ReviewCognitive radio network security: A survey
Introduction
Of the different kinds of wireless technology supporting Internet access and other services, a very effective idea is to merge different wireless networks and to use one of them appropriately, depending on the communication environments and various application requirements. At first, cognitive radio was pioneered by Mitola (2000) from software defined radio (SDR). The main objective of this idea was originally to improve spectrum utilization. There is an ever-increasing demand for spectrum for emerging wireless applications and there is a spectrum shortage for the wireless applications. In view of this, the Federal Communications Commission (FCC) has considered making the licensed spectrum available to unlicensed users. This will allow unlicensed users to use the empty spectrum, provided they cause no interference to licensed users. Most radio systems today are aware of the radio spectrum. Cognitive radio is a new research area for wireless communication in which either a network or a wireless node is able to change its transmission or reception parameters to communicate efficiently by avoiding interference with licensed or unlicensed users. Basically, the parameters that are used in CRNs are based on the active monitoring of several factors, either in the external or internal radio environment, such as radio frequency spectrum, user behavior and network state. A cognitive radio senses available spectrum, occupies it and can vacate the spectrum on sensing the return of the primary user (PU). We call future wireless networks ‘cognitive radio networks' (CRNs), which is quite consistent with Haykins's definition of cognitive radio (Haykin, 2005): “Cognitive radio is an intelligent wireless communication system that is aware of its surrounding environment (i.e., the outside world), and uses the methodology of understanding-by-building to learn from the environment and adapt its internal states to statistical variations in the incoming RF stimuli by making corresponding changes in certain operating parameters (e.g., transmit power, carries-frequency, and modulation strategy) in real time, with two primary objectives in mind: highly reliable communication, whenever and wherever needed, and efficient utilization of the radio spectrum”. The authors in Chen et al. (2008a) stated that whenever cognitive radios can find opportunities for communication using the “spectrum holes”, cognitive radio transports packets on top of cognitive radio links in order to successfully facilitate useful applications and services. A mobile terminal with cognitive radio capabilities can always sense the communication environments (e.g. spectrum holes, geographic location, available wire/wireless communication system or networks, and available services), analyze the environment and learn information from the environments with the user's requirements and reconfigure itself by adjusting system parameters to conform to certain policies and regulations. The authors provided an example in Chen et al. (2008a), where a cognitive radio mobile terminal senses that there are WiFi and GSM systems nearby while spectrum holes exist in the frequency band of digital TV, hence, it may decide to download files from a certain WiFi AP, make a phone call through the GSM system and communicate with other cognitive radio users, using those spectrum holes. Figure 1 shows the basic difference between wireless networks and cognitive networks.
A cognitive radio terminal also has the ability to negotiate with another spectrum and network utilization. This negotiation process may be undertaken with the support of network/infrastructure sides or simply by proceeding in an ad hoc manner. In CRNs, the radio could also facilitate interoperability among different communication systems in which frequency bands and/or formats are not the same (Chen et al., 2008a). On the other hand, cognitive radio is placed above the SDR (Software Defined Radio) and it uses its “intelligence” that lets an SDR to determine which mode of operation and parameters to use. Actually, an SDR is simply a radio that puts most of the Radio Frequency (RF) and Intermediate frequency (IF) functionality, including waveform synthesis, into the digital (rather than the analog) domain, allowing great flexibility in the modes of radio operation (called “personalities”) (Haykin, 2005). CRNs are more flexible and exposed to Wireless Networks compared with other traditional radio networks. Hence, there are many security threats to CRNs because of its special characteristics, such as intelligence functionality and dynamic spectrum access application, more so than for other traditional radio environments. Since cognitive radios can adapt to their environment and change how they communicate, it is crucial that they select an optimal and secure means of communication. Compared to wired networks, the nature of wireless networks means that it is unavoidable that security is vulnerable. In a wireless network, a signal has to be transmitted through an open media without a real connection. That is to say, the data might be eavesdropped and altered without notice; or the channel might be jammed and overused by an adversary (Zhang and Li, 2009a). A description and categorization of the security threats in CRNs and an analytical survey for the detection of several attacks have been undertaken in Fragkiadakis et al. (2011). The unique characteristics of CRNs make security more challenging. Here we summarize a number of security threats for CRNs:
- •
Sensing problem: Cognitive radio technology provides more opportunities for attackers due to its intrinsic nature. For example, spectrum sensing is a key characteristic used in CRNs, which scans certain range of the spectrum to detect unoccupied spectrum (Naveed and Kanhere, 2006b, Kaligineedi et al., 2008b, Akyildiz et al., 2008). Through this process, an unlicensed user can determine whether the radio can be used. However, if the spectrum sensing result is modified maliciously, normal network activities will be disabled; it is possible that all network traffic may collapse. Other types of threats include spectrum decision threats, spectrum sharing and spectrum mobility threats.
