Secure and Robust MIMO Transceiver for Multicast Mission Critical Communications

Mission-critical communications (MCC) involve all communications between people in charge of the safety of the civil society. MCC have unique requirements that include improved reliability, security and group communication support. In this paper, we propose secure and robust Multiple-Input-Multiple-Output (MIMO) transceivers, designed for multiple Base Stations (BS) supporting multicast MCC in presence of multiple eavesdroppers. We formulate minimization problems with the Sum-Mean-Square-Error (SMSE) at legitimate users as an objective function, and a lower bound for the MSE at eavesdroppers as a constraint. Security is achieved thanks to physical layer security mechanisms, namely MIMO beamforming and Artificial Noise (AN). Reliability is achieved by designing a system which is robust to two types of channel state information errors: stochastic and norm-bounded. We propose a coordinate descent-based algorithm and a worst-case iterative algorithm to solve these problems. Numerical results at physical layer and system level reveal the crucial role of robust designs for reliable MCC. We show the interest of both robust design and AN to improve the security gap. We also show that full BS cooperation in preferred for highly secured and reliable MCC but dynamic clustering allows to trade-off security and reliability against capacity.


M
Ission critical communications (MCC) are all communications between people in charge of the security and the safety of the civil society.Employees of public safety services, like policemen, firemen, rescue teams and ambulance nurses, but also from large companies managing critical infrastructures in the energy or transportation sectors require MCC for their operations [1].MCC are conveyed by dedicated Private Mobile Radio (PMR) networks [2] that offer a group (or multicast) communication service.This is a one-to-many or many-tomany communication [3], which is one of the most important features of PMR networks and is essential to manage teams of employees.Due to the critical aspects of their missions, MCC users also inherently require highly reliable and secure communications.In particular, sensitive information should not leak to unintended receivers although the broadcast nature of the wireless channel makes the network vulnerable to malicious eavesdroppers.In this context, we propose in this paper a physical layer secured Multiple-Input-Multiple-Output (MIMO) transceiver design for reliable multi-Base Stations (BS) multicast communication in the presence of malicious eavesdroppers.
In the 3rd Generation Partnership Project (3GPP), group communication is based on Multimedia Broadcast/Multimedia Service (MBMS) standards [2].It thus naturally benefits from the multicast transmission techniques [4].In MBMS, the reliability is improved by coordinating multiple BSs within a so called synchronization area.When all BSs of the area cooperate, we have a Multimedia Multicast/Broadcast Single Frequency Network (MBSFN) transmission [5].
On the contrary, when BSs transmit independently, we have a Single-Cell Point-to-Multipoint (SC-PTM) transmission [6].Dynamic clustering, offering a good trade-off between MBSFN and SC-PTM is gaining popularity in the literature [7], [8].This motivates our scenario of a multicast transmission from multiple BSs towards a group of users and provides us with a framework for system level evaluations.
In order to ensure secure communications in presence of eavesdroppers, we rely on physical layer security [9] mechanisms.They have the advantage of being independent of the secret key generation and distribution [10].Although the use of long and complex keys is considered as one of the important techniques against eavesdroppers, the advent of powerful computational devices makes this approach indeed vulnerable on the long term [11].In this paper, we consider physical layer security-based transceiver design for MCC by exploring signal processing methodologies in the presence of multiple eavesdroppers.Specifically, we incorporate security in two ways: MIMO beamforming is used to achieve the desired performance gain at legitimate users while degrading eavesdroppers channel; and artificial noise (AN) is added at the transmitter to guarantee additional security over the designed transceivers.
In our design, we formulate a problem in which the Sum-Mean-Square-Error (SMSE) should be minimized at legitimate users.This is an approach different from the traditional rate maximization problem, motivated by the reliability requirement in MCC.With the same goal, we propose a design that is robust to Channel State Information (CSI) errors.CSI is indeed never perfectly known due to various reasons such that estimation errors, feedback delays or pilot contamination.CSI errors thus affect the reliability of the communication [12].Hence, it is crucial to design schemes that are resilient to such CSI imperfections.In this paper, we design systems that are robust to either stochastic errors or norm-bounded errors [13], [14].Stochastic Error (SE) models are defined based on the historical data observed in the system and assume a known Gaussian distribution.Norm-Bounded Errors (NBE) are considered to be bounded within an ellipsoid or spherical region without further information on the statistics of the errors [14].
We perform a comparative analysis of both models in terms of system performance.

