Secure and private NOMA VLC using OFDM with two-level chaotic encryption

: In this paper, we propose and demonstrate a secure and private non-orthogonal multiple access (NOMA) based visible light communication (VLC) system. Orthogonal frequency division multiplexing (OFDM) modulation is applied in the system and a two-level chaotic encryption scheme is further implemented, which can guarantee both the security of legitimate users against eavesdroppers and the privacy among all the legitimate users. An experimental demonstration with two legitimate users and one eavesdropper successfully veriﬁes the feasibility of the proposed secure and private NOMA VLC system. To the best of our knowledge, it is the ﬁrst time that simultaneous security and privacy improvement is considered for NOMA VLC systems.


Introduction
Visible light communication (VLC) utilizing illuminating white light-emitting diodes (LEDs) has attracted tremendous attention in recent years, where the LEDs in VLC systems serve a dual-function of simultaneous illumination and wireless communication [1].Although VLC enjoys many inherent advantages such as huge license-free spectrum, low-cost front-ends and strong immunity to electromagnetic interference (EMI), the achievable capacity of VLC systems is greatly limited by the small 3-dB modulation bandwidth of off-the-shelf white LEDs [2].In order to improve the capacity of white LEDs based VLC systems, several techniques have been proposed such as orthogonal frequency division multiplexing (OFDM) using high-order quadrature amplitude modulation (QAM) constellations, multiple-input-multiple-output (MIMO) transmission, and frequency-domain equalization [3][4][5].
As a promising candidate for the 5th generation (5G) wireless networks, power domain non-orthogonal multiple access (NOMA) has been widely investigated in literature [6].Due to its high spectral efficiency, NOMA has also been applied for capacity improvement in multi-user VLC systems [7][8][9].So far, efforts have been made to improve the performance of NOMA VLC systems, for example, the optimization of user grouping and power allocation [10], the combination of NOMA with orthogonal frequency division multiplexing access (OFDMA) [11], the mitigation of error propagation in NOMA [12,13], the application of NOMA in MIMO-VLC systems [14], etc.
In typical indoor VLC systems, the optical signal can be well confined within the room since line-of-sight (LOS) transmission is usually adopted [2].However, due to the inherent broadcast nature of VLC, the confidential information transmitted over VLC channels might be eavesdropped by unintended or unauthorized users [15,16].To date, several physical-layer security enhancement techniques have been reported in literature for VLC.In [17], a light encryption scheme using devices having LED and camera image sensor was proposed for VLC systems, where the light encrypter acts as an encryption gateway for signals in optical domain.In [18], a secure VLC system using light-panel and mobile-phone image sensor was demonstrated, where the security was achieved by employing a specially developed mobile-phone application program (APP).Specifically, chaotic encryption based physical-layer security enhancement techniques have also been applied in VLC systems [19,20].In addition to VLC, the near-infrared wavelength band has also been widely studied to provide indoor wireless access to end users [21,22].Due to the use of a semiconductor laser as the transmitter, analog optical chaos can be adopted to provide security in conventional near-infrared optical wireless communication systems [23].However, since non-coherent LEDs are generally used as optical transmitters, the analog optical chaos scheme is not applicable in typical VLC systems.
Although secure VLC systems have been investigated in recent years, the physical-layer security issue in NOMA enabled VLC systems has not yet been considered.Furthermore, since power domain superposition and successive interference cancellation (SIC) are generally adopted in NOMA VLC systems, one legitimate user can decode the signal intended for another legitimate user, resulting in a privacy issue among all legitimate users served by the NOMA VLC system.To the best of our knowledge, no work has ever been done on the improvement of both security and privacy of NOMA VLC systems.
In this paper, we for the first time propose and experimentally demonstrate a secure and private NOMA VLC system.By using OFDM modulation with two-level chaotic encryption, the security of legitimate users against the eavesdroppers can be guaranteed and the privacy among all the legitimate users can also be ensured without affecting the bit error rate (BER) performance of the legitimate users.The feasibility of the proposed secure and private NOMA VLC system is successfully verified by proof-of-concept experiments with two legitimate users and one eavesdropper.

