Performance analysis of congestion-aware secure broadcast channels

Congestion-aware scheduling in case of downlink cellular communication has ignored the distribution of diverse content to different clients with heterogeneous secrecy requirements. Other possible application areas that encounter the preceding issue are secure offloading in mobile-edge computing, and vehicular communication. In this paper, we extend the work in Arvanitaki et al. (SN Comput Sci 1(1):53, 2019) by taking into consideration congestion and random access. Specifically, we study a two-user congestion-aware broadcast channel with heterogeneous traffic and different security requirements. We consider two randomized policies for selecting which packets to transmit, one is congestion-aware by taking into consideration the queue size, whereas the other one is congestion-agnostic. We analyse the throughput and the delay performance under two decoding schemes at the receivers, and provide insights into their relative security performance and into how congestion control at the queue holding confidential information can help decrease the average delay per packet. We show that the congestion-aware policy provides better delay, throughput, and secrecy performance for large arrival packet probabilities at the queue holding the confidential information. The derived results also take account of the self-interference caused at the receiver for whom confidential data is intended due to its full-duplex operation while jamming the communication at the other user. Finally, for two decoding schemes, we formulate our problems in terms of multi-objective optimization, which allows for finding a trade-off between the average packet delay for packets intended for the legitimate user and the throughput for the other user under congestion-aware policy.

also full-duplex capability and it can transmit jamming signals to increase its secrecy in the cost of self-interference. The work explores the impact of congestion on the performance of the broadcast channel with heterogeneous traffic with different secrecy requirements. The proposed system can be potentially used in applications such as secure offloading in mobile-edge computing scenarios, secure communication in vehicular networks, as well as secure downlink in cellular networks.

Related works
Most of the existing works in congestion control ignore the security requirement of the users. Physical layer secrecy has emerged as a promising approach for security in wireless communications [2]. The work in [3] has been instrumental in the development of various results in physical layer secrecy. It considers the problem of secure communication in the presence of a passive eavesdropper, where the trade-off between the transmission rate and equivocation at the eavesdropper has been explored. The result in [3] was subsequently extended for the broadcast channel [4] with a common and a private message. In [5], the physical layer security performance of a wireless ad hoc network is studied, where pairs of transmitters and receivers communicate, and the latter transmit a jamming signal to a number of eavesdroppers to facilitate secure communication. Various other network setups under physical layer secrecy constraints have been studied in the literature [6][7][8][9].
However, these results assume that users always have data to send and in such scenarios, stable throughput or stability region is a more meaningful metric to measure the performance of the system rather than secrecy capacity or secrecy rate. The work in [10] characterizes the stability region of the broadcast channel under different decoding schemes when there is no secrecy constraint at the receivers. The impact of secrecy constraint on the stability region has also been explored in [11]. In [1], the average packet delay in a two-user broadcast channel for different decoding schemes has been characterized with secrecy constraint at the receiver. In [12], the authors studied the problem of secure communication under different malicious attacks in the physical layer in a cognitive radio network, and they used Q-learning to adjust the transmission power of the secondary user. In [13], the authors investigated the problem of security in Internet of Vehicles (IoV) networks by proposing an intelligent edge-chain enabled access control framework to hinder compromised IoV devices from having access to centralized cloud and improve communication issues caused due to mobility of the IoV devices.
In such modern and complex wireless communication systems, there are dependencies among metrics. Therefore, the designer has to make a choice to favour one metric over another, depending on the application. Multi-objective optimization focuses on optimizing multiple objective functions and showing the trade-off among the metrics [14,15]. The multi-objective approaches are successfully used in designing communication systems. For instance, in [16], the authors used multi-objective optimization to study the trade-off between the spectrum selection and the resource management in a cognitive radio network. In [17], a multi-objective optimization problem was formulated for optimizing the power control and the QoS components in a CDMA wireless communication system. The authors of [18] obtained a trade-off between the data rate and the transmission power in a cellular communication system.
To the best of our knowledge, the effect of secrecy on the congestion is not well understood and needs to be explored. The performance of queue holding the confidential data can degrade due to congestion and it is important to understand the impact of congestion on the secrecy performance. To explore this, we consider a two-user broadcast channel where one of the receivers having full-duplex capability need to be served with confidential data that are of bursty nature. The main contributions of the paper are described below.

