REVI EW Open AccessA survey on security attacks and
countermeasureswith primary user detection in cognitive
radionetworksJos Marinho1,2, Jorge Granjal2,3*and Edmundo
Monteiro2,3AbstractCurrently, there are several ongoing efforts for
the definition of new regulation policies, paradigms, and
technologiesaiming a more efficient usage of the radio spectrum. In
this context, cognitive radio (CR) emerges as one of the
mostpromising players by enabling the dynamic access to vacant
frequency bands on a non-interference basis. However,the intrinsic
characteristic of CR opens new ways for attackers, namely in the
context of the effective detection ofincumbent or primary users
(PUs), the most fundamental and challenging requirement for the
successful operation ofCR networks. In this article, we provide a
global and integrated vision of the main threats affecting CR
environments inthe context of the detection of primary users, with
a particular focus on spectrum sensing data falsification and
primaryuser emulation attacks. We also address solutions and
research challenges still required to address such threats.
Ourdiscussion aims at being complete and self-contained, while also
targeting readers with no specific background on thisimportant
topic of CR environments. It is, as far as our knowledge goes, the
first work providing a global and clearvision of security threats
and countermeasures in the context of primary user detection in
CR.Keywords: Security in cognitive radio; Primary user detection;
Primary user emulation; Spectrum sensing falsification1 Review1.1
IntroductionThe radio spectrum is a finite resource currently
experien-cing a tremendous increase in demand and,
consequently,growing in scarcity. This trend will continue in the
futureas the number of deployed wireless technologies anddevices
increases, the same applying tothe bandwidthrequirements.
Additionally, the fewexistinglicense-freeradiofrequencies, suchas
the industrial, scientific, andmedical (ISM) bands, are often
overcrowded, especially indenselypopulatedareas.
Thissituationresultsinconten-tion and interference, and,
consequently, in significantperformancedegradation.
Despitesuchaspects, we canalso observe that the majority of the
licensed radiospectrum remains unused or underutilized
independentlyof time and location, resulting in numerous
vacantspectrum bands [1]. This inefficient usage of the
spectrumresults directly from the current spectrum regulation
pol-icies,
whichdividethespectrumintostaticlicensedandunlicensedfrequencies.
The definitionof more flexibleregulationpolicies andthe development
of relatedandinnovativetechnologies will changethis paradigm,
withcognitive radio(CR) emerging asoneofthekeyenablersin this
context [1,2].A CR device is intended to possess the capability to
ob-serve and learn from its environment, and to dynamicallyand
autonomously adjust transmission parameters such asthe operating
frequency and transmission power, in orderto increase its
performance on a non-interference basis. Akey component of the CR
paradigmis the usage ofsoftware-defined radios (SDR), radio
communicationsystems with components implemented in software
ratherthan in hardware. We currently verify an
increasingavailabilityofSDRplatforms, whichareemployedinthecontext
of the development of new platforms and researchproposals in the
area of CR. Through a dynamic spectrumaccess(DSA)approach[1],
CRusers, alsodesignatedassecondaryusers(SUs),
areabletoopportunisticallyandintelligentlyaccess thespectrumholes
inatransparent* Correspondence: [email protected] -
Department of Informatics Engineering, University of Coimbra, PloII
- Pinhal de Marrocos, 3030-290 Coimbra, Portugal3CISUC - Centre for
Informatics and Systems of the University of Coimbra,Plo II -
Pinhal de Marrocos, 3030-290 Coimbra, PortugalFull list of author
information is available at the end of the article 2015 Marinho et
al.; licensee Springer. This is an Open Access article distributed
under the terms of the Creative CommonsAttribution License
(http://creativecommons.org/licenses/by/4.0), which permits
unrestricted use, distribution, and reproductionin any medium,
provided the original work is properly credited.Marinho et al.
EURASIP Journal on Information Security(2015) 2015:4 DOI
10.1186/s13635-015-0021-0wayto theprimary users
(PUs)andwithoutcausingthemany harmful interference. The accurate
location of spectrumholes appears thus as the most challenging and
fundamen-tal issue in CR environments.It is well assumed in the
literature that approaches forthelocalizationof vacant
spectrumbandsbasedexclu-sively on local sensing and learning do not
offer satisfac-tory results [3,4]. The main reasons are missed
PUdetectionandfalsealarmprobabilities, whichareinher-ent to any
kind of sensing hardware and may
alsoresultfromadversepropagationeffectssuchasmultipathfad-ing and
shadowing. This implies that in practice anyspectrumdecisionmust be
made taking into accountseveral sources of information. For
instance, a fusionrulemight beappliedtothesensingreportsof
severalSUs and to geo-location data, if available. In this
context,theusageofspuriousdataisaseriousthreatwhichcanleadtowrongspectrumdecisionsand,
inconsequence,toaninefficient protectionof PUs (i.e.,
duetomisseddetections) or to an inefficient, suboptimal, or
unfairusage of the spectrum (i.e., due to false alarms).Thenormal
operationof aCRenvironment
dependsgreatlyontheeffectivenessofthemechanismsdesignedtoperformspectrumanalysisanddecisionontheSUs.Thosemechanismsaimtodecideontheavailabilityofspectrumspaceforthepurposeof
allowingtheSUstotransmit but in practice may be affected by
erroneous orfalsifieddata.
Erroneousspectrumavailabilitydatamaybeduetohardwareimperfectionsandadversepropaga-tioneffects
or, onthe other hand, tosecurity attacks,particularly data
falsificationandPUemulation, as wediscuss throughout this survey.
Attackers with
maliciousintentsmayreporttheoppositeoftheirobservationsinorder
todisrupt theoperationof theCRnetwork(i.e.,reduce the protectionof
PUs or spectrumusage effi-ciency). On the other hand, attackers
with greedy or self-ish intents may positively report the presence
of PUactivity in order to gain exclusive access to the
spectrum.Globally, malicious and greedy attackers have the
commonobjectiveof causingdenial of service(DoS) tolegitimateSUs[5].
InTable1, wesummarizethemainmotivationsfor attacks against normal
CR
operations.Theprotectionagainsttheusageofspuriousinforma-tioninthecontextof
PUdetectionisof majorimport-ance inCRenvironments andthe mainfocus
of ourdiscussioninthesurvey. Overall, anythreatagainstthenormal
functioningof mechanismsdesignedtoguaran-teedetectionof PUactivity
or spectrumavailability ispotentially disruptive of normal CR
operations. Our goalis also to discuss howsuch threats are
addressed bycurrent technological solutions and to identify
openissues inthis context. Despite the existence of
severalpublishedworksonsecurityissues relatedtoCRenvi-ronments
[6-11], none of themspecifically provides aglobal and clearvision
of security threats against normalPUdetection in CRenvironments,
together with theavailable countermeasures and open research
challenges,as we address inthis survey. Our discussionseeks
toprovide a detailed discussion on the impact of suchthreats to the
normal operation of CR environments andon how research is dealing
with them, both in respect tocurrent proposals
andchallengestobefacedbyfutureresearch
efforts.Thesurveyproceedsasfollows. Section1.2identifiesthe
CRscenarios that contextualize our
discussiononsecuritythroughoutthepaper.
Section1.3discussesthemainsecurityrequirementsandthreatsapplyingtoCRenvironments,
andinSection1.4, wediscuss therisksthatcanaffecttheeffectivenessof
PUdetectionaswellas existing researchproposals inthis context.
Finally,Section 2 concludes the paper and identifies the
existingresearch challenges in this area.1.2 Cognitive radio
networksA network employing CR technology may adopt a central-ized
or distributedarchitecture, asillustrated inFigure
1.Withacentralizedapproachorinfrastructure-basedCRnetwork,
spectrumdecisionsareperformedandcoordi-nated by a central entity
(e.g., a base station) based on thefusionof sensingresults
collectedfromseveral SUs ordedicated sensors. This approach
therefore enables a cen-tralizedcooperative sensing scheme. The
central
entitycanadditionallyrelyongeo-locationdatabasesprovidingthe
coordinates of known primary transmitters (e.g.,Table 1
Characterization of attacks against the normal functioning of CR
networksMotivations Attack goals Attack approaches Attack
effectsGreedy/selfish Maximize the communicationperformance of the
attacker.Make the SUs believe thatvacant portions of the
spectrumare busy (i.e., induce false alarms)and access them
exclusively.A global decrease on spectrumsharing efficiency and
usage fairness.Malicious Disrupt the performance andoperations of
the SUs and/or PUs.Make the other SUs believethat vacant portions
of thespectrum are busy.A decrease in spectrum usageefficiency and,
therefore, in theperformance of the affected SUs.Make the SUs
believe that busyportions of the spectrum areidle (missed
detections).A decrease in the protection ofthe affected PUs against
interferencescaused by (erroneous) SU transmissions.Marinho et al.