System model
We first introduce the model of an indoor NOMA VLC system with multiple users.For simplicity and without loss of generality, we assume that there are two legitimate users (user 1 and user 2) and one eavesdropper in the NOMA VLC system.Figure 1 illustrates the system model, where user 1 is assumed to be closer to the LED than user 2 and thus user 2 is allocated with more electrical power than user 1, so as to successfully perform SIC.As can be seen from Fig. 1, the NOMA VLC system is vulnerable to eavesdropping when an eavesdropper is located within the illuminated area of the LED, due to the LOS characteristic and the broadcasting nature of VLC, which leads to a security problem in the NOMA VLC system.Moreover, the privacy among all the legitimate users also cannot be guaranteed due to the use of SIC.Hence, security and privacy are two important issues that both need to be addressed in practical NOMA VLC systems.
Let s 1 (t) and s 2 (t) represent the signals intended for user 1 and user 2, respectively.The transmitted signal x(t) of the LED can be expressed by where p 1 and p 2 are the electrical powers allocated to user 1 and user 2, respectively, and I DC is the DC bias of the LED.The total electrical power is given by p tot = p 1 + p 2 and the power allocation ratio between user 1 and user 2 is defined by α = p 1 /p 2 .After free-space propagation, the received electrical signals at user 1, user 2 and the eavesdropper are respectively given by where R is the responsivity of the photodetectors (PDs), h 1 , h 2 and h e are the corresponding optical channel gains, and z 1 (t), z 2 (t) and z e (t) are the corresponding additive noises.

