600 likes | 1.23k Views
Security Issues in Cognitive Radio Networks (CRN). Peng Zang Apr. 13, 2012. Outlines. Why Using CRN and its goal Elements of CRN Specific security issues of CRN Selected attack models Several potential solutions and models Conclusion. Why CRN. Spectrum crisis
E N D
Security Issues in Cognitive Radio Networks (CRN) Peng Zang Apr. 13, 2012
Outlines Why Using CRN and its goal Elements of CRN Specific security issues of CRN Selected attack models Several potential solutions and models Conclusion
Why CRN Spectrum crisis Most spectrum are occupied by licensed users Exploit idle portion of the licensed spectrum Goals Coexistence with Primary Users (PU) Coexistence with other Secondary Users (SU) Using spectrum effectively and fairly Maximum throughput Fairly allocated spectrum to each SUs
Elements of CRN Spectrum sensing Spectrum analysis and decision making Dynamic Spectrum Access and Allocation (DSA) Software defined Radio (SDR) Cognitive capability Reconfigurability
Attack against CRN Primary User Emulation Attack (PUE) Spectrum Sensing Data Falsification Attack (SSDF) Common Control Channel Attack (CCC) Beacon Falsification Attack (BF) Cross layer attacks Software Defined Radio Attacks (SDR) etc.. No modification to the incumbent signal should be required to accommodate opportunistic use of the spectrum by SUs. – FCC
PUE attack An attacker emulates PU to force SUs leave the vacant channel High probability of success Could lead to DoS attack 3 models will be presented: Signal feature based; Localization based; Lion attack; Figure 1. A simplified PUEA scheme [1]
Background knowledges Received signal Path loss : Log-normal Shadowing: Received energy: Variance of shadowing parameter Shadowing Path loss : constant
PUE attack 1.1: Signal feature based – Assumptions SU & Attacker know r1, attacker know r2 & r3. SU & PU : stationary Energy detection is adopted Attack knows and waveform of PU signal When signal transmitter is: PU: Attacker: Different and unique
PUE defense Model 1.1 – naive defense Received signal energy: they are i.i.d. And follow the same distribution as Use unbiased estimator: Determination: Step1: Keys for determination Step2: Threshold
PUE attack 1.2: advanced attack Goal: Make SU receive emulation signals has same power level as PU signal: Need two parameter first: Attacker received signal from PU: where:
PUE attack 1.2: advanced attack cont'd From MLE, parameters are found: Design of emulation signal: Leads to: The emulation signal transmitted with power:
Advanced Defense 1.2: Variance detection Basic idea: Detect PU channel parameter – Using unbiased estimation: Detection:
Advanced Defense 1.2: Variance detection Decision making: However, there are always trade-offs
PUE attack defense model 2: localization based[2] • Basic idea: Transmitter's location verification • Methods: • Received Signal Strength (RSS); • Need help from Wireless Sensor Network (WSN) • Assumptions: • WSN distributed uniformly • Attacker not in the same position as PU • RSS Model: • Variance: mean:
RSS smoothing procedure Pivot point 1 Transmitter Pivot point 2
RSS Smoothing Procedure • Step 1: Calculate Median value of RSS in each pivot point. • For Pivot point 1 (R0): • Find minimum value of
RSS Smoothing Procedure • For Pivot point 2 (R1): • Find maximum value of • Step 2: Get a loose lower bound:
RSS Smoothing procedure • Step3: Obtain • P: confidence level • New R.V. X0: • Then r and d must satisfy:
PUE attack 3: Lion Attack Model [4] • Intelligent algorithm: attack TCP transmission utilizing retransmission timer back off. • Analytical Model:
Assumptions and definitions • Each attack lead to a handoff • Fixed handoff time: Fixed detection time: • R.V.: Another R.V.: • Round Trip Time(RTT) < Minimum Retransmittion Time Out(RTO) • At least one handoff take place • Probability of k handoffs in an interval (x',x'+τ) is • Then:
RTO and Retransmission time • Retransmission Time Out (RTO): • Retransmission Time instant:
Find Inactivity Time • Probability that inactive time is a given value: • Expected average time of inactivity: Pr(every t’ before this one happened in a handoff)
Find Inactivity Ratio • Find TCP inactivity percentage: • Average activity time:
PUE attack Conclusion • Model 1.1 &1.2 • Goal: Authentication • Channel parameters Map vs. Public/Private Key • Model 2 • WSN vs. KDC • Model 3 • RTO vs. Secrete Key
SSDF : Model • Assumptions: • In distributed sensing; • Fixed graph for the network; • Duplex wireless connections; • Attackers are in the graph and send falsified information to SU; • Energy detection model is used.
Basic idea • Step1: Get mean value of sensing result from neighbor nodes • Step2: Exclude most deviate neighbor node • Step3: Consensus algorithm
Basic idea con't • Step 4: Compare with threshold: • Vector form of algorithm: • P: double Stochastic Matrix – ensure convergence of x* in whole network
Conclusion • Consensus vs. Trust model • To trust, or not to trust…
References [1] Ruiliang Chen; Jung-Min Park; Reed, J.H.; , "Defense against Primary User Emulation Attacks in Cognitive Radio Networks," Selected Areas in Communications, IEEE Journal on , vol.26, no.1, pp.25-37, Jan. 2008 [2] Zesheng Chen; Cooklev, T.; Chao Chen; Pomalaza-Raez, C.; , "Modeling primary user emulation attacks and defenses in cognitive radio networks," Performance Computing and Communications Conference (IPCCC), 2009 IEEE 28th International , vol., no., pp.208-215, 14-16 Dec. 2009 [3] Yu, F.R.; Tang, H.; Minyi Huang; Zhiqiang Li; Mason, P.C.; , "Defense against spectrum sensing data falsification attacks in mobile ad hoc networks with cognitive radios," Military Communications Conference, 2009. MILCOM 2009. IEEE , vol., no., pp.1-7, 18-21 Oct. 2009 [4] Hernández, J.; León, O.; Soriano, M. “Modeling the lion attack in cognitive radio networks. Eurasip journal on wireless communication and networking, 2011, vol. 2011, p. 1-10. [5] Nansai Hu; Yu-Dong Yao; Mitola, J.; , "Most Active Band (MAB) Attack and Countermeasures in a Cognitive Radio Network," Wireless Communications, IEEE Transactions on , vol.11, no.3, pp.898-902, March 2012
Thank you ! • Questions?