EURASIP Journal on Information Security(2015) 2015:4Page 2 of
14television transmitter towers) and their respective regionsof
potential interference. This is the approach adoptedintherecent
IEEE802.22standard[12], whichtargetsCRoperations over television
frequency bands (54
to862MHz)inordertoenablethedeploymentofwirelessregional networks.
IEEE 802.22 uses both spectrum sens-ing and geo-location databases
for the detection ofspectrumholes,
withregulatorybodiesbeingresponsiblefor the maintenance of the
informationdescribing thelocationsoftheprimarysystems.
Whenthisinformationis notavailable, allthetelevisionchannels
areconsideredpotential opportunities and only sensing is used.In
distributed or ad hoc CR networks [13], each SU sup-ports its own
spectrum decisions based on local observa-tionandlearning.
Withacooperativescheme,
eachSUalsoconsidersthesignalinginformationprovidedbyitsneighbors
(e.g., sensing reports), therefore acting as a datafusion center.
Cooperative schemes have more
communi-cationoverheadthannon-cooperativesolutionsbutmayresult
inhigher spectrumusage efficiency andsensingaccuracy[4].
Wealsonotethat, althoughthedistributedCRnetwork illustrated in
Figure 1 follows a one-hopapproach, given that every SU is in the
transmission rangeof each other, multi-hop approaches are also
possible.AsCelebi andArslan[14] state, centralizedanddis-tributed
approaches are the two extreme
cognitionlimitsbetweenwhichvariousapproachescanbedevel-oped. For
instance, a CR mesh network may beconsid-ered,
wherespectrumdecisionisperformedbyseveralmesh gateways or by the
SUs themselves (as with apuredistributedapproach),
withoptionalusageofgeo-locationdatabasesaccessiblethroughthegateways.
Inorder to support our following discussion on security inthe
context of CRenvironments, inFigure1we alsoillustrate the presence
of SUs which are supposed to bemalicious, faulty, or both. For the
sake of realism,
inpracticewemustalsoconsiderthatanysensingdeviceischaracterizedbynon-null
misseddetectionandfalsealarmprobabilities, whichmay occasionally
influenceerroneous decisions.1.3 Cognitive radio security threats
and
requirementsSecuritythreatsagainstCRnetworksmaybemotivatednotonlybythewirelessnatureof
suchcommunicationenvironments (andthatareinfactinherent ofany
wire-less communications technology) but alsoby the em-ployment of
specific cognitive operations. InFigure 2,Source of symbols:
http://www.clker.com/ Geo-locationDatabase serverPrimary UserBase
StationCognitive RadioBase StationCentralized CognitiveRadio
NetworkMalicious/faulty secondary userPrimary
userInfrastructure-based Primary User NetworkDistributed Cognitive
Radio NetworkSecondary userFigure 1 Usage scenarios in cognitive
radio environments.Marinho et al. EURASIP Journal on Information
Security(2015) 2015:4Page 3 of 14weillustrateataxonomyof
thesecuritythreatsagainstCRenvironments, considering such two
different andcomplementary perspectives.Givenits wireless nature,
CRenvironments may beopen to attacks against wireless
communications,particularlyatthephysical
andmediumaccesscontrol(MAC) layers. For example, radio frequency
(RF)jammingmaytarget thephysical layeranddisrupt
thenetworkoperations.
AttacksattheMAClayermayin-cludeaddressspoofing, transmissionof
spuriousMACframes, andgreedybehavior by cheatingonthe backoff rules
established by the MACprotocol. On theotherhand,
securityconcernsduetothecognitivena-ture of CR networks motivate
the development ofmechanisms to protect both primary and
secondaryusers[15]andarethemainfocusof ourdiscussioninthis
survey.InCRenvironments, aSUcanbefooledbymaliciouselementsof
itsenvironment, asit
reliesonobservationandpossiblyoncooperationforspectrumdecisionandlearning.
Among various types of threats, twoassumeparticular importance on
CR environments and motivateour analysis throughout thesurvey:
PUemulationanddata falsification attacks. Data falsification
attacks in thecontext of CRnetworks may involve for example
thereportingof falsespectrumsensingdata, aswediscussindetail later.
Securitythreatsthatareoutofthescopeofourdiscussionmayincludeattacksaimingtheinstal-lationof
maliciouscodeinthecognitiveradiodevices,withthegoal of
subvertingexistingCRprotocols.
Suchprotocolsareexpectedtoassurethatonlyvacantchan-nelsareaccessedbytheSUsandthatthechannelsareevacuated
by the SUs upon the return of PU activity.Lookingmorecloselyat
theproblemsof PUemula-tion and spectrum sensing data falsification,
a PU emu-lationattackallowsanattacker tomimicaPU
inordertoforceotherCRuserstovacateaspecificfrequencybandandconsequentlycausethe
disruptionofthe
net-worksoperationsandunfairnessonspectrumsharing.We may also note
that this attack is specific to CR net-works. On the other hand,
the falsification of reports incooperative schemes consists
inprovidingfalse
infor-mationtotheneighborsortoadatafusioncenterandaffects the
effectiveness of spectrum decision. InTable 2, we identify the
applicability, the effects, andpossible approaches or
countermeasures against
pri-maryuseremulationandspectrumsensingdatafalsifi-cationattacks.
Our discussionthroughout the surveyexplores in detail the aspects
described in this table.Many existing CR proposals employ
statistics col-lectedabouttheobservedPUactivity, inorder
tolearnandmakepredictionsbasedonbeliefsthatresultfromcurrentandpastobservations.
Inthiscontext, manipu-lated and faulty data may lead to what Clancy
andGoergen[16] designateas belief-manipulationattacks.Infact,
learningcapabilities(e.g., basedonneural
andevolutionaryalgorithms)notonlyresultingreatbene-fits to CR
scenarios but also offer new opportunities forattackers.
Anymanipulationmaypotentiallyaffect fu-ture spectrumselections, as
the SUs employ all theirexperiences in order to derivelong-term
behavior. Thisalsoimplies that learnedbeliefs shouldnever
beper-manent. In non-cooperative networks, an attack
againstaSUdoesnotaffecttheothers, sinceeverySUisableto make its own
spectrum sensing and spectrumdecisions. On the contrary, when a
cooperative orcentralizedschemeis employed, anattacktoa
singledevice may affect the outcome of the entire CRnet-work.
Overall, intentional andunintentional anomaliesmay result in a
decrease in terms of the performance
ofPUprotectionandspectrumusage, andinspectrumaccess unfairness
among the various SUs. Security isthus of prime importance for the
normal functioning ofCR network operations, as we proceed to
discuss.Threats against CR environmentsWireless nature of
CRCognitive nature of CRRF jammingMAC address spoofingSpurious
framesGreedy behaviorPrimary user emulation Falsification of
reports on distributed and centralized CRSubversion of existing
protocolsFigure 2 Taxonomy of (security) threats against the
cognitive nature of CR environments.Marinho et al. EURASIP Journal
on Information Security(2015) 2015:4Page 4 of 141.4 Approaches to
attack-tolerant primary user detectionon CR environmentsVarious
security threats are transversal to wireless environ-ments
andmayconsequentlyalsoaffect
CRapplicationsandcommunicationmechanisms. Forexample,
abeaconfalsification attack in IEEE 802.22 environments may
allowthe transmission of false spectrum or geo-location
informa-tionto users, allowingthesubversionofnormalspectrumspace
access and usage rules. As in most wireless environ-ments,
well-known security solutions may be of help in
cir-cumventingmanyofsuchattacksinCRnetworks. Inthiscontext, the
security layer 1 as defined in IEEE 802.22 de-fines
encryptionandauthenticationmechanisms offeringprotection for
geo-location information as reported by theSUs using the
co-existence beacon protocol (CBP).Other than the employment of
classic cryptographic ap-proaches to support security mechanisms
designed for CRenvironments, we may note that the most important
chal-lenges to research and standardization work regarding
se-curityresideinthedesignof securitysolutionstocopewith
thethreatsthat areinherenttothecognitive natureofsuchenvironments,
aspreviouslydiscussed[17]. Suchthreats
maypotentiallychallengethemaingoal of CR,which is the usage of the
available radio spectrum space inafairandoptimal way,
whilepreservingprimaryorin-cumbent transmitters frominterferences.