NOMA-OFDM with two-level chaotic encryption
Figure 2 depicts the principle of the proposed NOMA-OFDM scheme with two-level chaotic encryption in a two-user case, where M 1 -QAM and M 2 -QAM constellations are adopted for user 1 and user 2, respectively.For simplicity of notation, we denote it as (M 1 , M 2 )-QAM in the following descriptions.In the NOMA-OFDM modulation and encryption, as shown in Fig. 2(a), the input data of two legitimate users are first mapped to (M 1 , M 2 )-QAM symbols, and then the QAM symbols of each user are encrypted through the first-level chaotic encryption, i.e. chaotic constellation transformation (CCT), which scrambles the bit-to-symbol mapping for each user.Subsequently, power allocation and superposition (PAS) is executed and parallel superposed QAM symbols corresponding to the data-carrying subcarriers for the inverse fast Fourier transform (IFFT) are obtained.After that, the second-level chaotic encryption, i.e. chaotic subcarrier scrambling (CSS), is further performed, which scrambles the symbol-to-subcarrier mapping for both users.Finally, the transmitted electrical signal is generated by performing IFFT with Hermitian symmetry (HS).In the NOMA-OFDM decryption and demodulation, as can be seen from Fig. 2(b), the received signal of each user is first transformed back to the frequency domain via fast Fourier transform (FFT), and then the first-level chaotic decryption, i.e. inverse CSS, is conducted.After performing SIC, the second-level chaotic decryption, i.e. inverse CCT, is further executed for each user.The output data of each user can be obtained through QAM demapping.Figure 3 illustrates the principle of SIC-aided decoding for the (4, 4)-QAM based NOMA-OFDM signal.Since user 2 is allocated with more power than user 1, user 2 can directly decode the received (4, 4)-QAM constellation without performing interference cancellation by treating the 4-QAM signal of user 1 as noise.In contrast, user 1 first decodes the signal for user 2 and then subtracts it from the received signal.Hence, user 1 can decode the signal without interference from user 2 under perfect SIC.It can be seen that only inverse CCT is performed after SIC at the receiver.Since only the bit-to-symbol mapping is scrambled after CCT and the inverse CCT process can always be successfully performed as long as users have the correct keys, it is believed that error propagation of SIC decoding only affects the demodulation of QAM symbols, which has no effect on the decryption (i.e., inverse CCT) process.For simplicity and without loss of generality, we consider perfect SIC in this work, considering that the error propagation effect can be efficiently eliminated by using symmetric superposition coding [12] or constellation partitioning coding [13].
The detailed procedures of the two-level chaotic encryption, i.e.CCT and CSS, are introduced in the following.Without loss of generality, we assume that there are K users in the NOMA VLC system and totally N OFDM symbols to be transmitted for each user, with each OFDM symbol consisting of F data-carrying subcarriers.Let I n, f ,k and Q n, f ,k represent the in-phase (I) and quadrature-phase (Q) parts of the unencrypted M-QAM symbol in the n-th respectively.After performing the first-level chaotic encryption, i.e.CCT, the corresponding I and Q parts of the encrypted M-QAM symbol can be expressed by It can be seen from Fig. 2 that the first-level chaotic encryption CCT is performed for each user, while the second-level chaotic encryption CSS is executed for all the users after power domain superposition.Assuming the input QAM symbol vector corresponding to the F data subcarriers in the n-th OFDM symbol is given by s n = {s n,1 , s n,2 , • • • , s n,F } T where (•) T denotes the transpose operation, the output QAM symbol vector w n = {w n,1 , w n,2 , • • • , w n,F } T after performing CSS can be represented by where src{•, •} denotes the scrambling function and p n = {p n,1 , p n,2 , • • • , p n,F } T is the permutation vector.The scrambling function scrambles s n according to p n which indicates the new positions of the subcarriers in the n-th OFDM symbol.
In order to successfully perform CCT and CSS, the integer parameters a n, f ,k , b n, f ,k and the permutation vector p n should be determined first.In this work, 2D Logistic map and piecewise linear Chaotic map (PWLCM) are adopted [24,25], which are respectively defined by Eqs. ( 7) and ( 8): where 0 < x t ≤ 1, 0 < y t ≤ 1, 0 < z t < 1, and t is the discrete time index.When 2.75 < α 1 ≤ 3.4, 2.75 < α 2 ≤ 3.45, 0.15 < β 1 ≤ 0.21, 0.13 < β 2 ≤ 0.15, and 0 < γ < 0.5, the systems defined by Eqs. ( 7) and ( 8) fall into the chaotic domain.It has been verified in [24,25] that the sequences x t , y t and z t generated by such systems have high unpredictability, randomness and sensitivity to the initial values.By utilizing the systems given by Eqs. ( 7) and ( 8), the integer parameters a n, f ,k , b n, f ,k and the permutation vector p n can be successfully obtained.For the k-th user, a n, f ,k and b n, f ,k are generated by the states x k t and y k t , which can be expressed by where ceil(•) denotes the upper round operation and mod(•, m) returns the remainder of an input divided by m.Moreover, p n is generated by the state z t , which can be obtained by where sort{•} is the sorting function which returns the index vector of the elements of the input vector by sorting these elements in a descending order.Based on Eqs. ( 9)-( 11), we can obtain the integer parameters a n, f ,k , b n, f ,k and the permutation vector p n , and hence the two-level chaotic encryption can be successfully implemented.Evidently, the corresponding decryption of the two-level chaotic encryption can be achieved by using the inverse processes of CSS and CCT, which is omitted here for brevity.Since CSS is executed after power domain superposition, the permutation vector p n is shared by all the users.However, CCT is performed for each user and hence different users should have different integer parameters.Hence, the initial value z 0 and the parameter γ in Eq. ( 8) can be set as the shared security keys for all users to perform CSS, while the initial values x k 0 , y k 0 and the parameters α k 1 , α k 2 , β k 2 , β k 2 in Eq. ( 7) can be set as the private security keys for the k-th user to perform CCT.The security keys are assumed to be pre-shared between the LED transmitter and the legitimate users, and a pilot-aided security key agreement approach can be employed [26].
Although only two legitimate users are considered in the prototypical NOMA VLC system, the proposed two-level chaotic encryption scheme is applicable to the system with more than two legitimate users.Moreover, since the two-level chaotic encryption is performed for each individual user in the frequency domain, it is also feasible to extend the proposed scheme to practical systems with multiple LEDs, for example, MIMO-NOMA based VLC systems or multi-cell NOMA VLC systems.The main limitation for the NOMA VLC system to support more users is the design of low-complexity but efficient user pairing/grouping and power allocation strategies, which is beyond the scope of this paper.

