cognitive radio network security a survey

Journal of Network and Computer Applications 35 (2012) 1691–1708

Contents lists available at SciVerse ScienceDirect

Journal of Network and Computer Applications

1084-80

http://d

n Corr

E-m

song.ha

journal homepage: www.elsevier.com/locate/jnca

Review

Cognitive radio network security: A survey

Sazia Parvin a, Farookh Khadeer Hussain b,n, Omar Khadeer Hussain a, Song Han a, Biming Tian a,Elizabeth Chang a

a School of Information Systems, Curtin University, Perth, Australiab School of Software, Decision Support and e-Service Intelligence Lab, Centre for Quantum Computation and Intelligent Systems, Faculty of Engineering and Information Technology,

University of Technology, Sydney, Ultimo, NSW, 2007

a r t i c l e i n f o

Article history:

Received 3 February 2012

Received in revised form

6 June 2012

Accepted 27 June 2012Available online 25 July 2012

Keywords:

Radio

Security

Trust

Attacks

Secondary users

Primary users

45/$ - see front matter & 2012 Elsevier Ltd. A

x.doi.org/10.1016/j.jnca.2012.06.006

esponding author. Tel.: þ61 2 9514 1856.

ail addresses: [email protected]

[email protected] (S. Han), biming.tian@po

a b s t r a c t

Recent advancements in wireless communication are creating a spectrum shortage problem on a daily

basis. Recently, Cognitive Radio (CR), a novel technology, has attempted to minimize this problem by

dynamically using the free spectrum in wireless communications and mobile computing. Cognitive

radio networks (CRNs) can be formed using cognitive radios by extending the radio link features to

network layer functions. The objective of CRN architecture is to improve the whole network operation

to fulfil the user’s demands anytime and anywhere, through accessing CRNs in a more efficient way,

rather than by just linking spectral efficiency. CRNs are more flexible and exposed to wireless networks

compared with other traditional radio networks. Hence, there are many security threats to CRNs, more

so than other traditional radio environments. The unique characteristics of CRNs make security more

challenging. Several crucial issues have not yet been investigated in the area of security for CRNs. A

typical public key infrastructure (PKI) scheme which achieves secure routing and other purposes in

typical ad hoc networks is not enough to guarantee the security of CRNs under limited communication

and computation resources. However, there has been increasing research attention on security threats

caused specifically by CR techniques and special characteristics of CR in CRNs. Therefore, in this

research, a survey of CRNs and their architectures and security issues has been carried out in a broad

way in this paper.

& 2012 Elsevier Ltd. All rights reserved.

Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1692

1.1. Motivation and contribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1693

2. Cognitive radio network working process and applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1694

2.1. Sense (Cognitive capability). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1694

2.1.1. Spectrum sensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1694

2.1.2. Spectrum sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1694

2.1.3. Location identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1695

2.1.4. Network/system discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1695

2.1.5. Service discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1695

2.2. Understand (Self-Organized capability). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1695

2.2.1. Spectrum/radio resource management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1695

2.2.2. Mobility and connection management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1695

2.2.3. Trust/security management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1695

2.3. Decide (decision capability). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1695

2.4. Adapt (Reconfigurable capability) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1696

2.4.1. Frequency agility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1696

2.4.2. Dynamic frequency selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1696

ll rights reserved.

u.au (S. Parvin), [email protected] (F.K. Hussain), [email protected] (O.K. Hussain),

stgrad.curtin.edu.au (B. Tian), [email protected] (E. Chang).