A. Related Work
Physical layer security has been investigated for various communication applications, most of which assume a simple wiretap communication channel model [9], [15].In this setting, one legitimate transmitter (Alice) communicates with one legitimate receiver (Bob) (thus in unicast) in the presence of a single eavesdropper (Eve).Information theoretic aspects of secrecy have been widely studied in the literature, see e.g.[16], [17], our work however deals with signal processing techniques to achieve secure communications [18].From the signal processing perspective, physical layer security has been studied for simple wiretap channels in various contexts such as artificial-noise aided security [19]- [21], secure beamforming techniques [22], [23], or diversity oriented security [24].However, secured designs considering complex communication scenarios involving multiple transmitters, receivers and eavesdroppers have been observed in the literature only over the past decade.For example, uplink multiuser transmissions are considered in [25] and relay-assisted security is studied in [26].The multicast scenario has been studied in [27]- [30], however always while assuming a single transmitting BS.To the best of our knowledge, secured multiple BS multicast system design has not been reported in the literature.Specifically in MCC, physical layer security has been considered in [31]- [33] in the context of resource allocation resource allocation [31] or for authentication [32], [33], but only for machine-type communications.It is however worthwhile noting that no instance addressing the design of secure transceivers for MCC group communications has been observed so far.
MCC group communications involve text, image, audio or video exchanges in multicast.In this context, maximizing the data rate or the secrecy rate, as it is done usually in the literature, is not the main objective of operators.Instead, together with the security, the correctness of the data is of utmost importance.In our work, we thus consider a secure SMSE minimization-based transceiver design in the presence of multiple eavesdroppers.In the literature, only two instances of minimum MSE-based secure precoder design have been respectively discussed in [34] and [35], however, for a simple wiretap communication scenario.These designs cannot be readily adapted for the proposed system due to increased complexity related to the presence of multiple coordinating BSs and eavesdroppers.Moreover, the multicast transmission, which consists of transmitting a common message to all legitimate users, makes the processing at eavesdroppers easier and thus requires a specific design.
The addition of AN for the secure design of communication is either done in the null space of legitimate users, see e.g.[19], [21], or is jointly designed with the precoder as in [26].In this paper, we adopt a joint AN and transceiver design approach, where an AN shaping matrix is designed by solving the joint optimization problem and meet the overall design constraints.
We confirm the interest of such a technique in the specific scenario of MCC.
At last, to improve the system performance under realistic channel uncertainties, robustness needs to be incorporated as part of the design.Effectiveness of this approach is well-studied in the literature for various wireless communication applications [36]- [38].However, most existing works on the design of physical-layer secured transceivers consider the availability of perfect CSI knowledge of both legitimate users and eavesdroppers.Very few papers are considering imperfect CSI [39], [40], and only for the wiretap communication channel.In this paper, we consider imperfect CSI at both legitimate users and eavesdroppers in a complex scenario involving multiple BSs.A robust design is proposed for both stochastic error (when the error statistics can be learned) and norm-bounded error models (when minimal prior knowledge is available).
A preliminary version of this paper has been published in [41].This reference neither include the security issue nor the norm-bounded error model.The system level performance evaluation is based on the work of [8], but this reference, which proposes a clustering algorithm for MCC, does not implement any MIMO transceiver design.