Experimental setup
Figure 4 depicts the experimental setup of a secure and private NOMA VLC system with two legitimate users and one eavesdropper, employing (4, 4)-QAM NOMA-OFDM modulation with two-level chaotic encryption.The transmitted (4, 4)-QAM based NOMA-OFDM signal with a power allocation ratio α is generated offline by MATLAB and uploaded to an arbitrary waveform generator (AWG, Spectrum M4x.6622-x4) with a gain of 500 and a sampling rate of 50 MSa/s.Subsequently, the obtained signal is amplified by an electrical amplifier (Amp) and a 3.5-V DC bias is added via a bias-tee (bias-T).The resultant signal is then used to drive a white LED (Luxeon SR-12 Rebel Star/O).After 100-cm free-space propagation, the light is detected by two legitimate users (user 1 and user 2) and one eavesdropper (eav).In this setup, user 1 is assumed to face towards the LED while user 2 has an position offset of 15 cm from user 1.Moreover, the eavesdropper is located at the middle position between user 1 and user 2. Each user and the eavesdropper are individually equipped with an optical lens, a blue filter (BF) and a PD (Thorlabs PDA10A).The detected signals are sampled by a mixed domain oscilloscope (Tektronix MDO3104) with a sampling rate of 500 MSa/s, which are further processed offline.The insets (a) and (b) in Fig. 4 illustrate the waveform and the constellation diagram of the transmitted (4, 4)-QAM based NOMA-OFDM signal, respectively.It is measured that the 3-dB modulation bandwidth of the VLC system is only 2.4 MHz.In order to extend the 3-dB modulation bandwidth, digital pre-frequency domain equalization (pre-FDE) is performed [27].Figure 5(a) illustrates the measured electrical-optical-electrical (EOE) frequency response of the system and the corresponding power loading coefficients for digital pre-FDE.The received electrical spectra before and after pre-FDE are shown in Figs.5(b) and 5(c), respectively.As we can see, a power attenuation of 15.7 dB is observed over the 15-MHz OFDM band.However, the received electrical spectrum is greatly flattened after performing digital pre-FDE, which has a power attenuation less than 3 dB.

Security and privacy analysis
We first evaluate the security and privacy performance of the proposed NOMA VLC system enabled by the two-level chaotic encryption scheme.For a digital chaotic encryption scheme, key space is usually adopted to evaluate the encryption performance of the scheme.In the proposed system, the security of legitimate users against eavesdroppers is achieved by both the first-level CCT and the second-level CSS, while the privacy among all the legitimate users can be guaranteed by the first-level CCT.In principle, only using the first-level CCT for each user can also provide both security and privacy for the NOMA VLC system.However, the key space using only the first-level CCT might be relatively small.In order to substantially enlarge the key space and hence improve the security of legitimate users against eavesdroppers, the second-level CSS is further considered.In the following, the key space with respect to the security of legitimate users against eavesdroppers and the privacy among all the legitimate users are analyzed.
For the first-level CCT, as discussed in Section 2.2, totally six parameters, i.e., x k 0 , y k 0 , α k 1 , α k 2 , β k 2 and β k 2 , can be set as the private security keys for the k-th user.According to the IEEE standard for binary floating-point arithmetic [28], the computational precision of a 64-bit doubleprecision number is approximately 10 −15 .Since 0 Similarly, for the second-level CSS, z 0 and γ can be set as the shared security keys for all users.Since 0 < z 0 < 1 and 0 < γ < 0.5, the key space of the second-level CSS can be obtained by 10 15 × 0.5 × 10 15 = 5 × 10 29 .
Based on the above analysis, the key space with respect to the security of legitimate users against eavesdroppers is contributed by both the first-level CCT and the second-level CSS which is given by 5.46 × 10 86 × 5 × 10 29 = 2.73 × 10 116 .Moreover, the key space with respect to the privacy among all the legitimate users is only contributed by the first-level CCT which is given by 5.46 × 10 86 .As we can see, the key space with respect to the security of legitimate users against eavesdroppers is substantially enlarged from 5.46 × 10 86 to 2.73 × 10 116 when adopting the two-level chaotic encryption scheme in comparison to that using only the first-level CCT.

PAPR analysis
In the next, we also compare the peak-to-average power ratio (PAPR) of the time-domain NOMA signal with and without encryption.As shown in Fig. 6, the time-domain NOMA signal has the same PAPR performance for three different cases: (1) without encryption; (2) with only CCT; (3) with both CCT and CSS.This is because the adopted two-level chaotic encryption only scrambles the bit-to-symbol mapping and the symbol-to-subcarrier mapping, which has no effect on the PAPR performance of the time-domain NOMA signal.