S. Parvin et al. / Journal of Network and Computer Applications 35 (2012) 1691–17081692

2.4.3. Adaptive modulation/coding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1696

2.4.4. Transmit power control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1696

2.4.5. Dynamic system/network access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1696

2.5. Application and scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1696

3. Cognitive radio network architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1696

3.1. Infrastructure architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1697

3.2. Ad hoc architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1697

3.3. Mesh architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1697

4. Security requirements of cognitive radio networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1697

5. Attacks on protocol layers and scope of attacks in cognitive radio networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1698

5.1. Attacks on various protocol layers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1699

5.2. Scope of attacks in cognitive radio networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1701

6. Challenges and threats in cognitive radio networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1701

6.1. Spectrum sensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1701

6.1.1. Spectrum sensing challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1701

6.1.2. Spectrum sensing threats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1702

6.2. Spectrum decision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1702

6.2.1. Spectrum decision threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1702

6.2.2. Spectrum decision challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1703

6.3. Spectrum sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1703

6.3.1. Spectrum sharing challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1703

6.4. Spectrum mobility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1703

6.4.1. Spectrum mobility threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1703

6.4.2. Spectrum mobility challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1703

7. Countermeasures for various attacks on cognitive radio networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1703

7.1. Jamming countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1703

7.2. Primary user emulation attack countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1704

7.3. OFA countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1704

7.4. Lion attack countermeasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1704

7.5. General countermeasures in CRNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1704

8. Secure spectrum management schemes in cognitive radio networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1705

8.1. Secure spectrum sensing scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1705

8.2. Secure spectrum decision scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1705

8.3. Secure spectrum sharing scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1706

8.4. Secure spectrum mobility scheme. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1706

9. Challenges and open problems in cognitive radio networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1706

10. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1707

References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1707

1. Introduction

Of the different kinds of wireless technology supporting Inter-net access and other services, a very effective idea is to mergedifferent wireless networks and to use one of them appropriately,depending on the communication environments and variousapplication requirements. At first, cognitive radio was pioneeredby Mitola (2000) from software defined radio (SDR). The mainobjective of this idea was originally to improve spectrum utiliza-tion. There is an ever-increasing demand for spectrum for emer-ging wireless applications and there is a spectrum shortage for thewireless applications. In view of this, the Federal CommunicationsCommission (FCC) has considered making the licensed spectrumavailable to unlicensed users. This will allow unlicensed users touse the empty spectrum, provided they cause no interference tolicensed users. Most radio systems today are aware of the radiospectrum. Cognitive radio is a new research area for wirelesscommunication in which either a network or a wireless node isable to change its transmission or reception parameters to com-municate efficiently by avoiding interference with licensed orunlicensed users. Basically, the parameters that are used in CRNsare based on the active monitoring of several factors, either in theexternal or internal radio environment, such as radio frequencyspectrum, user behavior and network state. A cognitive radiosenses available spectrum, occupies it and can vacate the spec-trum on sensing the return of the primary user (PU). We callfuture wireless networks ‘cognitive radio networks’ (CRNs), which

is quite consistent with Haykins’s definition of cognitive radio(Haykin, 2005): ‘‘Cognitive radio is an intelligent wireless commu-

nication system that is aware of its surrounding environment (i.e., the

outside world), and uses the methodology of understanding-by-

building to learn from the environment and adapt its internal states

to statistical variations in the incoming RF stimuli by making

corresponding changes in certain operating parameters (e.g., transmit

power, carries-frequency, and modulation strategy) in real time, with

two primary objectives in mind: highly reliable communication,

whenever and wherever needed, and efficient utilization of the radio

spectrum’’. The authors in Chen et al. (2008a) stated that whenevercognitive radios can find opportunities for communication usingthe ‘‘spectrum holes’’, cognitive radio transports packets on top ofcognitive radio links in order to successfully facilitate usefulapplications and services. A mobile terminal with cognitive radiocapabilities can always sense the communication environments(e.g. spectrum holes, geographic location, available wire/wirelesscommunication system or networks, and available services),analyze the environment and learn information from the environ-ments with the user’s requirements and reconfigure itself byadjusting system parameters to conform to certain policies andregulations. The authors provided an example in Chen et al.(2008a), where a cognitive radio mobile terminal senses thatthere are WiFi and GSM systems nearby while spectrum holesexist in the frequency band of digital TV, hence, it may decide todownload files from a certain WiFi AP, make a phone call throughthe GSM system and communicate with other cognitive radio

Fig. 1. Difference between wireless networks and cognitive radio networks.