B. Contribution
In this paper, we propose a physical layer secured and robust MIMO transceiver design for multi-BS multicast MCC system in presence of multiple eavesdroppers.The main contributions of this work are summarized as follows: • We formulate novel SMSE minimization problems to capture the reliability and security requirements of multicast MCC.Specifically, two optimization problems (P 1 and P 2 ) are considered according to the type of CSI errors, i.e., stochastic (Assumption 1) and normbounded errors (Assumption 2).Security aspects are tackled using MIMO beamforming and AN and accounted in the miminization problems as a lower bound constraint for the MSE of eavesdroppers.
• When stochastic errors are assumed, we propose a coordinate descent iterative algorithm to solve the SMSE minimization problem (Algorithm 2).The algorithm is based on closedform equations for the MSE (Lemma 1) and the gradient of the Lagrangian (Proposition 1).
• When norm-bounded errors are assumed, we adopt a worst-case approach and decompose the original problem into three sub-problems.Resultant robust filters and AN shaping matrix are obtained by sequentially solving individual sub-problems in an iterative way (Algorithm 3).
• We provide numerical results at physical layer and system level to gain insights for the proposed designs.Physical layer simulations show the importance of robust designs for ensuring highly reliable MCC, even when norm-bounded errors are present.We show also the interest of AN for multicast MCC to ensure secure communications.System level simulations reveal that a full cooperation of the BSs of the synchronization area is preferred for reliable and secured MCC.If capacity becomes an important consideration, dynamic clustering can be adopted at the expense of less secured and reliable communications.
The paper is structured as follows: Sec.II describes the network and transceiver models.The problem formulations and the design of the transceivers are presented in Sec.III.Physical layer and system level simulations are shown in Sec.IV.Sec.V concludes the paper.
Notations: We use bold-faced lowercase letters to denote column vectors and bold-faced uppercase letters to denote matrices.For any matrix X, tr(X), E{X}, X H , and X T denote trace, expectation, conjugate transpose, and transpose operator, respectively.

II. NETWORK AND TRANSCEIVER MODEL
In this section, we present the network and transceiver models.

A. Network Model
We consider the downlink of a cellular network dedicated to MCC with BSs serving legitimate users.Every legitimate user belongs to a multicast group, i.e., users of a given group receive the same information from the network.Every group is served by a cluster of coordinated BSs.
In addition to legitimate users, we assume the potential presence of eavesdroppers, who listen to the transmitted information in a passive mode, i.e., without any tampering of the legitimate messages or active participation with the BSs.Fig. 1 shows such a cluster of BSs communicating with a set of group users.Among the BSs in the network, a set B of BSs are assumed to be synchronized: they operate at same frequency and utilize the same time/frequency resource block for communication.In the terminology of MBMS, B is called a MBSFN synchronization area.In Fig. 1, white and blue cells form the MBSFN synchronization area, while grey cells are outside.
In the proposed system, we consider a dynamic coordinated cluster of BSs S ⊆ B (in blue in Fig. 1), for every group of users U. When S = B, all BSs of the MBSFN synchronization area cooperate to serve the group, this is called a full MBSFN transmission.Cells outside B contribute to the co-channel interference.When |S| = 1, we have a SC-PTM transmission.
In general, a subset S ⊆ B is dynamically selected for every group.In this case, cells in S cooperate, while cells in B\S and cells outside the MBSFN synchronization area contribute to the co-channel interference.In this paper, we consider a greedy clustering algorithm, where the cluster is formed by progressively selecting K ′ T best BS on the basis of maximum Signal to Interference plus Noise Ratio (SINR) achieved at the group users (see Algorithm 1).We first include in S the BSs that provide the highest receive power to every user.If |S| ≤ K ′ T , we complete with K ′ T − |S| BSs providing the highest sum SINR to group users.K ′ T is considered as a design parameter that controls the minimum cluster size.The greedy clustering algorithm and its variants are widely adopted in the literature related to multi-point cooperation, see e.g.[7], [42].We denote K T as the number of BSs eventually selected by Algorithm 1.