Measured BER performance
After that, we measure the BER versus power allocation ratio of the (4, 4)-QAM based NOMA-OFDM signal for the two legitimate users with perfect SIC in the secure and private NOMA VLC system.As shown in Fig. 7, nearly the same BER performance can be achieved with and without the two-level chaotic encryption for each legitimate user.Moreover, the BER of user 1 is gradually reduced with the increase of the power allocation ratio and the BER reaches the forward error correction (FEC) threshold of 3.8 × 10 −3 when the power allocation ratio is 0.16.In contrast, the BER of user 2 is gradually increased with the increase of the power allocation ratio and the maximum power allocation ratio to reach the FEC threshold is 0.31.It also can be seen that the lowest average BER with and without encryption is achieved at the power allocation ratio of 0.25.The insets in Fig. 7 illustrates the corresponding (4, 4)-QAM constellation diagrams.under all three scenarios, due to the incorrect bit-to-symbol mapping and/or symbol-to-subcarrier mapping.It indicates that the eavesdropper cannot get any useful information from the legitimate users for an arbitrary power allocation ratio, unless the eavesdropper have keys for both CCT and CSS at the same time.Furthermore, the privacy between two legitimate users is evaluated.As shown in Fig. 8(b), user 1 can decode the signal of user 2 successfully when the power allocation ratio is equal or less than 0.39 if the NOMA VLC system is not encrypted.Similarly, without encryption, user 1's signal can be decoded successfully by user 2 when the power allocation ratio is equal or larger than 0.24.Hence, the privacy between legitimate users cannot be efficiently guaranteed if the NOMA VLC system is not encrypted.However, when the proposed NOMA-OFDM scheme with two-level chaotic encryption is implemented in the NOMA VLC system, as can be observed from Fig. 8(b), the BER of a legitimate user decoding the signal of another legitimate user is always about 0.5 for an arbitrary power allocation ratio, suggesting significantly enhanced privacy between two legitimate users.

Conclusion
In this paper, we have proposed and experimentally demonstrated a novel secure and private NOMA VLC system by employing OFDM modulation with two-level chaotic encryption.In comparison to the conventional NOMA VLC system without encryption, both the security of legitimate users against the eavesdroppers and the privacy among all the legitimate users can be guaranteed in the proposed encrypted NOMA VLC system.The experimental results show that nearly the same BER performance can be achieved for each legitimate user with and without the two-level chaotic encryption.Moreover, the eavesdropper cannot get any useful information from the legitimate users due to the lack of keys for successful decryption.It has also be verified that a legitimate user cannot decode the signal intended for another legitimate user during the process of SIC.Therefore, the proposed NOMA VLC system is promising for future high-speed secure and private indoor wireless communications.

Fig. 1 .
Fig. 1.Illustration of a NOMA VLC system with two legitimate users and one eavesdropper.
where a n, f ,k and b n, f ,k (a n, f ,k , b n, f ,k ∈ {1, 2, • • • , m}) are two integer parameters and m = log 2 M.

Fig. 4 .
Fig. 4. Experimental setup of a secure and private NOMA VLC system with two legitimate users and one eavesdropper using (4, 4)-QAM OFDM with two-level chaotic encryption.

Fig. 5 .
Fig. 5. (a) Measured frequency response and the corresponding power loading coefficients for digital pre-FDE and the received electrical spectra (b) before and (c) after digital pre-FDE.

Fig. 6 .
Fig. 6.Comparison of PAPR performance of the time-domain NOMA signal with and without encryption.w/o: without; w/: with; enc: encryption.

Fig. 7 .
Fig. 7. Measured BER versus power allocation ratio for two legitimate users with perfect SIC.w/o: without; w/: with; enc: encryption.

Fig. 8 .
Fig. 8. Measured BER versus power allocation ratio for (a) eavesdropper decoding legitimate users' signal and (b) one legitimate user decoding the signal of another legitimate user.eav: eavesdropper; w/o: without; w/: with; enc: encryption.