- •
Hidden terminal problem: As mentioned in Kaligineedi et al. (2008b), the most important challenge facing a cognitive radio system is to identify the presence of PUs over a wide range of spectrum. This process is very difficult as we need to identify various PUs employing different modulation schemes, data rates and transmission powers in the presence of variable propagation losses, interference generated by other SUs, and thermal noise. For example, if the channel between the primary transmitter and the sensing device is under a deep fade, it is possible that the sensing device may not detect the primary signal. As a result, the cognitive radio might transmit a signal in the corresponding PU band, causing interference to the nearby primary receiver. This issue is commonly referred to as the Hidden Terminal Problem.
- •
Policy threats: In order to communicate more effectively in an intelligent way, a CR needs policies for reasoning in different environments or under different conditions. There are two types of threats when using policies (Clancy and Goergen, 2008): first, policies may be modified by attackers. An attacker can obtain control of a CR, or obtain permission from the policy database administration to modify the internal policies. Second, false policies also lead to security threats. An attacker can try to inject false policies into the CR policy database, and thereby cause interference.
- •
Learning threats: Some CRs are designed with the capability of learning. These CRs can learn from past experiences or current situations to predict the future environment and select optimal operations. But attackers can modify past statistics or spoof current conditions to prevent the CR from predicting accurately (Zhang et al., 2008).
- •
Parameter threats: An attacker can manipulate a CR to behave maliciously, and teach the CR to alter the parameters to affect the CR to conduct sub-optimal operations for CRNs (Clancy and Goergen, 2008).
However, to date, there has been no comprehensive analysis or discussion of security threats caused specifically by CR techniques and the special characteristics of CR in CRNs. So, a comprehensive survey of CRNs and their architectures and security issues has been carried out in this paper.
One of the key advantages of CRNs is that they can offer low cost solutions to a variety of real-world challenges. CRNs can reduce or eliminate the need for human interaction in information gathering in certain civilian and military applications (Arslan and Ahmed, 2007) by solving spectrum scarcity problems in the real world. CRNs are vulnerable to various attacks because they are usually deployed in unattended environments and use unreliable wireless communication. However, it is not simple to implement security defences in CRNs. One of the major obstacles in deploying security on CRNs is that the current CRNs have limited computation and communication capabilities. With this in mind, many researchers have begun to ensure security for CRNS with different security mechanisms. Security mechanisms, including trust management, have the ability to secure CRNs against attackers. CRNs are application-specific networks. Except for some common features, a CRN for a specific application has some unique features and correspondingly, some unique security requirements. Our design is driven by specific applications and their security requirements, this principle making the designed scheme more practical. To date, there has been no comprehensive analysis or discussion of security threats caused specifically by CR techniques and the special characteristics of CR in CRNs and there are still several gaps in CRNs research which have not yet been addressed, resulting in there being no effective defense mechanism against attacks in CRNs, as well as no guidelines for the selection of defense mechanisms. Hence, in this work, we integrate prior research results and investigate the current problems in CRNs. The main contributions of this paper are as follows:
- 1.
We clarify the security requirements of CRNs according to four security levels which are depicted in Fig. 8, providing a better understanding of the attacks against CRNs and the priority of each security requirement.
- 2.
We highlight the advantages and disadvantages of existing schemes and identify open problems in relation to CRNs. We discuss the security model, and threat model for the establishment of four different secure schemes of spectrum management in CRNs.
Section snippets
Cognitive radio network working process and applications
The working capabilities of a CRN can be classified according to the working functionalities as shown in Fig. 2. A cognitive radio senses the environment (cognitive capability), analyzes and understands the sensed information (self-organized capability), makes decisions (decision capability) and adapts to the environment (reconfigurable capabilities). In this section, for completeness, we give an overview of each of these activities.