B. Transceiver Model
To analyze the transmission towards a group of users, we consider the secure multi-user MIMO multicast wireless communication scenario as shown in Fig. 2, where the K T BSs of cluster S multicast a common message to K R legitimate user-equipments (UEs) in a group.The transmitted signal is assumed to be overheard by K E passive eavesdroppers (eves).All the nodes in the system are considered to be equipped with MIMO processing, where each BS, UE and eve have N T , N R and N E antennas respectively.Each BS multicasts a time-slotted N s dimensional column vector d with transmit power P T , where N s is the number of parallel data streams transmitted by the BS.The data d is considered to be mutually independent, so that E[dd H ] = I Ns .Before transmission, the data vector is processed by a (N T × N s ) dimensional precoder matrix V t at the t-th BS, t = 1, • • • , K T .In order to improve security, we introduce an additional artificial noise vector z t of size (N T × 1) with zero mean and variance E[z t z H t ] = σ 2 zt I N T at the t-th transmitter.The presence of AN has the goal of depleting the information leak to eavesdroppers.
Furthermore, an AN-shaping matrix W t of size (N T × N T ) is considered to regulate the effect of AN in the overall design.Transceivers and AN-shaping matrix are jointly designed and this information is supposed to be shared between the transmitters and the legitimate users.Hence the signal transmitted from t-th BS is given by: and the total transmit power at t-th BS is given by: We denote the channel gain between the t-th BS and the l-th legitimate UE and between the t-th BS and the e-th eavesdropper by C tl (with dimension N R × N T ) and G te of dimension (N E × N T ), respectively.We assume quasi-static Rayleigh fading channels that remain static over one transmission time-slot.Consequently, the received signal y l at legitimate UE l is given by: where n l is the N R -dimensional zero mean random white Gaussian noise vector at the l-th UE's receive antennas with The random noise vector is uncorrelated with the data vector, so that E[n l d H ] = 0.The received signal at the UE l is estimated as d l (of dimension N s × 1) after passing through a N R × N s dimensional receive filter matrix R l .The estimated data is given by: Thus, the MSE at the l-th legitimate UE is given by: Similarly at the eavesdroppers, the received signal y e at the e-th eavesdropper can be given by: where n e is the random white Gaussian noise vector of size Eavesdroppers do not have the information about the presence of AN in the received signal and hence W t z t is not considered in the MMSE receive filter design.After passing y e through the N E × N s receive filter E e , the estimated data d e at the e-th eavesdropper is given by: Thus, the MSE at the e-th eavesdropper can be obtained as: Furthermore, we assume imperfect CSI knowledge at the receivers as follows.The erroneous channel between the t-th BS and the e-th eve is modeled as: where G te is the available estimate of CSI and ∆ te refers to the corresponding channel uncertainties.In the same way, the CSI knowledge of legitimate users may not always be perfect, so that a robust transceiver designed is required.The erroneous channel between the t-th BS and the l-th user is modeled as: where C tl is the estimated channel and ∆ tl corresponds to channel uncertainties.We consider two ways of modeling the error ∆ te and ∆ tl .The first one assumes that the errors statistics have been learned from previous measurements.The second is valid when only a rough estimate of the noise power is available.[38], where ∆ te and ∆ tl are respectively taken in continuous sets, called uncertainty regions, defined by: where τ te and τ tl denote the radii of the uncertainty regions.
The channel errors for both legitimate UEs and eves are considered to be uncorrelated with the transmitted data sequence as well as to the additive white noise vector, i.e., E[d∆ t,l ] = 0, E[n l ∆ t,l ] = 0 for all t, l and E[d∆ t,e ] = 0, E[n e ∆ t,e ] = 0 for all t, e.We now specify that the expectations in ( 5) and ( 9) are considered over data, channel matrix, noise and estimation errors.