Contribution
In this paper, we study a congestion-aware broadcast channel with random selection between two queues with different secrecy requirements under different decoding schemes at the receivers. The transmitter has two queues and it serves two users with different secrecy requirements: one queue has confidential data whereas the second queue has non-confidential data. The receiver to which confidential data needs to be served has full-duplex capability, and it transmits a jamming signal to hinder eavesdropping of its data at the other user. The queue holding the confidential can grow large due to congestion. Congestion occurs when the queue grows above a threshold. The contributions are summarized as follows.
We consider two schemes, a congestion-agnostic randomized policy, and a congestion-aware one for the selection of the packets that are transmitted by the source. When the source selects one packet from each queue, it applies superposition coding to transmit the two packets with a single transmission. In this case, we consider two decoding schemes at the receivers' side, treating interference as noise, and successive decoding. We then characterize the average queue size, and the average delay per packet. In addition, we characterize the throughput performance of the other user for both schemes. We numerically compare the impact of the transmission power and random access probability for packets intended for the legitimate user on the average packet delay for the sensitive traffic for different combinations of the decoding schemes. We show that congestion control at the queue holding confidential information can decrease the average delay per packet. Finally, we present the Pareto sets for the average packet delay for packets intended for the legitimate user and the throughput for the other user under congestion-aware policy for two decoding schemes, where we show the trade-off between them.

Structure of the paper
The rest of this paper is organized as follows. In Sect. 2, we present the system model and assumptions for the precedent stated problem. In Sect. 3, we provide the analysis for the congestion-agnostic and congestion-aware policies. In Sect. 4, we formulate two multi-objective optimization problems, where we study the trade-off between two performance metrics in case of congestion-aware policy. In Sect. 5, we provide numerical results, where we show the impact of different parameters on performance metrics for three different combinations of decoding schemes at the legitimate receiver and the eavesdropper. We also present the trade-off between the performance metrics with Pareto sets. In Sect. 6, we summarize our study.

Network model
We consider a two-user broadcast channel (BC), where a single source S is equipped with two queues Q i that contain traffic intended for two users (receivers) D i , where i = 1, 2 , as shown in Fig. 1. Here, Q i represents both the queue length of the queue that has packets for receiver D i , and the queue itself. Q 1 stores packets intended for receiver D 1 and they have to be kept confidential from receiver D 2 . Queue Q 2 has packets intended for receiver D 2 . Time is assumed to be slotted. The confidential data is intended for the legitimate receiver and the non-confidential data is intended for the other receiver (Table 1).
We assume that the arrival process at queue Q 1 is Bernoulli with mean 1 , so a packet arrives with probability 1 during a time slot. Queue Q 2 is assumed saturated, i.e., it never empties, this captures a delay tolerant traffic scenario, where Pr(Q 2 = 0) ≈ 0 ; thus it overestimates the interference that is caused to the other transmission.
When queue Q 1 is non-empty, and queues Q 1 and Q 2 are selected with probabilities q 1 and q 2 respectively, source S sends two messages in a single transmission using superposition coding, allocating power P 1 and P 2 for the packets from the first and the second queue respectively. The total power budget is P max , which means that P 1 + P 2 = P max . When Q 1 is empty, source S sends with probability 1 the packet intended for receiver D 2 , with a power P 2 . 1 We assume that there is no packet dropping and Q 1 has infinite size. Furthermore, packets will be re-transmitted until they are received by their intended destination. During one time slot, a bursty queue can be in one of the following states: empty state, non-empty and active state, non-empty and inactive state. By active state we mean that a packet is selected to be transmitted. When the queue is non-empty, but the source does not select a packet from that queue, then the queue is inactive. Packet transmissions occur at the beginning of the time slot, while packet arrivals happen at the  1 In an extension of this work we will consider power control schemes adapting to the state of the queues. end of the time slot. We assume that the transmission of acknowledgments (ACKs) are instantaneous and error-free.

