Security Issues in Cognitive Radio Networks (CRN)
advertisement
Security Issues in Cognitive Radio Networks (CRN) Peng Zang Apr. 13, 2012 1 Outlines • Why Using CRN and its goal • Elements of CRN • Specific security issues of CRN • Selected attack models • Several potential solutions and models • Conclusion 2 Why CRN • Spectrum crisis – Most spectrum are occupied by licensed users – Exploit idle portion of the licensed spectrum • Goals – Coexistence with Primary Users (PU) – Coexistence with other Secondary Users (SU) – Using spectrum effectively and fairly – Maximum throughput – Fairly allocated spectrum to each SUs 3 Elements of CRN • Spectrum sensing • Spectrum analysis and decision making • Dynamic Spectrum Access and Allocation (DSA) • Software defined Radio (SDR) – Cognitive capability – Reconfigurability 4 Attack against CRN • Primary User Emulation Attack (PUE) • Spectrum Sensing Data Falsification Attack (SSDF) • Common Control Channel Attack (CCC) • Beacon Falsification Attack (BF) • Cross layer attacks • Software Defined Radio Attacks (SDR) • etc.. No modification to the incumbent signal should be required to accommodate opportunistic use of the spectrum by SUs. – FCC 5 PUE attack • An attacker emulates PU to force SUs leave the vacant channel • High probability of success • Could lead to DoS attack • 3 models will be presented: Signal feature based; Localization based; Lion attack; 6 Figure 1. A simplified PUEA scheme [1] Background knowledges • Received signal • Path loss : • Log-normal Shadowing: Variance of shadowing parameter • Received energy: Shadowing Path loss : constant 7 PUE attack 1.1: Signal feature based – Assumptions • SU & Attacker know r1, attacker know r2 & r3. • SU & PU : stationary • Energy detection is adopted • Attack knows and waveform of PU signal Different and unique • When signal transmitter is: – PU: – Attacker: 8 PUE defense Model 1.1 – naive defense Step1: • Received signal energy: • they are i.i.d. And follow the same distribution as • Use unbiased estimator: • Determination: Step2: Threshold 9 Keys for determination PUE attack 1.2: advanced attack • Goal: Make SU receive emulation signals has same power level as PU signal: • Need two parameter first: • Attacker received signal from PU: where: 10 PUE attack 1.2: advanced attack cont'd • From MLE, parameters are found: • Design of emulation signal: • Leads to: The emulation signal transmitted with power: 11 Advanced Defense 1.2: Variance detection • Basic idea: Detect PU channel parameter – • Using unbiased estimation: • Detection: 12 Advanced Defense 1.2: Variance detection • Decision making: • However, there are always trade-offs 13 Naïve detection simulation[1] 14 Advanced variance detection[1] 15 m sensing attempts[1] 16 PUE attack defense model 2: localization based[2] • Basic idea: Transmitter's location verification • Methods: – Received Signal Strength (RSS); – Need help from Wireless Sensor Network (WSN) • Assumptions: – WSN distributed uniformly – Attacker not in the same position as PU • RSS Model: • Variance: 17 mean: RSS smoothing procedure Pivot point 1 Transmitter Pivot point 2 18 RSS Smoothing Procedure • Step 1: Calculate Median value of RSS in each pivot point. – For Pivot point 1 (R0): – Find minimum value of 19 RSS Smoothing Procedure – For Pivot point 2 (R1): – Find maximum value of • Step 2: Get a loose lower bound: 20 RSS Smoothing procedure • Step3: Obtain – P: confidence level – New R.V. X0: • Then r and d must satisfy: 21 Results 22 Results 23 PUE attack 3: Lion Attack Model [4] • Intelligent algorithm: attack TCP transmission utilizing retransmission timer back off. • Analytical Model: • 24 25 Assumptions and definitions • Each attack lead to a handoff • Fixed handoff time: • R.V.: Fixed detection time: Another R.V.: • Round Trip Time(RTT) < Minimum Retransmittion Time Out(RTO) • At least one handoff take place • Probability of k handoffs in an interval (x',x'+τ) is • Then: 26 RTO and Retransmission time • Retransmission Time Out (RTO): • Retransmission Time instant: 27 Analytical model of lion attack [4] 28 Find Inactivity Time • Probability that inactive time is a given value: • Expected average time of inactivity: 29 Pr(every t’ before this one happened in a handoff) Find Inactivity Ratio • Find TCP inactivity percentage: • Average activity time: 30 Performance 31 PUE attack Conclusion • Model 1.1 &1.2 – Goal: Authentication – Channel parameters Map vs. Public/Private Key • Model 2 – WSN vs. KDC • Model 3 – RTO vs. Secrete Key 32 SSDF : Model • Assumptions: – – – – In distributed sensing; Fixed graph for the network; Duplex wireless connections; Attackers are in the graph and send falsified information to SU; – Energy detection model is used. 33 Basic idea • Step1: Get mean value of sensing result from neighbor nodes • Step2: Exclude most deviate neighbor node • Step3: Consensus algorithm 34 Basic idea con't • Step 4: Compare with threshold: • Vector form of algorithm: • P: double Stochastic Matrix – ensure convergence of x* in whole network 35 Conclusion • Consensus vs. Trust model • To trust, or not to trust… 36 References [1] Ruiliang Chen; Jung-Min Park; Reed, J.H.; , "Defense against Primary User Emulation Attacks in Cognitive Radio Networks," Selected Areas in Communications, IEEE Journal on , vol.26, no.1, pp.25-37, Jan. 2008 [2] Zesheng Chen; Cooklev, T.; Chao Chen; Pomalaza-Raez, C.; , "Modeling primary user emulation attacks and defenses in cognitive radio networks," Performance Computing and Communications Conference (IPCCC), 2009 IEEE 28th International , vol., no., pp.208-215, 1416 Dec. 2009 [3] Yu, F.R.; Tang, H.; Minyi Huang; Zhiqiang Li; Mason, P.C.; , "Defense against spectrum sensing data falsification attacks in mobile ad hoc networks with cognitive radios," Military Communications Conference, 2009. MILCOM 2009. IEEE , vol., no., pp.1-7, 18-21 Oct. 2009 [4] Hernández, J.; León, O.; Soriano, M. “Modeling the lion attack in cognitive radio networks. Eurasip journal on wireless communication and networking, 2011, vol. 2011, p. 1-10. [5] Nansai Hu; Yu-Dong Yao; Mitola, J.; , "Most Active Band (MAB) Attack and Countermeasures in a Cognitive Radio Network," Wireless Communications, IEEE Transactions on , vol.11, no.3, pp.898-902, March 2012 37 Thank you ! • Questions? 38