We proceedwith a discussion on how such threats may be
approached,withaparticularfocusonafundamental mechanismofCR:
theeffectivedetectionof primaryuser activityandspectrum
opportunities.1.4.1 Attacks against cooperative
sensingSpectrumsensingis afundamental mechanismof CRnetworks and,
inthis context, one major
problemtoavoidisthedesignatedhiddenPUproblem. Thisprob-lem occurs
when a SU cannot sense the activity of a PUit interferes with,
i.e., whenit is out of the coveragearea of the PUor whensensing is
affectedby well-knownadverseeffects inwireless communications,
inparticular multipath fading and shadowing. For in-stance,
inFigure1thePUbasestationisahiddenPU,intheperspectiveofthethreenodesofthedistributedCR
network that are out of its coverage area, while
hav-ingtransmissionrangesthatoverlapit. Inpractice, wemust
considerthat sensingcanalsobeerroneousduetoinherent
hardwareimperfections,
andconsequentlytheusageofspectrumoccupancyinformationobtainedexclusivelyfromlocal
sensingmight not achievesatis-factory results. Inthis context,
cooperative or collab-orative sensing is considered an effective
means toincreasetheefficiencyof PUdetectioninCRenviron-ments.
However, it also creates new security vulnerabil-ities, as we
proceed to discuss in greater detail.1.4.1.1 Data fusion: a key
enabler for cooperativesensing In collaborative sensing schemes,
the finalTable 2 Attacks against CR environments and applicable
countermeasuresAttack Applicability Effects CountermeasuresPU
emulation CR networks based on non-cooperativeschemes. Note: in
such environments anattack against a specific SU may onlyaffect
that SU.False alarms due to fake signals. Sensing techniques that
consider a prioriknown characteristics of the legitimatePU
signals.The affected SUs are denied access to theaffected spectrum
holes due to greedy ormalicious motivations, and, therefore,
theirperformances are likely to decrease.Solutions based on
capabilities such aslocation determination techniques andaccess to
geo-location information abouta priori known PUs.Spectrumsensing
datamanipulation/falsificationCR networks based on
cooperativeschemes. Note: in such environments,attacks against a
single SU may affectseveral SUs or the entire network.Cooperative
spectrum sensing accuracydecreases due to the propagation of
falsealarms and/or missed detections that areforged.Solutions for
providing characteristicssuch as mutual authentication,
dataintegrity, and data encryption.If learning is considered, the
behavior of theSUs is likely to suffer a negative impact onthe
long-term basis due to the usage ofmanipulated data in the learning
process.Outlier detection techniques.Malicious attacks may impact
on PUs byinducing missed detections.Approaches based on the
exploration ofspectrum spatial correlation and
locationtechniques.Malicious and greedy attacks may impactthe
performance of the SUs by inducingfalse alarms.Schemes that enable
determining thetrustiness of the SUs and, therefore,dropping
reports from untrustworthysources.Deployment of dedicated trusty
sensors.Usage of mechanisms to selectivelyforget past information
in order to makebeliefs and learning outputs temporary.Marinho et
al. EURASIP Journal on Information Security(2015) 2015:4Page 5 of
14decisionregardingspectrumaccessisbasedonthefu-sion of sensing
data from multiple SUs. In particular,
thefusionprocessmaybecentrallyachievedbyacommondata fusion center,
or in alternativebe implemented in adistributed manner, as
illustrated in Figure 3. In thedistributed approach, each SU acts
as both a sensing andafusioncenter,
bycollectingreportsfromitsneighborsandperformingdata
fusionanddecisions
individually.Distributedapproachesareusuallypreferable,
asacen-tralized fusion center in practice represents a singlepoint
of failureagainst theoperabilityof theentireCRnetwork.
Ontheotherhand, therequiredtransmissionof
collaborativeinformationmayresult inoverhead. Intheir work about
compressive spectrumsensing, Chenetal.
[18]approachthisproblembyconsideringthattheSUsonlytransmitpartof
theavailablesensinginforma-tion as a strategy to reduce overhead.
Lo and Akyildiz
[19]alsoidentifyandaddressotherpossibleoverheadcausesand effects
that limit gains in collaborative sensing.With the goal of
reporting their sensing results, each SUin the context of a
cooperative approach can either
followahard-decisionorasoft-decisionapproach. Withhard-decision,
eachSUreportsitsdecisioninabinaryform(i.e., channel is busyor
idle), whilewithsoft-decisionSource of symbols:
http://www.clker.com/ Secondary userLocal sensing reportSpectrum
access decisionFinal sensing decision (after fusion)Secondary user
+Data fusion centerCognitive RadioBase Stationc)Centralized
cooperative sensingover a centralized CR networkb) Centralized
cooperative sensingover a distributed CR networka) Distributed
cooperative sensingover a distributed CR networkFigure 3
Cooperative sensing approaches in one-hop distributed and
centralized CR scenarios.Marinho et al. EURASIP Journal on
Information Security(2015) 2015:4Page 6 of
14theyreportthesensedenergylevels. Intermsofsensingperformance,
Wangetal. [20]discussthathard-decisionperforms almost the same as
soft-decision when coopera-tive users face independent fading
(e.g., when the SUs arenot nearbyeachother). Additionally,
wemaynotethathard-decisionreducestheoverheadinreportingsensingresults
[21]. Concerning soft-decision, Clouquer et al.
[22]concludethatitissuperiortohard-decisionwhenfault-tolerance is
not required or when sensorsare highly reli-able and
fault-free.Various approaches havebeenproposedregardingthefusion of
sensing outputs in CR environments. Three
com-monfusionapproachesareimplementedintheformofthe OR-rule, the
AND-rule, andthevoting-rule. The OR-ruleconsidersthatPU
activityispresentif detectedbyatleast one sensor, while the
AND-rule requires that all par-ticipatingsensors detect
activityfromthePU. Withthevoting-rule, a PU is declared to be
present if more than agivenfractionofthesensorsare
abletodetectitsactivity[15]. In general terms, the OR-rule is the
most commonlyusedapproach, especiallywhenahard-decisionapproachis
followed. In particular, Clouquer et al. [22] consider thatthis
rule achieves the best performance in the presence of
aharddecision. However, whentheOR-ruleisapplied, thepotential
impact of the false spectrum access denial prob-lem (i.e., when
access is denied despite the SU being out ofthe region of potential
interference) increases as the num-ber of CRs increases
[23].Nasipuri and Li [24] propose a hard-decision process inwhich
the decisions are performed by comparing the num-ber of positive
local decisions against a threshold (e.g., it re-sults in the
OR-rule if the threshold is equal to one).
Otherapproachesarealsopossible, forexample, theaveragefu-sion rule
computes the average of the sensing outputs andcompares it against
agiventhreshold[22]. Malady andSilva [23] propose a centralized
soft-decision
approachemployingarulethatcomputesaweightedsumofthesignal strengths
reported by the sensing SUs, again withthe channel being considered
busy if the computedvalueis greater thanaparticular threshold.
Fatemieh,Chandra, andGunter [25] discuss that theusageof
astatisticalmedianprovidesresultsthataremorerobustto excessively
high or low reports by malicious
ordeeplyfadednodesthanwhenusingameanvalue. Intheir proposal,
theyjointlyemploybothestimators
inordertoachieveamixofaccuracy(mean)androbust-ness (median) in the
decision process.1.4.1.2Securityissues inthecontext of
cooperativesensingAs the final decision in collaborative sensing
re-sultsfromthecombinationof
multiplesensingresults,newopportunitiesemergeforattackersthatareabletosendmanipulatedsensingdata.
Thisisamajorconcernand one of the most fundamental security
challengesthat must beaddressedbefore consideringany
collab-orativesensingproposaltobe feasibleinpracticaltermsand,
inconsequence, tofullyachievethebenefitsofCR[26]. Furthermore, as a
SU might use experience
learnedfrompasttoreasonnewbehaviorsandtoanticipatefu-ture actions,
non-detected attackersor faulty nodes
maycauseanimpactonbehavioronalong-termbasis[27].Despite this, the
security aspects of spectrumsensinghave ingeneral receivedvery
little attentionfromre-search[28,29]. Aspreviouslydiscussed,
inthiscontext,one must alsoconsider the likelihoodof
well-behavedSUsoccasionallysendingwrongsensingreportsduetotheuncertaintyof
thesensingenvironment andalsotohardware imperfections. We note that
cooperation inCR environments is not limited to the sharing of
sensingreports. For example, it may involve the exchange of
stat-istical data for cooperative learning. Therefore, the
re-mainder of our discussion and the content of Figure 3 canbe
generalized to the exchange and fusion of generic data.Ingeneral
terms, reliableinputs(orinputsfromreli-able SUs) must be
appropriately filteredandacceptedprior totheexecutionof
thefusionanddecisionpro-cesses.