Cognitive radio network architecture
According to Chen et al. (2008a), a CRN can sense available networks and communication systems around it, depending on the spectrum sensing to effectively improve spectrum utilization. CNRs are composed of various kinds of communication systems and networks, and can be viewed as types of heterogeneous networks. The purpose of CRN architecture design is to improve the entire network utilization, rather than just link spectral efficiency. Actually, from the user's perspective, network utilization
Security requirements of cognitive radio networks
As a CRN solves the spectrum shortage problem by dynamically utilizing the spectrum, CRN security becomes a challenging issue. Cognitive radio technology is more susceptible to attack compared to general wireless networks due to its intrinsic nature. Several survey papers (Clancy and Goergen, 2008, Burbank, 2008, Chen et al., 2008b) examine only a small number of general security requirements of CRNs. Mathur et al. were the first to describe security requirements elaborately (Mathur and
Attacks on protocol layers and scope of attacks in cognitive radio networks
In this section, we describe attacks on various protocol layers of CRNs and these attacks are categorized depending on their target in security requirements.
Spectrum sensing
A CR is considered to be aware of and sensitive to the changes in its surroundings, which makes spectrum sensing an important requirement for the realization of CRNs. Spectrum sensing enables CR users to adapt to the environment by detecting spectrum holes without causing interference to the primary network. This task can be accomplished by a real-time wide band sensing capability to detect weak primary signals within a broad spectrum range. Generally, spectrum sensing techniques can be
Countermeasures for various attacks on cognitive radio networks
In this section, we discuss various possible countermeasures to the potential attacks on CRNs. The authors in Leon et al. (2010) proposed various possible countermeasures on different attacks in CRNs.
Secure spectrum sensing scheme
One of the functionalities of cognitive radio is to detect spectrum holes by spectrum sensing which keeps monitoring a given spectrum band and captures the information. CR users may temporarily use the spectrum holes without creating any harmful interference to the PUs. However, CR must periodically sense the spectrum to detect the presence of incumbents and quit the band once detected. The detection techniques which are often used in local sensing are energy detection, matched filter, and
Challenges and open problems in cognitive radio networks
Previous research investigations on spectrum management, as well as the attention (little though it is) given to security for CRNs, mainly focus on spectrum selection and availability on a hypothetical network model, rather than on a specific application. Gaps still exist in the area of security for CRNs and must be thoroughly investigated.
- 1.
No guideline for security model definition: Current spectrum management schemes lack a formal security model. Existing literature (Mathur and Subbalakshmi,
Conclusion
This research work aims to address the problem of spectrum management for CRNs, focusing in particular on the security issues of CRNs. Attacks on different protocol layers have been addressed in this paper and possible countermeasures to secure CRNs are presented. Although some work has been done in this realm, there is not a secure framework for CRNs. Hence, this paper presents a survey on the architecture and security issues in CRNs. Challenging problems related to security issues are
References (81)
NeXt generation/dynamic spectrum access/cognitive radio wireless networksa survey
The International Journal of Computer and Telecommunications Networking
(2006)CRAHNscognitive radio ad hoc networks
Ad Hoc Networks
(2009)- et al.
Emerging cognitive radio technologyprinciples, challenges and opportunities
Journal of Computers and Electrical Engineering
(2010) Location-based authentication protocol for first cognitive radio networking standard
Journal of Network and Computer Applications
(2011)- et al.
Game theory for cognitive radio networksan overview
Journal of Computer Networks
(2010) - et al.
Anomaly detection in wireless sensor networksa survey
Journal of Network and Computer Applications
(2011) Reinforcement learning for context awareness and intelligence in wireless networksreview, new features and open issues
Journal of Network and Computer Applications
(2012)- et al.
Cognitive maritime wireless mesh/ad hoc networks
Journal of Network and Computer Applications
(2012) - Akyildiz IF, Lee WY, Vuran MC, Mohanty S. A survey on spectrum management in cognitive radio networks. In: IEEE...
- et al.
Security in cognitive wireless sensor networks, challenges and open problems
EURASIP Journal on Wireless Communications and Networking
(2012)