demand of mobile devices, Data Volume usage and high data rate are increasing
speedily which forces us to go on the next generation cellular network
technology (5G). The next cellular generation or fifth generation (5G) is
expected to encounter all the needs of high rates and the fifth generation
based on Cognitive Radio (CR) provides best spectrum utilization and greatly
upsurge the spectrum efficiency. In this paper, we discuss the security threats
and vulnerabilities and then according to the analysis discuss the solutions
and countermeasures of these threats and vulnerabilities.
Keyword: Cognitive Radio Network; Cognitive Radio
Network Security, Security, Cognitive Radio, Security threats
In the modern years the
cognitive radio (CR) technology Stimulate itself which provides the valuable
solution to increases the spectrum utilization. This technology offers a new
type radio development i.e. a cognitive radio (CR) equipped with intelligence
that senses, uses and shares the SOP (spectrum opportunities) of the forgoing
wireless networks, the channels that are not used by the licensed users.
In the last era, the
spectral resource limitation increased almost exponentially, at the same time
with the wireless technologies development and user’s number/demands growth.
At this moment, the wireless
environment is practically unable to honorably satisfy all its users.
The CR technology appeared
in response to the threatened spectrum resources problem, and its goal is to
optimum utilize the spectrum, and, thus to highly increase the spectrum
In Cognitive Radio (CR) the
main reason of low utilization ratio of frequency band and the inconsistency
for other users in using the equivalent frequency is the static spectrum
allocation principle. If the idle spectrum resource temporarily can use by
Cognitive radio (CR), the tension of shortage of spectrum resources will be
eased and acquire an excessive improvement. Cognitive Radio (CR) is put forward
to solve this problem efficiently. Its main purpose is to make the upcoming radio
equipment with independent to catch the spectrum hole, and efficiently utilize
2. COGNITIVE RADIO ARCHITECTURE
The concept of cognitive radio are mentioned in below
clearly in figure(a).The operating system (OS) characterizes the higher-layer communication;
Operating system is s use to communicate the traffic information. Parameters of
radio atmosphere are sensed and measured by using the sensing components and
then revamps the sensed parameters to the cognitive engine. The purpose of
cognitive engine is combine the information received from sensor and with
policy information to make an appropriate decision about how and when it will
communicate / transfer through the radio receiver and transmitter. Some
Cognitive Radios (CRs) are also dependent on geo locator information of
Cognitive Radios could be generally classified into
one of three network architectures. They could variety with reference to
architectures which cover all the six components in a single non-uniting device
to networked architectures where none of the CR components may be parallel with
each other. This architecture contains multiple examples of each module.
Further to this there are several distributed CRs which may choose to share the
information like location, measurements or policy to make more synchronized and
informed communication decisions. In the cognitive engine, the other CRs are
effectively geo-location, sensing, or communication extensions.
Figure (a) Cognitive Radio
3.COGNITIVE RADIO NETWORK THREATS AND
These attacks are the types of network attacks. In
replay attacks attacker maliciously capture a stream of messages and then resend
the captured stream of messages maliciously after passing some delays for
mismanagement of the network resources and characteristics. Attacker retransmit
the captured stream of messages after some time to cause DoS.
3.2.Rogue Base Station
In rogue base station attack an attacker posing a duplicate
legitimate base station to take off himself as a resident and able send back a
resource return message to the offer. Similarly, the attacker act as offer and
request for resource allocation. Attacker generates the BS-IDs and forgets the
network. When the Attacker gets BS-IDs, attacker exploits this information and
sends crafted messages.
3.3. Spectrum Sensing Data
Falsification Attack (SSDF):
In this type of attack the
malicious user or attacker transmit false spectrum sensing data. Spectrum
Sensing Data Falsification (SSDF) are stated to such attacks where an attacker
may transmit incorrect local spectrum sensing results to a data collector,
resulting the data collector to make a wrong spectrum sensing decision. This
attack takes place when an attacker transmits incorrect spectrum sensed data to
the fusion center. In a centralized CRN, all the data sensed which is collected
by a collect uses CRN to take a suitable decision on which frequency bands are
engaged and which are allowed.