Oneofthepossiblestrategiesmayconsistintheutilizationof a
combinationof mutual authentication,data integrity protection, and
data encryption in order torestrict data inputs only to those from
trustworthy usersand consequently prevent illegitimate manipulation
ofdata [16]. The work of Rif-Pous and Garrigues [30]
andalsotheIEEE802.22standardapplyinthiscontext. Forexample, IEEE
802.22 defines the secure control andmanagement protocol (SCMP), a
security mechanismderived from IEEE 802.16, providing
authentication,authorization, message integrity, confidentiality,
andprivacy. SCMPguaranteesthat onlyauthorizeddevicescan access the
network and that a device
generatingspuriousdatacanbeunauthorizedbythebasestation.Additionally,
if ageo-locationdatabaseandlocalizationtechniques areused, it
isalsopossibletocomparetheestimatedpositionof
anauthenticatedtransmitter andits a priori known location. Rif-Pous
and
Garrigues[30]proposeacentralizedsolutionthatenablesafusioncentertovalidatetheidentityof
theSUsandauthenti-cate their sensing reports and is appropriate for
large CRnetworks. This solution uses cryptographic signaturesbased
on simple hash functions and symmetrickeys andrequires the fusion
center and the SUs to hold validcertificates.For thedetectionof
spurious sensingdata,
themostcommonlyusedapproachisoutlierdetection[26], alsodesignated
as anomalyor deviation detection. In a givenset ofvalues, an
outlier corresponds to data that appearsto be inconsistent with the
remaining values. One of
themaindifficultiesinoutlierdetectionconsistsinprevent-ingnormal
datafrombeingerroneouslyclassifiedasanMarinho et al. EURASIP
Journal on Information Security(2015) 2015:4Page 7 of 14outlier.
There are simple and straightforward outlierdetectiontechniquesthat
maybeemployedduringthefusionprocess, for example,
ignoringextremelyloworhigh sensing reports, or the m largest and m
smallest re-ported values. However, withsuch solutions,
meaningfulvalues may be dropped and, consequently, accuracyreduced.
Choosing the threshold value (i.e., the value
formorthepredefinedhighandlowlevels)isnotatrivialtask. Ideally, it
shouldbedynamicallylearnedandad-justed without any a priori
knowledge [31]. The work ofChen, Song, andXin[32] is anexampleof
asolutionthatusesmorecomplexstatisticsfordetectingspurioussensing
data in cooperative sensing. However, in
thisworktheauthorsassumethat thelocationsof PUsareknownto all SUs
andthat eachSUis also location-aware,
aspectswhichmightlimitthepracticalityof thisproposal.Several
authors consider intheir proposals that
thenumberofmaliciousandfaultynodescannot begreaterthan the number
of properly behaving and honest work-ingnodes. Forinstance, Min,
Shin, andHu[33]assumeintheir workthat at least twothirds of
thenodes arewell behaving. Onthe contrary, WangandChen[34]propose a
data fusionscheme for
centralizedCRnet-worksthattoleratesahighpercentage
ofmaliciousSUs.Thisstrengthresultsfromallowingthedatafusioncen-ter
to also sense the spectrum and use its own outcomestoassess
thehonestyof theSUs. Inorder toconsiderstatistical, sporadic,
andtransientphenomena(e.g., falsealarmprobabilities),
recenthistoricalvaluesmayalsobeconsidered. Forexample,
theproposalintheworkofLiandHan[35] aimsat
findingtheoutlierusersthat
arefarfrommostSUsinthehistoryspaceintermsof thereported values.It
must be notedthat spectrumstatus is usually as-sumed to be
correlated for SUs in close proximity and, inthis context, spatial
correlation can also be explored. A SUis thus very likely to have
an erroneous sensing decision
ifmostnearbySUshavetheoppositedecision(i.e., itisanoutlier), as
discussedbyZhang, Meratnia, andHavinga[31]. Therefore, the
distinction between genuine andspurious data is based on the
assumption that faulty or
fal-sifiedreportsarelikelytobeunrelatedwithneighboringdata(i.e.,
spatiallyunrelated), whileaccuratesensingre-ports from neighboring
sensors are likely to be (spatially)correlated [31]. This results
in the commonly used nearestneighbor-basedapproaches or
distance-basedclusteringapproaches(i.e., sensors
incloseproximityaregroupedinto clusters). For instance, Min, Shin,
and Hu [33]propose a collaborative sensing protocol in which
sensorsin close proximity are grouped in a cluster, with thepurpose
of safeguarding collaborative sensing. The sensorsreport their
energy-detectors output along with their
loca-tioninformationtothefusioncenterattheendofeachsensing period.
This work thus considers the spatialcorrelation in received signal
strengths among nearby sen-sors. Chen, Song, Xin, and Alam [36]
follow a similar ap-proach, as they also explore spatial
correlation of receivedsignal strengthsamongnearbySUs,
withthepurposeofdetecting malicious SUs in cooperative spectrum
sensing.This proposal also includes a neighborhood majority-voting
rule.Theworkof Nasipuri andLi
[24]isanotherexamplethatcanbementionedinthiscontext,
anditsproposedfusion rule includes a clustering metric. In this
proposal,location information from collaborative sensors isemployed
in order to determine the proximity of sensorsthat have similar
observations. The proposal of Chenetal.
[29]alsoconsidersgeographical information, asitis based on a
spatial correlation technique.
DefiningwhichSUsareincloseproximityremainsachallengingissue in the
context of the successful exploration
ofspatialcorrelationandrequiresappropriategeo-locationtechniques
[37].The detection of outliers can also be a means
todynamicallydeterminethereputationlevelsof theSUs,i.e., for
drawing conclusions about the quality of theinformationthey report.
As indicatedinTable 2, thisapproach enables the use of trust-based
security schemesthat may, for instance,
attributemorerelevancetothereports of more trustworthy SUs (e.g.,
through
aweightedmean-basedfusionschemeinwhichdifferentweightsareadaptivelyassignedtotheSUsaccordingtotheir
reputation levels) [6,29,33,38] or ignore the sensingreports from
SUs with reputation values under a definedthreshold [21,34,39,40].
Globally, when a SUreportssensingdatanot taggedas anoutlier, its
reputationisincreased. In the opposite scenario, when a
SUfre-quently sends reports inconsistent with the final
decision[38], its reputation value is decreased. Through
thisreinforcement-based approach, past reports are
thereforeconsideredfor thecomputationof decisions. Examplesof
schemesfollowingthisapproachmay be found in
thecollaborativesensingsolutionsproposedbyWangetal.[20],
WangandChen[34], andbyZeng, Paweczak, andCabric [21]. In the
former, the nodes are classified eitheras honest or as malicious,
withall nodes initially as-sumed to be honest. The later proposal
describes a simi-lar dynamic reputation-based approach, in which
theSUscanbeinthreepossiblestates: discarded, pending,andreliable.
Initially, only a predefinedset of
trustednodesisconsideredreliable. ConcerningtheproposalofWang and
Chen[34], whichalso consists ina trust-based data fusion scheme, it
targets centralized CRnetworks andaims at tolerating a
highpercentage ofmalicious SUs. We note that some authors consider
thatthe soft-decision approach presents more potential tosupport
the implementation of reputation-based securityMarinho et al.
EURASIP Journal on Information Security(2015) 2015:4Page 8 of
14solutions[21]. Wecannot alsoignorethepossibilityofanattacker
beingintelligent enoughinorder toknowthe internal workings of the
fusion rule. In this scenario,the attacker could adapt and start
behaving honestlyanytime its reputation level drops below a
definedthreshold [6,32]. Tingting and Feng [41] describe anattacker
of this type as a hidden malicious
user.Analternativeapproachistoassumethatnodesfromagivensetarereliable(e.g.,
accesspoints, basestations,or specific SUs) [5,21]. Such an
assumption may
provideanincreaseintheperformanceofcollaborativesensing,for
example, byinitiallyconsideringonlyreports fromreliable nodes.
Yanget al. [37]propose asensingservicemodel that employs dedicated
wireless spectrum sensingnetworks providing spectrum sensing as a
service, whichincludealargenumberof low-cost, well-designed,
andcarefully controlled sensors. Zhang, Meratnia, andHavinga [31]
state that the existing outlier detectiontechniques do not consider
node mobility or dynamicallychangingtopologies and, as such,
shouldbe basedondecentralizedapproaches(i.e.,
performedlocallysuchasindistributedcooperativesensing)inordertokeepthecommunicationoverhead,
memory, andcomputationalcosts low, while enhancing scalability. The
same authorsalsostatethat theoutlierdetectionoperationsmust
beperformedonlineandwithoutanyaprioriinformation,giventhatitmaybedifficulttopre-classifynormal
andabnormal sensingdataindistributedCRenvironmentsin terms of PU
activity.1.4.2 Primary user emulation in CR environmentsPrimary
user emulation attacks in CR environments aimat forcingSUs
toavoidusingspecificfrequencybandsand, therefore,
maycausethesameadverseeffectasal-ways reporting a channel tobe busy
withcooperativesensingschemes, asdescribedinTable2.