Physical layer model
We assume that the legitimate receiver D 1 has full-duplex capability. This means it can receive and transmit packets at the same time, when necessary. In this work, SNR/SINR based physical layer based secrecy is considered to capture the confidential aspects of data associated with users [3][4][5][6][7][8][9]11]. The SNR or SINR based secrecy metric allows the decoding ability of the unauthorized users in decoding confidential data. The full-duplex ability of the receiver D 1 can hinder the decoding of its intended message at receiver D 2 by sending a jamming signal. The receiver D 1 sends a jamming signal when Q 1 > 0 , otherwise it is silent. The simultaneous transmission and reception at receiver D 1 causes self-interference. We assume that D 1 has imperfect self-interference cancellation, and the residual self-interference is modelled as a scalar g, where g ∈ [0, 1] . When g = 0 , we have perfect self-interference cancellation, while there is no cancellation at receiver D 1 when g = 1 [19,20]. The self-interference reduces the probability of packet reception by the legitimate receiver.
We assume Rayleigh fading for the channel between S and receiver D i , and between D 1 and D 2 as well. When queue Q 1 is non-empty and active, and queue Q 2 is active, source S sends the signal . Then, D 1 and D 2 receive the signals y 1 [t] and y 2 [t] respectively at time slot t, given by where z i ( i = 1, 2 ) is additive white Gaussian noise with zero mean and unit variance, h i is the channel gain from S to D i , h 12 is the channel gain from D 1 to D 2 , x i is the signal that the source S transmits to the receiver D i . x J is the jamming signal, and g is the self-interference cancellation coefficient. When queue Q 1 is empty, or non-empty and non-active, the transmitted signal is . A receiver can decode its intended packet even when both queues are active, and two packets are transmitted in a time slot based on the received Signal-to-Interference and Noise Ratio (SINR)/Signal-to-Noise Ratio (SNR). We consider two different decoding schemes at receivers D 1 and D 2 . Namely, treating interference as noise (TIN), and successive decoding (SD). When a receiver performs treating interference as noise, it decodes only the packet intended for it, while discarding the other packet. Successive decoding is a decoding scheme, where the receiver decodes first the packet not intended for it and then cancels its effect; then it decodes the intended packet. We assume different combinations of decoding schemes for each receiver apart from the case where both receivers perform successive decoding, because this case is not feasible. The success probability that receiver D 1 can successfully decode packets from queue Q 1 , while receiver D 2 cannot decode the packet (remains secret) is denoted by P(D s 1/T ) , where T denotes the set of active queues, and s indicates that a message is confidential. Furthermore, P(D 2/T ) represents the success probability that the other user can successfully decode packets from queue Q 2 . The aforementioned probabilities differ for each decoding scheme are omitted here due to space limitations but they can be found in [11]. The purpose of this work is to utilize these probabilities to study the effect of a congestion-aware scheme on throughput and delay for the considered setup under different secrecy requirements.

Methods
In this section, we introduce two congestion policies for the two-user broadcast channel, the congestion agnostic and the congestion-aware policy and present the analysis for each of them.

Congestion-agnostic randomized policy
We provide the analysis for the throughput when the source randomly selects a packet from a non-empty queue as we discussed in the previous section (recall that Q 2 is assumed to be saturated here). Thus, Q 2 never empties and we have the following two cases.
1. Q 1 = 0 : In this case, the source transmits a packet from queue Q 2 with probability 1.
We denote the success probability for that transmission P(D 2/2 ). 2. Q 1 > 0 : In this case, the source selects a packet from each queue with probability q 1 q 2 . Then, the success probability with secrecy requirement for D 1 is P(D s 1/1,2 ) , and the success probability for D 2 is P(D 2/1,2 ) . With probability q 1 (1 − q 2 ) , a packet is selected only from Q 1 and the success probability is P(D s 1/1 ) . With q 2 (1 − q 1 ) , the source transmits a packet only from Q 2 . Now, we can write the average service probability µ 1 and the throughput µ 2 as given below Since the traffic at Q 1 is bursty, the term µ 1 denotes the service probability of that queue. If the queue is stable, 1 < µ 1 , then the throughput is 1 , otherwise the throughput is µ 1 . Note that the stability condition 1 < µ 1 can be rewritten as On the other hand, since Q 2 is saturated, µ 2 is the throughput.
Since Q 1 can be seen as a Geo/Geo/1 queue with arrival probability 1 and service probability µ 1 , we have that P(Q 1 > 0) = 1 µ 1 . Thus, (3) after some calculations can be written as Note that if Q 1 is unstable, then the throughput for the D 2 is given by