The objective of jamming
attack in the communication network is to deny service by eating up high
percentage of bandwidth. In jamming attack, the attacker (or the frequency
jammer) maliciously transmits packets continuously to obstruct the legitimate
participants in a established communication session from data transmission; Concurrently
it generates a denial of service situation. The jammer can also interrupt
communication by blasting a radio transmission resulting in the exploitation of
data packets received by legitimate users. A more dangerous attack that a
jammer can perform is jamming the dedicated channel that is being used to
communicate sensing information between CRs. Thus, jamming is an attack that is known to
both physical and Data link layers.
There are Four types of jammers which are describe
3.4.1. Constant Jammer:
Constant/Static jammer emits signal continuously on
a specific channel.
Deception jammer is like to constant jammer. But, in
this case, the pulses are same to the regular data packets from a legitimate
Reactive jammer transmits jamming pulses only when
it finds the channel to be busy, so as to cause collision to an transmission
that is in continuous form.
Random jammer alternates between jamming and
Primary User Emulation Attack (PUEA):
One of the key technical challenges associated with
spectrum sensing is the problem of exactly distinguishing primary user signals
from secondary user signals. In CR network, primary users have the priority to
access the channel. If a primary user begins to transmit across a frequency
band occupied by a secondary user, it is required to depart that specific
spectrum band instantly. Conversely, when there is no primary user activity
present within a frequency range, all the secondary users possess equal rights
to the unoccupied frequency channel. Based on these paradigms, there exists the
potential for malicious secondary users to copy the spectral characteristics of
the primary users in order to gain priority access to the wireless channels
occupied by other secondary users. This scenario is referred as Primary User
Emulation, which is carried out by a malicious secondary user emulating a
primary user or masquerading itself as a primary user. In result, the attacker
is able to have the bands of a spectrum. In the presence of energy detection, a
secondary user can recognize the signal of other secondary users but cannot
recognize the signal of primary users. When a signal is recognized, which is
detected when a secondary user is on, it is assumed that the signal is that of
a secondary user only; otherwise it concludes that the signal is of a primary
user. Depending on the motivation of the attacker, PUE attack can be a selfish
PUE attack or a malicious PUE attack. A selfish PUE attach tries to maximize
its own spectrum usage. When a selfish PUE attacker detects a free spectrum
band, they prevent other secondary users from using that band by emulating the
signal characteristics of the primary user. Malicious PUE attack is similar to
denial of service attack. It prevents the legitimate secondary users from
detecting and using the free spectrum bands.
3.6.Cross layer Attack:
A smart attacker can launch
several attacks in different layers coordinately. This is referred to as the
cross-layer attack. This coordination of attack activities can reduce the
attacker’s probability of being detected, lowers the cost to conduct the attack
and supports to accomplish the attacker’s goal which may not be possible in a
single layer. To make this attack a success, all attackers should have a
clearly defined goal. It can also reduce channel utilization both in Physical layer
and data link layer. Cross-layer attack can be defined as, a group of attack or
malicious activities that are conducted coordinately in multiple network layers
to accomplish specific attack targets.
3.7. Incumbent Emulation (IE) Attacks:
In Incumbent Emulation, the
user tried to get the priority on the other secondary’s by transmitting signals
which could help to emulate the features of an incumbent. The impact of
Incumbent Emulation attack is the real secondary’s abilities for differentiate
the signals of attacker with the actual incumbent signals during the sensing
3.8.Common Control Channel (CCC) Attacks:
The successful jamming may
stop or delay communication across a wide frequency range in this regard the
DoS attacks are the target
for the Common Control
Lion attack is defined as a
jamming targeted to decrease the throughput of TCP by forcing frequency
handoffs. The lion attack, together with the PUE attack, can efficiently decrease
the throughput of TCP. The attacker can even perform a Denial of Service (DoS)
by emulating a primary transmission at particular time instant, if the attacker
knows some of the connection parameter.