Thisthreatismaterialized through the transmission of fake PU
signalsand does not necessarily require the attackers to
partici-pateinanyunderlyingcooperativescheme. Thus,
aPUemulationattackerdoesnotaimatcausinginterferencetoPUsand,
accordingtoAraujoetal. [42], PUemula-tion is the most studied
attack against CR.Various approaches may be followed to achieve
PUdetection, namely energy detection, feature
detection,andmatchedfiltering[4]. Thedetectionof
PUactivitythroughenergydetectionis
themostlyusedapproach,namelyduetoitssimplicityof
implementationandbe-causeitdoesnotrequireany apriori
informationabouteach PU transmission characteristics [4,20,43].
Thisdetectionscheme checks the receivedpower against
agiventhresholdanddoesnot investigateanyparticularcharacteristicof
thesignals. However, energydetectionalsofacilitates
attacksfromnon-sophisticatedadversar-ies, giventhe simplicity of
generating a signal
withaparticularenergylevelinthesamefrequencyasthePU.Infact, it is
themost susceptibledetectionschemetoPU emulation attacks [43]. The
employment of more ad-vanced spectrum sensing methodsalso does not
provideeffective protection againstsecurity attacks, as they
sim-ply require more sophisticated
attackers.Wemustalsoconsiderthepossibilityofattackersbe-ingabletopredict
whichchannelswill
beusedbytheSUsandemulatePUactivityonthosespecificchannels,increasing
significantly the effectiveness of the attacks[44]. Infact,
aPUemulationattackcanresultinaDoSattacktoalegitimateSUwhentheattackerhasenoughintelligence
to transmit a fake signal on the selectedchannel any time that
SUperforms sensing [45].
WenotethatitisnotreasonableorefficientforanattackertoemulatePUactivitycontinuouslyduetoenergycon-cerns
[46]. Therefore, anattacker shouldhavesensingand learning
capabilities similarly to the SUs. Naqvi,Murtaza, andAslam[45]
defineasmart PUemulationattacker as one that emulates PUactivity
exclusivelyduringsensingtimes intheCRnetwork. Agreedyat-tacker uses
thechannel after it wassensedasbusybythelegitimateSUs it
successfullyfooled, whileamali-cious attacker remains silent.
Haghighat andSadough[46] define a smart attacker as an attacker
that
onlytransmitsfakesignalsduringtheabsenceofPUactivity.Intheirwork,
theyalsoshowthatasmartattackerpro-ducesthesamelevelofdisruptionaswhentransmittingcontinuously,
although at the expense of less energyspent. In their work, Yu et
al. [47] state that a
successfulPUemulationattackrequirestheattackerstobeabletotrack and
learn the characteristics of primary signals andavoid interfering
with the primary network. In thiscontext, features andapproaches
other thanspectrumsensing are required to identify PU emulation
attacks, aswe proceed to discuss.1.4.2.1 Location- and
distance-based approachesMost existing proposals address the
detection of PU emu-lationattacksbyestimationof thelocationof
thetrans-mitters and comparing it with the a priori knownlocations
of the legitimate PUs, as in IEEE 802.22 throughtheaccess
togeo-locationdatabases [5,6,43,44,48,49]. Ifthe
estimatedlocationof anemitter deviates fromtheknown locations of
the PUs, then the likelihood of this be-ing a PUemulationattacker
increases. Therefore, it isusual to assume that each SU is equipped
with a position-ing device enabling self-positioning capabilities
[41,43,49],in particular using Global Position System (GPS) for
abso-lutelocationinformation(i.e., definingthepositioninasystemof
coordinates) [14,50]. However, GPS presentsvarious limitations, as
it may not be available for all nodesin the network, is not
appropriate for indoor usage, is inef-ficient in terms of power
consumption, and may representMarinho et al. EURASIP Journal on
Information Security(2015) 2015:4Page 9 of 14an additional cost not
always supportable [51,52]. Despitesuch difficulties, Celbi
andArslan [14]statethat locationawareness is anessential
characteristicof SUs andthattheyshouldbeabletorealizeseamless
positioningandinteroperability between different positioning
systems.Havingthelocationsof thelegitimatePUsknowntoall the SUs is
a linear task in the absence of PU
mobility,suchaswithtelevisiontowersorcellularbasestations,and
considering that geo-locationdatabases are avail-able. However,
such requirements may be either challen-ging or impossible in many
CR scenarios. Idoudi, Daimi,andSaed[53] state that
existingsolutions against PUemulation attacks do not handle PU and
SU mobility ap-propriately. Forexample, Yuanetal.
[44]onlyconsiderthe possibility of television transmitters in their
proposal,i.e., PUs withfixedandknownPUlocations. The co-operative
solution that is proposed by Len, Hernndez-Serrano, and Soriano
[54], which specifically targetscentralizedIEEE802.22networks,
isbasedonthesameassumptionandthuscannotcopewiththeemulation
ofPUsthat haveunknownlocations(e.g., wirelessmicro-phones), despite
its ability to precisely determine thelocationsof receivedsignals.
Blesaet al. [55] statethatcountermeasures basedongeo-locationarenot
appro-priate for scenarios with mobile PUs and SUs, and,according
to Araujo et al. [42], mobile attackers can takeadvantage of their
mobility in order to remain un-detected. We note that Peng, Zeng,
and Zeng [56]proposewhat theyarguetobethefirst PUemulationdetection
solution considering mobile attackers. Xin andSong [5] present a PU
emulation attack detectionscheme, designatedas Signal Activity
PatternAcquisi-tion and ReconstructionSystem(SPARS), whichdoesnot
use any a priori knowledge of PUs. They argue that,in contrast with
existing solutions on PUemulationdetection, SPARS can be applied to
all types of PUs.The accurate determination of the location of
thetransmitterofagivensignalinrelativeterms(i.e., whencompared to
thepositionof thereceivingSU) is ingen-eral a challenging task.
Several practical mechanismshave been proposed for wireless nodes
to perform directdistance measurements [57], and the most
commoncurrent approachistoderivethedistancebetweenthetransmitter
and the receiver based on the signalstrengths (RSS) of the received
signals [37]. This compu-tationrequiresknowledgeabout
theemitterstransmis-sion power, the usage of an accurate
propagation model,and a statistical model of phenomena such as
backgroundnoise [22]. We may however consider such methods to
belimitedintermsofaccuracy, asthemeasuredvaluescanfluctuate even in
small areas due to numerous adverse fac-tors, suchas fading or the
presence of obstacles [50].Other approaches are possible for
automated distancedetermination, suchas havingthenodes
equippedwitharrays of directional antennas that enable determining
theanglesofarrival(AoA)ofthereceivedsignalsusingtrig-onometric
techniques [57]. When compared to the usageofRSS,
thisapproachhastheadvantageofnotrequiringany a priori knowledge
about the transmission power usedbythetransmitter,
beingmoreprecise, andenablingthedeterminationof
relativepositionsinsteadof merelythedistances to PUs. In
particular, if a node is equipped witha minimum of two antennas,
the location of the emitter ofasignal can becomputed by thecross
pointoftwo lineswith the corresponding incoming angles.
Nevertheless, wemay observe that RSS is still the prime candidate
for rangemeasurements, mainly due to its simplicity and low
cost.Theestimationof thedistancestothetransmittersofthe received
signals using RSS values is employed bymost of
theexistingproposalsaddressingthedetectionofPUemulationattacks[56].
However, asthetransmis-sionpower of attackers is not knownbytheSUs
andcanvaryover timeif theyhavepower control capabil-ities,
estimating the distance to the sources of the signalsrequires
additional features. Apossible approachcon-sists in deploying an
additional network of sensors to co-operativelydeterminethe
locations of the transmittersand, therefore, of thepotential
PUemulationattackers,such as in the proposal of Chen, Park, and
Reed [48]. Inthis context, Jin, Anand, and Subbalakshmi [43] also
dis-cuss that most existing proposals assume this type of ap-proach
for the localization of malicious nodes.Theproposal of Yuanet al.
[44], designatedasbeliefpropagation,
isalsobasedonRSSandonthecompari-son of the location of suspect
attackers with thea prioriknownlocations of thelegitimatePUs.
However, Yuanet al. [44] propose an alternative solution that
intends todetect PUemulationattacksregardlessof
thelocationsandtransmissionpowersoftheattackers. Thisproposalavoids
the utilizationof anadditional sensor networkandof
expensivehardware, doesnotrequireestimatingthe exact locationof
PUemulationsuspects, and as-sumesasimpleenergydetectionapproach.