III. SECURE TRANSCEIVER DESIGN
In this section, we present our robust and secure transceiver design.

A. Stochastic CSI Errors
Our goal is to obtain the optimal precoder, receive filter, and AN-shaping matrices V t , R l , and W t for secure communications at all the BSs and legitimate UEs while minimizing the overall SMSE of the legitimate UEs under the constraint of a maximum transmit power at every BS and a minimum MSE for every eavesdropper.In this sub-section, Assumption 1 is considered.
Our joint optimization problem can thus be formulated as follows: minimize The MSE ǫ l and ǫ e at the legitimate user l and eavesdropper e are obtained using ( 5) and ( 9), respectively.The transmit power P t at t-th BS is given by (2).In C1, Γ is a design parameter that represents the lower bound on the achievable MSE expected at each eavesdropper.In C2, P T is the maximum transmit power at every BS.
Algorithm 2: Iterative procedure to obtain transceiver filters for stochastic errors Update E e ∀e ∈ {1, • • • , K E } using (7) Solve for λ e and λ With Assumption 1, the optimal transceiver and AN shaping matrices verify: where and where λ e ≥ 0, and λ ′ t ≥ 0 are the Lagrangian multipliers, which are calculated such that the constraints C1, and C2 are satisfied respectively.Proof: See Appendix B.
From the proposition, we observe that even if the optimal problem is jointly non-convex, it is convex for each variable and an optimal solution can be obtained by finding an optimal solution for one variable while keeping others as fixed [43].To obtain the solution, we utilize the coordinate descent method [44], in which each optimization variable is optimized while considering other variables as fixed.The resulting iterative procedure is shown in Algorithm 2.
In step 7, the Lagrange multipliers λ e , ∀e and λ l , ∀l are obtained by solving the set of nonlinear equations from constraints C1 and C2 by using the function fsolve from Matlab, which implements a dogleg trust-region algorithm [43].Coordinate descent is known to generate sequences whose limit points are stationary if the objective function is continuously differentiable and the minimum along every coordinate is uniquely attained [45].

Complexity analysis -
N is an upper bound on the number of antennas per device and the number of data streams; K is related to the number of devices involved in the communication.The computation of E e in (7), R l in ( 19), V t in (17), and W t in (18) are dominated by K inversions of matrices of size N, so that there complexity is in O(KN 3 ).The computation of ǫ l involves a sum of matrix multiplications and is thus in O(KN 3 ).The dodleg algorithm implemented in fsolve is an iterative algorithm which achieves a ε-approximation of the solution with complexity O(K 3 ε −3 ) when using fully quadratic models in the derivative-free case with 2K unknowns [46].Lemma 2. Let I 2 be the number of iterations of Algorithm 2 and ε > 0 the accuracy of fsolve.

The complexity of Algorithm 2 is at most
In our simulations, I 2 = 10 iterations are generally sufficient to achieve convergence.

B. Norm-bounded CSI errors
In this sub-section, we consider Assumption 2 for system design, i.e., we assume that channel state information errors are only norm bounded.In this case, the problem formulation can be written as: Note that C3 and C4 can be seen as an infinite number of constraints.In order to tackle this problem, we follow a worst-case approach, similar to the one presented in [47].In this approach, the SMSE of legitimate users is minimized for the worst-case error ∆ tl subject to the constraint and, with the worst-case error ∆ te , the MSE of the eavesdroppers is maintained above the predefined threshold.This leads to this new formulation: In order to obtain a solution, we consider three sub-problems that are easier to solve individually.In every sub-problem, we assume that either the optimal transceiver matrices, or the worst-case errors ∆ tl or ∆ te are known and we optimize the other variables.This leads to an iterative algorithm, where, at every iteration, the three sub-problems are sequentially solved assuming the results of the previous iteration for the missing variables.

1) Sub-problem P′ 2 :
In the first sub-problem, we compute the optimal precoder V t , receive filter R l and AN covariance matrix W t while the worst-case channel errors ∆ te and ∆ tl are supposed to be known.The first optimization sub-problem can be thus written as: The optimization problem is similar to (P 1 ) and can be solved using the proof given in Appendix B by replacing σ 2 tl by ||∆ tl || 2 , and σ 2 te by ||∆ te || 2 .