3.10.Sink hole Attack:
The two most relevant
attacks at the Network layer are Sinkhole and Hello flood attack. In a Sinkhole
Attack, an attacker presents itself as having the exceptional route to a particular
destination. The neighboring node uses it to forward their packets and then it
can modify or fall the packets that pass through it. Another attack can be
performed by an attacker known as choosy forwarding, where an attacker can adjust
or refuse packets from any node in the network. The Sinkhole attack is very
effective in infrastructure and mesh architecture as all traffic goes through a
In Hello-flood attack, the
attacker transmits broadcast message to all the nodes in a network with enough
power to convince them sending a packet it is their neighbor. For instance, an
attacker to a specific destination can encourage even far away nodes to use
this route, convincing them he is their neighbor. As a result, the packet is
lost and it will have no neighbor to forward its packet.
4.COUNTERMEASURES & SOLUTIONS
The countermeasure against Rogue
Base Station and the return attack. For mitigate on those declared attacks,
referenced research paper 5 proposed three constraints to secure the network
sharing; which are Digital Signature, Nonce and Timestamp.
The defense strategies of
Rogue Base Station and the return attack. For succeed on those declared
attacks, our research paper 5 proposed three constraints or strategies to
secure the sharing of network; which are Digital Signature, Nonce and
Timestamp. the Time Stamp if these packets are newly generated then it is received
otherwise it is discarded.
In nonce repeat packet is rejected
so DoS and replay attacks can be eliminated. Digital Signatures are used to
dispatcher and for recognize the alternation of received packet. Applying DS built
verification of the dispatcher is actual to escape the above mention attacks.
In reference 3 author has
proposed that LocDef arrangement authenticates either a given signal is that of
an incumbent transmitter with the resembling of its position as well as
detecting the signal features. LocDef could be helpful to remove or moderate
some of the above-mentioned drawback. This scheme can eliminate the motivation
of attacks. Malicious nodes could be thrown the undesirable packets on the
channels to halt these undesirable packets.
The impression of flow control which could be
initiated at MAC level with the inclusion of time limitation. Receiver
describes the monitoring of Time Interval that is why the sender is unable to
transmit the data regularly. If sender spreads the data on the high rate and
receiver is receiving packet regularly its means that the mentioned time
interval and the receiver identify the misconduct by one point / node which
spread the information about malicious node.
The key point is to be protecting beside IE threats
is to develop any new technique which could able to handle these situations and
for validating the genuineness of the incumbent signal.
Research Paper 2 discusses the solution of IE
attacks. One approach is a signature which is embedding in the incumbent
signal. One more process is to work and verification procedure with incumbent
transmitter and an authenticator. Two techniques are being used the first is
DRT which is Distance Radio Test this use RSS which is received signal strength
quantities gained from the location verifier (LV). Other technique is known as
DDT which is distance difference test. This procedure is being used whenever
the signals are being transmitted by a signal point to LVs, the virtual phase
variance could be identified whenever the signal influences the two LVs because
of opposing locations from the sender.
Two prevent SSDF attack reference paper 2 proposed
two level of defense. The first phase of all native spectrums deducting result
must be validated from data collector. The main objective is to avoid the
return attacks of untruthful data inoculation by the objects outside the
networks. Second phase of protection is placement of data synthesis arrangement
that is forceful with compare to attacks of SSDF.
In instance of policy attack research paper 8
suggests that in cooperative policy can be freely exchanged and in
non-cooperative nodes policy updates and renewals can require infrequent.