AstheSUshave no idea about the transmission power of the poten-tial
attacker and the distance to it, a cooperative schemeenables each
SUto compare the distribution of theobserved RSS values in order to
estimate the locations ofthesuspecttransmittersandbuildabelief
aboutapar-ticular sender being an attacker or not. These beliefs
areiteratively exchanged and updated among the variousSUs. After
convergence, if the mean of the final beliefs isbelowa
definedthreshold, the source of the signal isconsidered to be an
attacker. In this case, all the SUs
areinformedaboutthecharacteristicsof thePUemulationattacker
andignoreits activity. Despitetheinterest ofbelief propagation
approaches, we also observe that theyusuallylackvalidationinreal
implementationscenarios,andthat maybecostlyfromthepoint of viewof
theMarinho et al. EURASIP Journal on Information Security(2015)
2015:4Page 10 of 14number of observations that asecondaryuser
mayberequired to perform.Theproposal ofJin, Anand, andSubbalakshmi
[43]isanother example that assumes neither advanced featuresfrom
the SUs nor the usage of sensor nodes dedicated toassist in
determining the source locations of the receivedsignals.
Asinvariousexistingproposals, thisworkcon-siders that energy
detection is used and that the
locationsofthePUsareknowntoalltheSUs. OnthecontraryofYuanetal.
[44], inthisproposal thereisnocooperationbetweentheSUsand,
therefore, nopropagationof
localbeliefsconcerningPUemulationattacks. Jin, Anand,
andSubbalakshmi [43] propose the
utilizationandcombin-ationoftwohypothesistests in orderfor each SU
to de-tect PU emulation attacks. A Neyman-Pearson
compositehypothesis test [43] enables asecondaryuser
todistin-guishbetweenalegitimate PUandanattacker, consider-ing some
constraints on the miss probability of a positivedetection. An
alternative approach is also discussed, basedon the usage of a
Walds sequential probability test enab-ling a secondary user to set
thresholds for both false alarmandmissprobabilities,
possiblyatthecostofmoreradioobservations required to arrive at a
decision.1.4.2.2 Cryptographic approachesRegarding PU detec-tion,
it is important to note that other methods notbasedonany
aprioriknowledge onthelocationof PUscanbedeveloped, inparticular
byintegratingsecurity-relateddata withsignals fromprimary users.
Possibledirectionsconsist inincludingcryptographicsignatureswithin
such signals, or using integrity and authenticationmechanisms for
communications betweenprimaryandsecondary CR users. In the context
of practical CR appli-cations, suchapproaches must guarantee
compatibilitywith regulatory decisions such as those from the
FederalCommunications Commission(FCC), whichstates
thattheutilizationof availablespectrumbySUs shouldbepossible
without requiringany modificationtothe in-cumbent users and their
signals. Therefore, PU
authenti-cationisachallengingissueandexistingproposalsaresubject
topractical limitations [53]. Kim, Chung, andChoo[58] discussthat
thisrestrictionlimitstheaccur-acyof
securedistributedspectrumsensingschemes inCRnetworks. Forexample,
theproposalofBorle, Chen,and Du [59] employs a physical layer
authenticationscheme based on cryptographic signatures to address
PUemulationattacks. Theproposedschemeistransparentto the primary
receivers but inevitably requires somelevel of modificationtothe
primary transmitters. ThePUemulation attack defense solution that
Alahmadiet al. [60] propose targets digital television networks
andalsorequires modifyingthe primarytransmitters, suchthat they
generate referencesignals encryptedthroughthe Advanced Encryption
Standard (AES) algorithm.The authors state that their approach only
requiresequippingtheprimarytransmitterswithacommerciallyavailableAESchip,
whilewenotethattheSUsandthePUsmustalsohaveasharedsecret,
sofurtherworkinthe context of key management should be
addressed.Inthe context of the cryptographicapproaches, Liu,Ning,
and Dai[61] proposethe integration of signatureswith RSS
information by employing a helper node that isphysically close to
the PU, in orderto enable the SUs toverify transmissions from the
PU and decide on its legit-imacy.
Thisproposalintegratescryptographicsignaturesandwirelesslinksignaturesderivedfromphysical
radiochannel characteristics (such as channel impulse re-sponses).
A SU may thus verify the signatures carried bythe helper nodes
signals and thus obtain the helpernodes (authenticated)
linksignaturesfrom which it mayderive the legitimacy of the primary
nodes transmis-sions.
Wemayagainconsiderthatthelimitationofthisapproachmaybeinthecost of
theusageanddeploy-mentofdedicatedhelpernodes,
particularlyconsideringthat its physical proximity to a PUis an
importantrequirement of the effectiveness of this
approach.WefinallynotethatdetectingPUemulationmustnotbe
consideredtobe anendby itself. Countermeasuresolutions must
bedevelopedinorder toinvalidatetheeffects andgoals of suchattacks
andpreferentially toprevent their occurrence by building security
at thefoundations of CRenvironments. This is probably themost
challengingandunexploredissueinthis context.Nevertheless, most
existing works on PU emulationattackonlytargetitsdetection[45].
Actually, thefoun-dations of the CR paradigm inherently enable the
SUs tocircumvent PUemulationattacks evenwhenthey arenot detected.
That is, withCR,
aSUdetermineswhichchannelsarebusyandselectsoneofthemifanyexists.Uponthedetectionof
activityonachannel beingusedfor secondary transmission, either it
is a primary or fakesignal, the secondary transmitter must go
through aspectrumhandoff process (i.e., transmission is
inter-ruptedandresumedonanewchannel)[47].
Therefore,accordingtoXinandSong[5], it isnot reallyrelevantfor a
SUtodetermine if a busy channel results fromlegitimate PUtraffic or
any emulationattack, since itreactssimilarly. XinandSong[5]
alsostatethat whenan attacker realistically mimics the activity
pattern of thePUs, the resulting interference is tolerable by the
CRnetwork. Thatis, CRhasbeendesignedtocopewithamilddisruptionfrom
PUs and, therefore, theycan toler-ate PUemulation attacks that
cause similar types ofdisruption. However, we note that this CR
native featureis not effective when a PU emulation attack is
performedbyanintelligentattackerthathasknowledgeabout theinternals
of the CR networks, i.e., that can guess the nextchannel
tobeselectedbyaSU, or whentheattackisMarinho et al. EURASIP Journal
on Information Security(2015) 2015:4Page 11 of
14launchedondifferentchannelssimultaneouslybycoor-dinated malicious
nodes [5,53]. Under such circum-stances, servicedisruptionof
SUsduetobusychannelsconsiderably increases and might result in DoS
when theaffected SUs fail in finding a vacant channel
[47,53].ConcerningsmartPUemulationattacks[45,46], mali-cious
attackers remain silent during secondary
transmis-sionslotsinordertosaveenergy, andgreedyattackersuse the
channel if it is effectively vacant (i.e., without PUtraffic).
Basedonthisassumption, Naqvi, Murtaza, andAslam [45] propose a
strategy that enables detecting andmitigatingmalicious
PUemulationattacks. Their
solu-tionisbasedonallowingtheSUstoperformsensingatrandomintervalsotherthantheregularones,
i.e., whenthe attacker is supposedly quiet. That is, a SU senses
theintended channel out of the sensing periods expected bythe
attacker and uses the remaining time slot to transmitdata if the
channel is actually vacant. According toNaqvi, Murtaza,
andAslam[45], their proposal is theonlyonethat,
beyondidentifyingPUemulationattacks,also provides countermeasures
against this type ofthreat. Yuet al. [47] suggest that the
utilizationof
aguardchannelisasimplebuteffectivesolutiontomiti-gatetheeffectofPUemulationattacksinCRnetworks.Theyalsoproposeadefensestrategythat
includes re-servingaportionof channels for spectrumhandoff inorder
toreducetheresultingrateof secondaryservicedisruption.2
ConclusionsCognitive radio is a highly multidisciplinary area
cur-rentlyattractingnumerousresearchefforts, whichpro-vides a large
number of challenges regarding securityandaccuratesensing[62].
Aspreviouslydiscussed,
thissurveyisfocusedparticularlyonsecurityinthecontextofprimaryuserdetection,
particularlyinwhatconcernstwomajortypesofattacks:
primaryuseremulationandspectrumsensingdata falsification. The
importance
ofsuchattacksisalsorelatedtothefactthattheymayinfactcompromisethefeasibilityof
CRsolutionsandap-plications. As inother communicationapproaches,
wemay expect security to represent a fundamental enablingfactor of
future CR applications.As discussed throughout the survey, in
practical
terms,improvementsandnewsolutionsarerequiredtoprop-erlyaddress
thedescribedsecuritythreats. Despitetheusefulnessandinterest of
most of theproposalsprevi-ouslydiscussed, manyof
themarenotpractical fromadeployment point of view. For instance,
many currentproposalsrequirethedeployment of additional
sensors(helping devices) or the comparison of observationsagainst
characteristics knownapriori, particularly thelocations of the PUs.