Congestion-aware randomized policy
In this section, we introduce a congestion-aware protocol that takes into account the queue size at Q 1 . A similar protocol was introduced in [21,22], but in a different system setup. We consider a congestion limit B for queue Q 1 , B affects the operation of the randomized policy described in the previous section as explained below.
• If Q 1 = 0 : In this case, no packet from queue Q 1 is sent, and the source transmits a packet from queue Q 2 with probability 1. The saturated throughput is given by µ ′ 2 = P(D 2/2 ). • If 1 ≤ Q 1 ≤ B : The source transmits a packet from queue Q i with a probability q i , where i = 1, 2 . The service probability for queue Q 1 is given by (2). The saturated throughput is given by • When Q 1 > B : The source transmits a packet only from queue Q 1 with probability 1. The service probability for queue Q 1 is given by Given the probabilities of the above respective cases, the average service probability for Q 1 , μ 1 , is given by where µ 1 and µ ′ 1 are given by (2) and (8), respectively.
The average throughout seen at receiver D 2 can be written as where µ ′′ 2 is given by (7). As stated earlier in Sect. 2.2, the success probabilities P(D s 1/T ) and P(D 2/T ) , where T consists of the set of active queues, are given in [11].
In order to fully characterize the average service probability and the throughput, we proceed by modeling the evolution of Q 1 by a a discrete time Markov chain (DTMC) in order to calculate the probabilities P(Q 1 = 0) , P(1 ≤ Q 1 ≤ B) , and P(Q 1 > B).

Markov chain for the congestion control protocol
The DTMC that models the evolution of Q 1 is depicted in Fig. 2. The number of the state denotes the amount of packets in the queue.
The steady-state distribution of the DTMC can be obtained by solving the flow-conservation equations along the lines of [22] and is given by where µ 1 is given by (2), µ ′ 1 is given by (8), and ξ = 1 (1−µ 1 ) (1− 1 )µ 1 . After replacing (12) in (10), we obtain the expression for the throughput of D 2 . The expression P(Q 1 = 0) is given by (11) and The average queue length under congestion control is E[Q 1 ] = ∞ i=1 iπ i , after some calculations, we obtain (10)  (2) and (8), respectively The average queue length for Q 1 without the congestion-aware protocol is given by

Delay Analysis for the legitimate user
Here, we characterize the delay performance of the legitimate user for the cases without congestion control and with congestion control as described earlier. The average delay per packet consists of the queueing delay, D Q 1 , and the transmission delay, D T . The average transmission delay that a packet from Q 1 faces is given by where μ 1 is the probability of departure (or service probability) for the packet waiting in the head of the queue Q 1 . For the case of congestion control, μ 1 is given by (9). In congestion control, the average queue length is given by (14). The average queueing delay in Q 1 is given by where E[Q 1 ] is given by (14).
The average packet delay for receiver D 1 is given by Similarly, we obtain the average delay per packet for the simple randomized policy described in Sect. 3.1.

Optimization problem
Here we consider the performance optimization problem for two-user broadcast channel from the viewpoint of multi-objective optimization. It is obviously desirable to have the average packet delay as small as possible and the average throughput for the eavesdropper as large as possible. However, these desires are in conflict because the two metrics, called as objective functions, depend on a join set of design parameters, referred to as decision variables. The multi-objective optimization allows for obtaining the so-called Pareto set. Every Pareto optimal solution, by definition, is not dominated by any other solution simultaneously in all objectives. The network designer can use the Pareto set for choosing specific parameter values which provides a trade-off between the objectives. We proceed now to formulating two bi-objective optimization problems which are solved in a decentralized way by source S and receiver D 1 .
First, we consider a bi-objective optimization problem, where two metrics, the throughput of the eavesdropper and the average packet delay for packets intended for receiver D 1 are jointly optimized. The throughput for the eavesdropper, given by (10), is defined as the service probability for queue Q 2 when congestion control is used for queue Q 1 , and it is desired to be maximized. The average packet delay for the legitimate receiver given by (18) is desired to be minimized. These two metrics are to be optimized by source S. Here the decision variables are P 1 , P 2 , q 1 , and q 2 . Since P 1 + P 2 = P max , they can be reduced to P 1 , q 1 , and q 2 . The success probabilities in (18) and (10) can be found in [11]. The optimization problem is then defined as where P(Q 1 > B) is given by (13), P con is the upper threshold for P(Q 1 > B) , P 1 is the transmission power for packets transmitted from queue Q 1 , P max is a power threshold for P 1 , and q i is the probability that the source selects a packet from queue Q i , where i = 1, 2.
Next, we formulate a second bi-objective optimization problem, which is solved by receiver D 1 . The objective functions are the same as in the previous formulation, but here we have only P J as a decision variable, which is the jamming power that receiver D 1 uses to send the jamming signal to receiver D 2 . The corresponding optimization problem is formulated as where P ′ max is a power threshold for P J .