Effective rules could be replaced freely and with self-assurance and kept for
long time. It is difficult that attacker stops a CR even presence of some rules
In research paper
9 elaborates that without the knowledge of policy attacker can use different
funny and obvious techniques to suppose about policy. This comes into picture
that the radio rule and regulations should be carefully check and validated to
defend against the threats.
learning, parameters and spectrum management threats paper 9 present a solution
robust sensory input and mitigation in Network. In vigorous sensory the data
entry educating sensor, input can be considerably in helping in reduction of
the acceptance of CR. In scattered situation, the network of CR can fuses sensor
data to increase throughput. Contribution of all sensors would consider noisy
with or without the occurrence of attackers, statistic can sometimes incorrect.
Author of the paper 89 defends against the common control channel use a
robust coding of different spread spectrum. The schemes of the media access
would be vigorous which could provide the fair access of data on the network.
This fairness had to be brought around by the multiple layers and the simple
access arrangements which should have focus on the control channels for which
the need is preferable.
For alleviating jamming attacks in CRN, Spread Spectrum
approach is being used. The available spectrum band is divided into a number of
non-overlapping channels. From among this channel, only a small portion of the
channel is used for transmission at a time. The attacker can even jam a
channel, but with negligible jamming effect or the channel may not be used by
the Cognitive Radio. Forward Error Correction (FEC) schemes can be used to
construct the lost data due to jamming attack in CRN. Intrusion Detection
System (IDS) also serve as valuable tool for detecting jamming attack.
For securing against PUE attack, the transmitting source
needs to be identified, i.e., whether the transmitting source is a primary user
or a malicious user. For this, cryptographic authentication mechanism can be
applied for identifying the user. As the FCC regulation does not allow altering
primary user system, researchers opted to find the exact location of a primary
user. If the transmitting source matches the location of the primary user, the
source is considered to be primary user. Otherwise, it is considered to be an
attacker. To determine the location of
the transmitting source, two approaches are considered, Distance Ratio Test
(DRT) and Distance Difference Test (DDT), which is based on signal phase
difference 6. Objective Function attack modifies the parameter of the
wireless media by jamming at a specific time and frequency in respect to the
parameters defined in the policy. An easy solution to this attack is to define
a threshold value for every updatable radio parameter 7. This will avoid any
communication when one or more parameters do not fulfil its predefined
threshold. Intrusion Detection System (IDS) can also be used to mitigate
Objective Function attack.
For securing against Spectrum Sensing Data
Falsification (SSDF) attack, a data fusion technique called Weighted Sequential
Ratio Test (WSRT) is used 5. WSRT has two steps: Reputation maintenance and
Sequential Probability Ratio Test (SPRT). In reputation maintenance step, every
node has initial reputation value equal to zero. Upon each correct local
spectrum report, the reputation value will be increased by 1.
CONCLUSION AND FUTURE WORK
Cognitive radio set a new level of superiority to
wireless communication technology. With the increases in superiority of
cognitive radio networks security is an important aspect in CR.
In this paper, a background on Cognitive radio
networks security and common attacks on protocol layers are analyzed and
addressed with their cure and counter measures. Cognitive radio networks are
built Based on existing technologies and the approaches to provide efficient
security for these networks are not sufficient.
Due to the particular characteristics of on
Cognitive radio networks, innovative attacks arise and the complexity of earlier
ones increases. Further, as Cognitive radio networks technology continues to enhance
and becomes more familiar, moreover probability of security will be required.
Similarly, new security proposals are needed to be effective against specific
attacks, particularly in the physical layer to the upper layers. In addition,
there are still requirements for comprehensive security mechanism to avoid or
counter act the attacks at all protocol layers. In order to address these
challenges, each CR users in the cognitive radio network must have the
—find out the available
—Select the superlative
—organize the free
channel access with other users.
—leave the channel when
a licensed user is detected.
We have recognized the threats to the different
layers and within each we have sub classified the main topics. In particular,
signal authentication and mechanisms to detect malicious insiders will overcome
most of the specific attacks to Cognitive radio networks, but they are not minor
and require future in-depth research.