The cost of suchsolutions, theunavailability of location
information, or the lack ofaccuracy of thepositioningmechanisms
maycomplicatethedesignandeffectivenessofnewsecurityapproaches.Also,
theassumptionabouttheprimaryusers locationsbeing known a priori may
be both simplistic and unreal-istic. In ourpointofview, theseare
themainissuesstillopenregardingtheidentificationof attacksagainst
thedetection of PU activity, one major open issue regardingsecurity
in CR environments.Recent technologies suchas
IEEE802.16WorldwideInteroperability for Microwave Access (WIMAX)
areexpected to contribute to increase the number of mobileprimary
users in a near future, and in consequencemobility and variable
topologies will be a reality in manyenvironments. Inconsequence,
advancedsecuritysolu-tions not assuming a priori knowledge of the
location ofthePUsmustbeinvestigatedandproperlyevaluatedinreal
deployment environments. Onthe other hand,
inscenarioswheresuchinformationmaybeavailable, se-curitymaybenefit
fromtheutilizationof cost-effectiveand accurate positioning
techniques.In terms of security, distributed CR networks
mayprovideabetter approachthancentralizedapproaches,despite
complicatingthedesignof appropriatemecha-nisms.
Byallocatingspectrumandsecuritydecisionstoseveral SUs, the risk of
DoS attacks against a single pointof failure(i.e., thecentral
entity) is eliminated. Inthiscontext,
clusteringschemesmaybeanintermediateal-ternative,
witheachclusterhavingitsowncentralentity(i.e.,
decisionandfusioncenter)andtheSUsbeingableto elect another central
entity or migrate to anothercluster in case of failure or
attack.Future developments on security for CR network envi-ronments
may also involve standardization efforts in thecontext of
normalization entities workforces, such as theEuropean
Telecommunications Standards Institute(ETSI) Reconfigurable Radio
Systems (RRS) TechnicalCommittee (TC). This TCis currently active
in thestandardization of CR systems and also in the addressingof
security threats [62]. Inthe same context as IEEE802.22,
theEuropeanComputerManufacturersAssoci-ation (ECMA)-392
workgroupaims at designing mecha-nisms to enable wireless devices
to exploit the whitespaces in the television frequency bands. Soto
andNogueira[17]statethat, despiterecentlyproposedpro-tocols,
architectures, and standards already including se-curity(e.g.,
seeIEEE802.11SCMPinSection1.4), theyuse conventional techniques
that are not sufficient
topreventCRnetworksfromtheattacksdescribedinthissurvey. We
alsobelieve that
reviewingexistinglimita-tionsinnormalizationactivities,
suchasFCCspecifyingthatnomodificationsareallowedonprimarynetworks,can
contribute to make identifying PU emulation attacksless
challenging, even when PUs are mobile and notknown a priori.Marinho
et al. EURASIP Journal on Information Security(2015) 2015:4Page 12
of 14As for the current Internet architecture and communi-cations
technologies, we may expect research
andstandardizationworktoprovideequallyimportantcon-tributions
intheaddressingof securityinfutureopenCRenvironments. Overall,
primary user detectionwillsubsist as a fundamental network
operation, and
securitywillcertainlyberequiredtoprovideappropriateprotec-tionagainst
the usage of spurious information, whichcan otherwise compromise
the applicability of CR.Competing interestsThe authors declare that
they have no competing interests.AcknowledgementsThe authors would
like to acknowledge the support of project IntelligentComputing in
the Internet of Services (iCIS; reference
CENTRO-07-0224-FEDER-002003).Author details1Instituto Politcnico de
Coimbra, ISEC, DEIS, Rua Pedro Nunes - Quinta daNora, 3030-199
Coimbra, Portugal.2DEI-UC - Department of InformaticsEngineering,
University of Coimbra, Plo II - Pinhal de Marrocos,
3030-290Coimbra, Portugal.3CISUC - Centre for Informatics and
Systems of theUniversity of Coimbra, Plo II - Pinhal de Marrocos,
3030-290 Coimbra,Portugal.Received: 16 December 2014 Accepted: 19
March 2015References1. IF Akyildiz, WY Lee, MC Vuran, S Mohanty,
NeXt generation/dynamicspectrum access/cognitive radio wireless
networks: a survey. Comput. Netw.50(13), 21272159 (2006)2. J
Mitola, G Maguire, Cognitive radio: making software radios more
personal.IEEE Personal Commun. 6(4), 1318 (1999)3. L Lu, X Zhou, U
Onunkwo, GY Li, Ten years of research in spectrum sensingand
sharing in cognitive radio. EURASIP J. Wirel. Commun. Netw.
2012(1),116 (2012)4. J Marinho, E Monteiro, Cognitive radio: survey
on communication protocols,spectrum decision issues, and future
research directions. Wireless Net.18(2), 147164 (2012)5. C Xin, M
Song, Detection of PUE attacks in cognitive radio networks basedon
signal activity pattern. IEEE Transact. Mobile Comput. 13(5),
10221034 (2014)6. A Fragkiadakis, E Tragos, I Askoxylakis, A survey
on security threats anddetection techniques in cognitive radio
networks. IEEE Commun. SurveysTutorials 15(1), 428445 (2013)7. A
Attar, H Tang, AV Vasilakos, FR Yu, VCM Leung, A survey of
securitychallenges in cognitive radio networks: solutions and
future researchdirections. Proceedings IEEE 100(12), 31723186
(2012)8. G Baldini, T Sturman, AR Biswas, R Leschhorn, G Godor, M
Street, Securityaspects in software defined radio and cognitive
radio networks: a surveyand a way ahead. IEEE Commun. Surveys
Tutorials 14(2), 355379 (2012)9. AC Sumathi, R Vidhyapriya,
Security in Cognitive Radio Networks - A Survey.12th International
Conference on Intelligent Systems Design and Applications,ISDA
2012, 2012, pp. 11411810. W El-hajj, H Safa, M Guizani, Survey of
security issues in cognitive radio net-works. J. Internet Tech.
12(2), 181198 (2011)11. O Len, J Hernndez-Serrano, M Soriano,
Securing cognitive radio networks.Int. J. Commun. Systems 23(5),
633652 (2010)12. IEEE 802.22 WRAN WG Website.
http://www.ieee802.org/22/. Accessed 31July 2012.13. P Ren, Y Wang,
Q Du, J Xu, A survey on dynamic spectrum access protocolsfor
distributed cognitive wireless networks. EURASIP J. Wirel.
Commun.Netw. 2012(60), 121 (2012)14. H Celebi, H Arslan,
Utilization of location information in cognitive wirelessnetworks.
IEEE Wireless Commun. 14(4), 613 (2007)15. AN Mody, R Reddy, T
Kiernan, TX Brown, Security in Cognitive RadioNetworks: An Example
Using the Commercial IEEE 802.22 Standard. IEEEMilitary
Communications Conference, MILCOM 2009, 2009, pp. 1716. TC Clancy,
N Goergen, Security in Cognitive Radio Networks: Threats
andMitigation. IEEE 3rd International Conference on Cognitive Radio
OrientedWireless Networks and Communications, CrownCom 2008, 2008,
pp. 1817. J Soto, M Nogueira, A framework for resilient and secure
spectrum sensingon cognitive radio networks. Comput. Netw. 79,
313322 (2015)18. J Chen, L Jiao, J Wu, X Wang, Compressive spectrum
sensing in thecognitive radio networks by exploiting the sparsity
of active radios. WirelessNet 19(5), 661671 (2013)19. B Lo, I
Akyildiz, Reinforcement learning for cooperative sensing gain
incognitive radio ad hoc networks. Wireless Net 19(6), 12371250
(2013)20. W Wang, H Li, Y Sun, Z Han, Securing collaborative
spectrum sensingagainst untrustworthy secondary users in cognitive
radio networks. EURASIPJ. Adv. Sig. Pr. 2010, 115 (2010)21. K Zeng,
P Paweczak, D Cabric, Reputation-based cooperative spectrum
sensingwith trusted nodes assistance. IEEE Commun. Letters 14(3),
226228 (2010)22. T Clouqueur, P Ramanathan, KK Saluja, KC Wang,
Value-fusion versusdecision-fusion for fault-tolerance in
collaborative target detection in sensornetworks. Proceedings of
the Fourth International Conference on InformationFusion, 2001, pp.