2) Sub-problem P′′
2 : In this sub-problem, the transceiver matrices and the worst-case error ∆ te are supposed to be known and we look for the worst-case error ∆ tl .We can thus formulate the second sub-problem as: minimize The Lagrangian is given by: where κ tl ≥ 0 are the Lagrange multipliers associated to constraints C4.Considering (15), it is observed that solving ( P′′ 2 ) is difficult.To simplify the solution, we consider an approximation of ǫ l by ignoring the second and higher order terms of ∆ tl .Equating to zero, the partial derivative of the Lagrangian with respect to ∆ H tl and to κ tl , respectively, we obtain: Injecting ( 23) in (24), we obtain the Lagrange multipliers: Using the value of κ tl in (23), we get the following lemma.
Lemma 3. The worst-case error ∆ tl that provides the maximum SMSE at the legitimate UEs for given optimal transceivers and AN while satisfying the norm-bound constraint τ tl is given Algorithm 3: Iterative procedure to obtain transceiver filters for norm-bounded errors Solve P′ 2 and update V t , W t , R l using ∆ tl , ∆ te , E e and Algorithm 2 Solve P′′ 2 and update Solve P′′′ 2 and update ∆ te using V t , W t , E e , in (26 3) Sub-problem P′′′ 2 : In this third sub-problem, the transceiver matrices and the worst-case error ∆ tl are supposed to be known and we look for the worst-case error ∆ te .It can be found by solving the problem defined in constraint C5.The sub-problem can thus be written as: This problem is similar to ( P′′ 2 ), the solution can thus be derived along the same lines.
Lemma 4. The worst-case error ∆ te that provides the minimum MSE at the eavesdroppers for given optimal transceivers and AN while satisfying the norm-bound τ te is given by: A stationary solution for ( P2 ) is now obtained by a three step iterative process as given in Algorithm 3. We first obtain the optimal solution considering that the channel errors are known.
Afterwards, the worst case channel errors are computed considering the optimal solution is known.
Complexity analysis -The computation of ǫ l using ( 15) is again in O(KN 3 ).The computation of ∆ tl and ∆ te involves K matrix multiplications and is thus O(KN 3 ).The complexity of Algorithm 3 is thus dominated by the inner loop constituted by Algorithm 2.
Lemma 5. Let I 3 be the number of iterations of Algorithm 3. The complexity of Algorithm 3 is In our simulations, we observe that generally I 3 = 8 iterations are sufficient to achieve convergence of the algorithm.

IV. NUMERICAL RESULTS
In this section, we illustrate the performance of our designs with numerical simulations at physical layer and at system level.

A. Physical Layer Simulations
In physical layer simulations, there is no co-channel interference and both legitimate UEs and eavesdroppers experience the same path-loss.In results, we refer to the Non-Robust (NR) design, Robust (R) design, Stochastic Errors (SE) and Norm-Bounded Errors (NBE).Unless otherwise specified, the simulation parameters are the following: , N E = 4, and N s = 2; P T = 0 dBm; σ 2 nl = P T /SNR, l = 1, 2, .., K R , σ 2 ne = P T /SNR, e = 1, .., K E , where SNR is the transmit SNR.For the R-SE design, σ 2 tl = 0.04 and σ 2 te = 0.09.For the R-NBE design, τ tl = 0.04 and τ te = 0.09.AN variance is σ 2 zt = 0.09.The target MSE threshold at each eavesdropper is Γ = 0.5.We assume a QPSK modulation and average performance metrics over 10 6 data samples for every simulation.In Algorithm 2 and 3, 1) Effect of CSI errors: Fig. 3 shows the BER as a function of the transmit SNR for robust and non-robust designs at legitimate UEs.We observe the interest of designing a system robust to CSI errors to improve the reliability of MCC: up to 6 dB gain can be achieved at low BER  when assuming stochastic errors.As expected, the performance in presence of norm-bounded errors is worse than with stochastic errors.This is due to the higher noise uncertainty: noise is drawn in a sphere of known radius but there is no further statistical knowledge about it.Nevertheless, NBE-based robust design achieves a 3 dB gain at low BER.Fig. 4 shows the effect of different channel error variances on the MSE at legitimate UEs, which is our objective in the proposed minimization problems.Obviously the scenario with perfect CSI performs the best.Then, as expected, the higher the channel errors the lower the performance.The knowledge of the probability distribution function of noise (SE) is a clear advantage over sole knowledge of an upper bound (NBE) for a robust design.
2) Security Gap: The security gap is a measure of the secrecy level based on the BER performance of legitimate UEs and eavesdroppers.The security gap is defined as S g = SNR L min − SNR E max where SNR L min is the minimum SNR at a legitimate UE to achieve high reliability (e.g. 10 −4 in our simulations) and SNR E max is the maximum SNR that guarantees a high BER at a eavesdropper (e.g.0.3).Below SNR E max at eavesdroppers, the communication is secure, above SNR L min at legitimate UEs, the communication is reliable.The gap quantifies the advantage a legitimate UE should have over eavesdroppers in order to have a secure and reliable communication.We see in Fig. 5 (left) that multi-user MIMO and artificial noise leads already to a small security gap (4.5 dB) even with a non-robust design.Robust designs allow an even smaller gap, especially with the stochastic error model (2.5 dB with NBE in the center and −2.3 dB with SE on the right of the figure).3) Effect of AN: Fig. 6 shows the effect of the AN variance on the BER of legitimate UEs and eavesdroppers for the R-NBE design.It is first observed that the BER of the legitimate UEs is significantly lower than the eavesdroppers BER, hence guaranteeing a reliable communication.
The addition of AN lowers a bit the performance of legitimate UEs as some power is dedicated to it.On the contrary for eavesdroppers, there is a significant gap between the system performance with and without AN.For the specific case of multicast MCC, this confirms the interest of AN for secure communications shown in the literature in other contexts.Fig. 7 shows the MSE at eavesdroppers as a function of the threshold Γ considered in our optimization problems.It is observed that the system designed without the consideration of AN is not always able to satisfy the requirement, whereas all the thresholds are readily satisfied by the AN-aided system design.
Further, with the increase in the variance of AN, the system is more likely to achieve higher thresholds and inherently provides enhanced security against eavesdroppers.