Results and discussion
In this section, we evaluate numerically the analytical results presented in the previous sections. The metrics used to evaluate our proposed system are the average packet delay ( D 1 ), the saturated throughput ( µ 2 ), and the secrecy loss tolerance defined in [1]. The secrecy loss tolerance metric describes the trade-off between throughput and secrecy. For the congestion-agnostic policy, it is given by where μ 1 = q 1 q 2 P(D 1/1,2 ) + q 1 (1 − q 2 )P(D 1/1 ), and µ 1 is given by (2). For the congestion-aware policy, the secrecy loss tolerance is given by (19) min where μ 1 is given by (9), and μ 1 is given by where = q 1 q 2 P(D 1/1,2 ) + q 1 (1 − q 2 )P(D 1/1 ) , and = P(D 1/1 ). We solve the optimization problems in (19) and (20) by using pymoo [23]. In the framework of pymoo, we used NSGA-II [24], a multiobjective genetic algorithm.
The parameters of our system are the following: 1 ∈ [0.1, 0.9] is the probability of a packet arrival in a time slot. α ∈ [2,4] is the path loss exponent, where α = 2 corresponds to free space and α = 4 corresponds to lossy environments. γ 1 , γ 2 ∈ [−10 db, +10 db] are the SINR thresholds for receivers D 1 and D 2 . d 1 , d 2 , d 3 ∈ [0, 100m] are the distances between the source and each receiver, and the distance between the two receivers. g ∈ [0, 1] is the residual self-interference, where g = 0 , corresponds to perfect self-interference cancellation, and when g = 1 corresponds to no cancellation at receiver D 1 ( β −10 log g 2 in dB). P J ∈ [0, 23 dB] is the jamming power. B ∈ [1,20] is the congestion threshold in packets. q i ∈ [0, 1] is the random access probability for packets, where i = 1 refers to confidential data, and i = 2 refers to non-confidential data. P 1 ∈ [0, 23db] is the transmission power for confidential packets. The parameters for our results are presented in the caption of Figs. 3, 4, 5, 6, 7 and 8.
In summary, the key points from the numerical results are the following.
• With the congestion-aware policy, P 1 affects the secrecy performance more than 1 and q 1 do. Function f aw is unaffected by B in TIN-TIN and SD-TIN. In TIN-SD, higher B leads to less secrecy. • The congestion-aware policy provides better delay performance in TIN-TIN and SD-TIN for large 1 , but for small 1 the two policies perform the same. IN TIN-  In TIN-SD, the congestion-aware policy performs better for small 1 , but for larger 1 , the congestion-agnostic policy achieves better results. The throughput performance remains unaffected when changing B in TIN-TIN and SD-TIN. In TIN-SD, µ 2 decreases for large B. • The secrecy is less in congestion-aware policy in TIN-TIN and SD-TIN for large 1 and for any 1 in TIN-SD. • We can achieve higher throughput performance and lower delay performance in SD-TIN as shown by the Pareto set for the optimization problem in (19) under congestion-aware policy.
To illustrate these findings, Figs . The values of q 1 and P 1 that cause instability at queue Q 1 are not shown in the figure. Thus, the source transmits packets from both queues with the aforementioned probabilities, according to the congestion-aware randomized policy. We observe that D 1 increases as q 1 decreases, because the average queuing delay is higher since more packets remain in queue Q 1 . We also see that D 1 decreases as P 1 increases in TIN-TIN and TIN-SD, because higher transmission power leads to higher probability of successful packet reception. In SD-TIN, D 1 decreases as P 1 increases up to P 1 = 20.5 dB, and then it starts increasing, due to delay imposed by the successive decoding for decoding the packets. The values of P 1 not shown in the figure cause instability of queue Q 1 , as explained earlier. We note that function f aw is affected more by P 1 than q 1 . Specifically, function f aw increases when P 1 increases, meaning that higher P 1 leads to less secrecy of the system since the signal is stronger and the probability that the other user receives the signal is higher. We also observe that function f aw has the lowest value in SD-TIN, which means that we have more secrecy in this case. The reason is that the service probability is higher in SD-TIN, due to the proximity of receiver D 1 to the source. Figures 6, 7 and 8 depict how P 1 and q 1 affect µ 2 and function f aw for the cases of TIN-TIN, SD-TIN, and