jamming (CJ) scheme, is the case where the second-type SU-Txs purely act as cooperative jammers [13]. As shown in the figure, without considering the COP and SOP constraints, the proposed scheme outperforms the other two schemes and the FT scheme outperforms the CJ scheme. This is initiative since the proposed scheme not only takes into account the secrecy throughput of the second-type secondary link but also optimise the power fraction factor to maximise the secrecy throughput. It is also observed that the proposed scheme and the CJ scheme can achieve non-zero secrecy throughput at the high l E regime under the same constraints. Therefore, we can summarise that compared with reference schemes, the proposed scheme not only can achieve non-zero secrecy throughput when faced with severe security threats (i.e. for larger l E ), but also can achieve a lager secrecy throughput when faced with small security threats (i.e. for smaller l E ).

Conclusion
In this paper, we studied the secure transmission in a random CRN where the PUs, the SUs and the eavesdroppers are randomly distributed according to PPP. We proposed a simple and decentralised transmission scheme, which jointly incorporates the secrecy guard zone and artificial noise. Then, we derived the secrecy throughput of secondary network based on the COP and SOP analyses of the first-type secondary links and the second-type secondary links. Furthermore, the optimal transmission power of the SU-Txs and the optimal power allocation between information-bearing signal and artificial noise were determined analytically by maximising the secondary throughput of the secondary network under the primary outage constraints and the secondary outage constraints. Our analysis highlighted that introducing the secrecy guard zone provides better security performance, and the artificial noise performs as additional interference to insert a control between the reliability and security. Numerical results showed that through optimal design, our proposed transmission scheme can achieve significantly secrecy performance gain.  For k LB ≤ k ≤ k UB , the h (II) S in (30) can be expressed in the form of (see (42)) where A = l S 1 − exp −pD 2 l E . 0, B = pc 0 l 2/a S l S + P P /P S 2/a l P ) . 0, C = (l E /c 0 l S + P P /P S 2/a l P ) .

Acknowledgments
We manipulate ∂h II ( ) S /∂k = 0 as (see (44)) The first derivative of F k ( ) is given by ∂F k ( ) ∂k = k − u co,S 1 + u co,S 2/a k − u so,S 1 + u so,S (2/a)−2 × 2 a 2k − u co,S 1 + u co,S − u so,S 1 + u so,S + u co,S 1 + u co,S − u so,S 1 + u so,S , which is larger than zero for any k ∈ [k LB , k UB ]. Therefore, F k ( ) is a strictly increasing function of k. Thus, there is at most one k that satisfies F k ( ) = 0. Specifically, when the maximal value of F k ( ), i.e. F k UB , is smaller than zero, ∂h II ( ) S /∂k is always larger than zero. Therefore, in this case, i.e. F k UB , 0, h II ( ) S is a strictly increasing function of k and k opt is equal to k UB . When the minimal value of F k ( ), i.e. F k LB , is larger than zero, ∂h II ( ) S /∂k is always smaller than zero. Therefore, in this case, i.e. F k LB . 0, h II ( ) S is a strictly decreasing function of k and k opt is equal to k LB . When F k LB ≤ 0 and F k UB ≥ 0, there exists one and only one k satisfying F k ( ) = 0. That is to say h II ( ) S has only one critical point k ′ in this case. Moreover, when k < k ′ , F k ( ) , 0 and (∂h II