B. System Level Simulations
System level simulations allow us to account for co-channel interference and random locations of the users.We consider 100 BSs, distributed over an area of 10 km 2 , drawn according to a Poisson process.The synchronization area is made of 20 BSs (see Fig. 1).The path-loss between BSs and users is calculated as per Okumura-Hata model using a carrier frequency of 700 MHz as given in [48] (a typical frequency for MCC).We assume N T = 16, N R = 8, N E = 4, N s = 2, P T = 46 dBm.The system considered is with robust-NBE at both legitimate and eavesdroppers with τ tl = 0.04 and τ te = 0.09 respectively.AN at t-th BS is set to σ 2 zt = 0.04.For a simulation, a team leader is uniformly drawn in the synchronization area and then 9 team members are selected within a distance of 500 m.Two eavesdroppers are randomly drawn within the same distance around the team leader.All the simulations are executed over 10 6 data streams.Simulations are performed for 100 groups.Fig. 8 shows the BER CDF of legitimate UEs (left) and eavesdroppers (right) for different clustering approaches: MBSFN (the whole synchronization area serves the legitimate UEs), SC-PTM (only cells covering UEs multicast information without cooperation) and dynamic greedy clustering (Algorithm 1, where K ′ T controls the minimum number of BSs involved in the cluster).As expected MBSFN provides the best performance, SC-PTM the worst and dynamic clustering offers a tradeoff 1 .This is true for both legitimate and eavesdroppers but the gap between the two is much higher with MBSFN compared to SC-PTM.MBSFN should thus be preferred for secure and highly reliable MCC.However, a drawback of MBSFN is that it consumes radio resources in every BS of the synchronization area and thus suffers from low 1 SC-PTM provides however the best performance in terms of system capacity as studied in [8].capacity.If an operator wants to increase its network capacity, it should trade-off the security and reliability level against capacity by adopting a dynamic clustering scheme.Dynamic clustering with K ′ T = 10 BSs, which is half of the synchronization area represents for example here a good trade-off.