TIN-SD. We observe that µ 2 decreases as P 1 increases, because µ 1 is higher and receiver D 1 transmits a jamming signal with higher probability. We see that µ 2 has the lowest value in TIN-SD for the aforementioned reason. When q 1 increases, µ 2 also increases. This happens because µ 2 depends on q 1 as shown in (7) and (10). This means that µ 2 increases when queue Q 1 is non-empty, and both queues are selected with probabilities q 1 and q 2 respectively under the congestion-aware randomized policy. The values of P 1 and q 1 not shown in the figure lead to instability of queue Q 1 , as described earlier. We also observe that function f aw increases as P 1 increases for the same aforementioned reason as in Figs. 3, 4 and 5. Function f aw has the lowest value in the case of SD-TIN (higher secrecy), because µ 1 is higher due to better communication channel between the source and receiver D 1 .
In Table 2, we see how D 1 , µ 2 , and functions f aw and f ag are affected by 1 and P 1 under two congestion policies for the cases of TIN-TIN, SD-TIN, and TIN-SD. We observe that the congestion-aware policy is significantly effective for large 1 in all aforementioned cases. For small 1 , the delays for the two congestion policies are the same for TIN-TIN and SD-TIN. For TIN-SD, the delays are very close, but the congestion-aware policy has a better delay performance. The congestion-aware policy leads to more secrecy (low function f aw ) when 1 is large in TIN-TIN, but for small 1 , the secrecy is the same for the two policies. As P 1 increases, D 1 decreases for both policies. The same observations apply for SD-TIN, but higher P 1 leads to larger D 1 for small q 1 when no congestion-aware policy is used in SD-TIN. In TIN-SD, we see that the congestion-aware policy leads to more secrecy for small q 1 , because μ 1 is higher than µ 1 . The congestion-aware policy results in higher µ 2 compared with µ 2 in the congestion-agnostic aware policy. When P 1 increases, µ 2 decreases in a significant volume. This happens because as P 1 increases, more packets are successfully received by receiver D 1 , which transmits a jamming signal with higher probability to receiver D 2 to hinder successful confidential packet reception by the latter. As 1 increases in TIN-TIN and SD-TIN, µ 2 also decreases, because the probability of jamming is higher when receiver D 1 receives more packets. Table 3 presents the impact of P 1 , B, and f aw on D 1 in TIN-TIN, SD-TIN, and TIN-SD. As shown, B does not affect µ 2 , neither function f aw in TIN-TIN and SD-TIN. In TIN-SD, µ 2 decreases as B increases when P 1 is small. When P 1 is large, µ 2 increases as B increases, because large B implies that the congestion policy adapts much later. We also note that function f aw increases as B increases. In TIN-TIN, SD-TIN and TIN-SD, D 1 increases when B is small because the queuing delay increases. As B increases, D 1 increases but it is stable in TIN-TIN and SD-TIN for large B, whereas D 1 increases as B increases in TIN-SD. Figures 9, 10 and 11 show the Pareto set for the optimization problem in (19) for the cases of TIN-TIN, SD-TIN, and TIN-SD. In SD-TIN, −µ 2 has the highest value and D 1 has the minimum value compared to TIN-TIN and TIN-SD due to the topology requirement of the successive decoding. We also observe that TIN-SD has the worst performance since both −µ 2 and D 1 have the lowest value compared to TIN-TIN and SD-TIN for the aforementioned reason. Table 4 presents the solution for the optimization problem in (20). It has only one solution for each combination of decoding schemes, namely, P * J = P max . Comparing the optimal values of D * 1 , TIN-TIN has the lowest value of D * 1 , whereas TIN-SD has the   Table 4 Pareto optimal solution of the optimization problem in (20) for different decoding schemes

Summary
Congestion can deteriorate the performance of communication networks leading to high packet delay. To address the problem of congestion in a two-user broadcast channel with contrasting traffic and security characteristics, we characterized the average packet delay for confidential traffic, and the throughput of the other user, and we proposed a congestion-aware randomized scheme. We showed that the proposed scheme can significantly improve the performance for the legitimate user.