253023. AC Malady, C Silva, Clustering methods for distributed
spectrum sensing incognitive radio systems. IEEE Military Commun.
Conference MILCOM 2008,15 (2008)24. A Nasipuri, K Li, Collaborative
Detection of Spatially Correlated Signals inSensor Networks.
Proceedings of the 2005 International Conference
onTelecommunication Systems Modeling and Analysis, 2005, pp.
172025. O Fatemieh, R Chandra, CA Gunter, Secure Collaborative
Sensing for CrowdSourcing Spectrum Data in White Space Networks.
IEEE Symposium on NewFrontiers in Dynamic Spectrum, 2010, pp.
11226. B Khaleghi, A Khamis, FO Karray, SN Razavi, Multisensor data
fusion: a reviewof the state-of-the-art. Info Fusion 14(1), 2844
(2013)27. JL Burbank, Security in cognitive radio networks, The
required evolution inapproaches to wireless network security. 3rd
International Conference onCognitive Radio Oriented Wireless
Networks and Communications, CrownCom2008, 200828. R Chen, JM Park,
YT Hou, JH Reed, Toward secure distributed spectrum sensingin
cognitive radio networks. IEEE Commun. Magazine 46(4), 5055
(2008)29. CY Chen, YH Chou, HC Chao, CH Lo, Secure centralized
spectrum sensingfor cognitive radio networks. Wireless Net 18(6),
667677 (2012)30. H Rif-Pous, C Garrigues, Authenticating hard
decision sensing reports incognitive radio networks. Comput. Netw.
56(2), 566576 (2012)31. Y Zhang, N Meratnia, P Havinga, Outlier
detection techniques for wireless sensornetworks: a survey. IEEE
Commun. Surveys Tutorials 12(2), 159170 (2010)32. C Chen, M Song,
CS Xin, CoPD: a conjugate prior based detection schemeto
countermeasure spectrum sensing data falsification attacks in
cognitiveradio networks. Wireless Net 20(8), 25212528 (2014)33. AW
Min, KG Shin, X Hu,Attack-tolerant distributed sensing for
dynamicspectrum access networks. 17th IEEE International Conference
on NetworkProtocols, ICNP 2009, 2009, p. 29434. J Wang, IR Chen,
Trust-based data fusion mechanism design in cognitive
radionetworks. 2014 IEEE Conference on Communications and Network
Security,CNS, 2014, pp. 535935. H Li, Z Han, Catching Attacker(s)
for Collaborative Spectrum Sensing inCognitive Radio Systems: An
Abnormality Detection Approach (Spectrum, IEEESymposium on New
Frontiers in Dynamic, 2010), pp. 11236. C Chen, M Song, C Xin, M
Alam,A robust malicious user detection scheme incooperative
spectrum sensing. 2012 IEEE Global Communications
Conference,GLOBECOM, 2012, pp. 4856486137. Y Yang, Y Liu, Q Zhang,
L Ni, Cooperative boundary detection for spectrumsensing using
dedicated wireless sensor networks. IEEE International Conferenceon
Computer Communications, INFOCOM, 2010, pp. 1938. M Atakli, H Hu, Y
Chen, WS Ku, Z Su, Malicious node detection in wirelesssensor
networks using weighted trust evaluation. Proceedings of the
2008Spring Simulation Multiconference, 2008, p. 83639. T Suen, A
Yasinsac, Peer identification in wireless and sensor networks
usingsignal properties. IEEE International Conference on Mobile
Adhoc and SensorSystems Conference, 200540. J Li, Z Feng, Z Wei, Z
Feng, P Zhang, Security management based on trustdetermination in
cognitive radio networks. EURASIP J. Adv. Sig. Pr 2014(1),116
(2014)41. L Tingting, S Feng, Research on hidden malicious user
detection problem.Sec. Commun. Net. 7(6), 958963 (2014)Marinho et
al. EURASIP Journal on Information Security(2015) 2015:4Page 13 of
1442. A Araujo, J Blesa, E Romero, D Villanueva, Security in
cognitive wireless sensornetworks. Challenges and open problems.
EURASIP Journal on WirelessCommunications and Networking 2012,
201243. Z Jin, S Anand, KP Subbalakshmi, Mitigating primary user
emulation attacksin dynamic spectrum access networks using
hypothesis testing mobilecomputing and communications. ACM
SIGMOBILE Mobile Comput.Commun. Rev 13(2), 7485 (2009)44. Z Yuan, D
Niyato, H Li, JB Song, Z Han, Defeating primary user
emulationattacks using belief propagation in cognitive radio
networks. IEEE J. Selec.Areas Commun 30(10), 18501860 (2012)45. B
Naqvi, S Murtaza, B Aslam,A mitigation strategy against malicious
primaryuser emulation attack in cognitive radio networks. 2014 IEEE
InternationalConference on Emerging Technologies, ICET, 2014, pp.
11211746. M Haghighat, SMS Sadough, Smart primary user emulation in
cognitive radionetworks: defence strategies against radio aware
attacks and robust spectrumsensing. Transactions on Emerging
Telecommunications Technologies 2014,2014. doi:10.1002/ett.284847.
R Yu, Y Zhang, Y Liu, S Gjessing, M Guizani, Securing cognitive
radionetworks against primary user emulation attacks. arXiv
preprint arXiv1308, 6216 (2013)48. R Chen, JM Park, JH Reed,
Defense against primary user emulation attacks incognitive radio
networks. IEEE J. Selec. Areas Com 26(1), 2537 (2008)49. R Chen, JM
Park, Ensuring Trustworthy Spectrum Sensing in Cognitive
RadioNetworks. 1st IEEE Workshop on Networking Technologies for
Software DefinedRadio Networks, SDR 06, 2006, pp. 11011950. D
Niculescu, Positioning in ad hoc sensor networks. IEEE Net18(4),
2429 (2004)51. F Franceschini, M Galetto, D Maisano, L
Mastrogiacomo, A review oflocalization algorithms for distributed
wireless sensor networks inmanufacturing. Int. J. Comput. Integ.
Manufac 22(7), 698716 (2009)52. B Xiao, H Chen, S Zhou,A walking
beacon-assisted localization in wirelesssensor networks. IEEE
International Conference on Communications, ICC07,2007, pp.
3070307553. H Idoudi, K Daimi, M Saed, Security Challenges in
Cognitive Radio Networks.Proceedings of the World Congress on
Engineering, 201454. O Len, J Hernndez-Serrano, M Soriano,
Cooperative detection of primaryuser emulation attacks in CRNs.
Comput. Netw. 56(14), 33743384 (2012)55. J Blesa, E Romero, A
Rozas, A Araujo, PUE attack detection in CWSNs usinganomaly
detection techniques. EURASIP J. Wireless Com. Net. 2013(1),113
(2013)56. P Kai, Z Fanzi, Z Qingguang,A New Method to Detect
Primary User EmulationAttacks in Cognitive Radio Networks. 3rd
International Conference onComputer Science and Service System,
CSSS 2014, 2014, pp. 67467757. C Savarese, JM Rabaey, J Beutel,
Location in distributed ad-hoc wireless sensornetworks. IEEE
International Conference on Acoustics, Speech, and
SignalProcessing, ICASSP01, 2001, pp. 2037204058. M Kim, MY Chung,
H Choo, VeriEST: verification via primary user
emulationsignal-based test for secure distributed spectrum sensing
in cognitive radionetworks. Sec. Com. Net 5(7), 776788 (2012)59. KM
Borle, B Chen, W Du,A physical layer authentication scheme
forcountering primary user emulation attack (IEEE International
Conference onAcoustics, Speech and Signal Processing, ICASSP,
2013), pp. 2935293960. A Alahmadi, M Abdelhakim, J Ren, T Li,
Defense against primary useremulation attacks in cognitive radio
networks using advanced encryptionstandard. IEEE Transac. Info.
Forensics Sec 9(5), 772781 (2014)61. Y Liu, P Ning, H
Dai,Authenticating Primary Users Signals in Cognitive RadioNetworks
via Integrated Cryptography and Wireless Link Signatures. 2010
IEEESymposium on Security and Privacy, 2010, pp. 28630162. VT
Nguyen, F Villain, YL Guillou, Cognitive radio RF: overview
andchallenges. VLSI Design 2012, 113 (2012).
doi:10.1155/2012/716476Submit your manuscript to a journal and
benet from:7 Convenient online submission7 Rigorous peer review7
Immediate publication on acceptance7 Open access: articles freely
available online7 High visibility within the eld7 Retaining the
copyright to your articleSubmit your next manuscript at 7
springeropen.comMarinho et al. EURASIP Journal on Information
Security(2015) 2015:4Page 14 of 14