V. CONCLUSION
We propose a secure MIMO transceiver design for multi-BS multicast MCC that are resilient towards CSI errors following stochastic and norm-bounded error models.SMSE minimization problems are formulated under the constraint of maximum transmit power at every BS and minimum MSE at every eavesdropper.The BSs forming the coordinating cluster are obtained dynamically by using a greedy algorithm.Security is added in the system by optimal MIMO beamforming and by introducing an additional AN at the transmitters.The desired AN filter is jointly designed along with the precoder and receiver filters by solving the considered optimization problems using iterative and worst-case approaches.The performance is evaluated in terms of various parameters including security gap, BER and MSE.The computational analysis is also conducted and presented for both error models.Numerical results reveal the crucial role of robust designs for MCC, even in presence of norm-bounded errors.Adding AN degrades only slightly the performance of legitimate users but significantly improves the security of their communications.At last, we highlight the fact that increasing the number of cooperating BSs improves both reliability and security.However, dynamic clustering can represent a good tradeoff if capacity becomes a requirement.

APPENDIX A PROOF OF LEMMA 1
The transmit power can be expressed as follows: The MSE ǫ l at the legitimate user l is computed as follows: The last two terms can be simplified by using the trace property as given in Lemma 1 in [36].
For any matrix X with E{XX H } = σ 2 I, and matrices U and V of appropriate dimensions, the following equality indeed holds: Incorporating this result into the equation yields the result.Similarly, MSE at the eavesdropper e can be formulated as: + tr( Again, the application of the trace property provides the result.

APPENDIX B PROOF FOR PROPOSITIONS
We use here two binary slack variables χ l and χ e in order to consider at once different problems introduced in the paper.χ l = 1 corresponds to a robust solution for legitimate users and χ l = 0 to a non-robust design.χ e = 1 corresponds to a perfect eavesdroppers CSI at the transmitter, otherwise χ e = 0.The generalized MSE equations are now reformulated as: The e-th eavesdroppers MSE is simplified as: The desired transceivers are obtained by minimizing the Lagrangian with respect to each optimization variable while considering that the other variables as fixed.Hence, the precoder V t is derived by taking the zero gradient of L with respect to V H t , and is given as: Equatting to zero leads to: λ e σ 2 te tr(E e E H e )I + λ Receive filter R l is obtained in the same way, i.e. by differentiating the Lagrangian with respect to R H l , while considering all other variables as fixed, and assigning it to zero:  (40) and so as to satisfy the transmit power constraint at each BS and individual eavesdroppers MSE threshold.

Fig. 1 :
Fig. 1: Network model: White and blue cells form the MBSFN synchronization area; blue cells are serving a group of legitimate users (green diamonds) while a set of eavesdroppers (red crosses) overhear the multicast communication.

Algorithm 1 : 4 : 8 :Fig. 2 :
Fig. 2: System diagram for multi-cast scenario in mission critical communication in the presence of passive Eavesdroppers.
BER CDF for legitimate UEs.
BER CDF for eavesdroppers.
N E × 1 at the e-th eavesdropper's antenna elements with zero mean and covariance E[n e n H e ] = σ 2 ne I N E .The random noise vector is uncorrelated with data vector such that E[n e d H ] = 0.In this work, we assume that eavesdropper implements a classical Minimum-Mean-Square-Error (MMSE) linear receive filter.However, it can replaced with any other linear receiver model.The considered MMSE receive filter at e-th eavesdropper is given as: tr(I) − tr(We solve the optimization problem (P 1 ) by writing the Lagrangian L:L(V t , W t , R l , λ e , λ (tr(V t V H t + σ 2 zt W t W H t ) − P T )(32) t=1E e G te V t ) − tr( ′ t ) = This is equivalent to A t W t = 0 where In the condition A t W t = 0, A t cannot be zero because otherwise effective components in the design of the precoder would be zero and the precoder matrix would be non-singular.This would invalidate the complete design.As a consequence, the AN shaping matrix W t should be taken in the null space of A t and:W t = B t / [tr(B t B H t )] where B t = I − A H t (A t A H t ) −1 A t .Atlast, differentiating the Lagrangian with respect to λ ′ t and λ e respectively and equating to zero, we get: The values for λ e , e = {1, 2, • • • , K E } and λ {1, 2, • • • , K T } are jointly computed by inserting the values of V t and W t in l R l C tl W t + χ l σ 2 ′ t , t =