S. Parvin et al. / Journal of Network and Computer Applications 35 (2012) 1691–1708 1693

users, using those spectrum holes. Figure 1 shows the basicdifference between wireless networks and cognitive networks.

A cognitive radio terminal also has the ability to negotiate withanother spectrum and network utilization. This negotiation pro-cess may be undertaken with the support of network/infrastruc-ture sides or simply by proceeding in an ad hoc manner. In CRNs,the radio could also facilitate interoperability among differentcommunication systems in which frequency bands and/or for-mats are not the same (Chen et al., 2008a). On the other hand,cognitive radio is placed above the SDR (Software Defined Radio)and it uses its ‘‘intelligence’’ that lets an SDR to determine whichmode of operation and parameters to use. Actually, an SDR issimply a radio that puts most of the Radio Frequency (RF) andIntermediate frequency (IF) functionality, including waveformsynthesis, into the digital (rather than the analog) domain,allowing great flexibility in the modes of radio operation (called‘‘personalities’’) (Haykin, 2005). CRNs are more flexible andexposed to Wireless Networks compared with other traditionalradio networks. Hence, there are many security threats to CRNsbecause of its special characteristics, such as intelligence func-tionality and dynamic spectrum access application, more so thanfor other traditional radio environments. Since cognitive radioscan adapt to their environment and change how they commu-nicate, it is crucial that they select an optimal and secure meansof communication. Compared to wired networks, the nature ofwireless networks means that it is unavoidable that security isvulnerable. In a wireless network, a signal has to be transmittedthrough an open media without a real connection. That is to say,the data might be eavesdropped and altered without notice; orthe channel might be jammed and overused by an adversary(Zhang and Li, 2009a). A description and categorization of thesecurity threats in CRNs and an analytical survey for the detectionof several attacks have been undertaken in Fragkiadakis et al.(2011). The unique characteristics of CRNs make security morechallenging. Here we summarize a number of security threats forCRNs:

�
Sensing problem: Cognitive radio technology provides moreopportunities for attackers due to its intrinsic nature. Forexample, spectrum sensing is a key characteristic used inCRNs, which scans certain range of the spectrum to detect
unoccupied spectrum (Naveed and Kanhere, 2006b;Kaligineedi et al., 2008b; Akyildiz et al., 2008). Through thisprocess, an unlicensed user can determine whether the radiocan be used. However, if the spectrum sensing result ismodified maliciously, normal network activities will be dis-abled; it is possible that all network traffic may collapse. Othertypes of threats include spectrum decision threats, spectrumsharing and spectrum mobility threats.
� Hidden terminal problem: As mentioned in Kaligineedi et al.
(2008b), the most important challenge facing a cognitive radiosystem is to identify the presence of PUs over a wide range ofspectrum. This process is very difficult as we need to identifyvarious PUs employing different modulation schemes, datarates and transmission powers in the presence of variablepropagation losses, interference generated by other SUs, andthermal noise. For example, if the channel between theprimary transmitter and the sensing device is under a deepfade, it is possible that the sensing device may not detect theprimary signal. As a result, the cognitive radio might transmita signal in the corresponding PU band, causing interference tothe nearby primary receiver. This issue is commonly referredto as the Hidden Terminal Problem.
� Policy threats: In order to communicate more effectively in an
intelligent way, a CR needs policies for reasoning in differentenvironments or under different conditions. There are twotypes of threats when using policies (Clancy and Goergen,2008): first, policies may be modified by attackers. An attackercan obtain control of a CR, or obtain permission from thepolicy database administration to modify the internal policies.Second, false policies also lead to security threats. An attackercan try to inject false policies into the CR policy database, andthereby cause interference.
� Learning threats: Some CRs are designed with the capability of
learning. These CRs can learn from past experiences or currentsituations to predict the future environment and select opti-mal operations. But attackers can modify past statistics orspoof current conditions to prevent the CR from predictingaccurately (Zhang et al., 2008).
� Parameter threats: An attacker can manipulate a CR to behave
maliciously, and teach the CR to alter the parameters to affectthe CR to conduct sub-optimal operations for CRNs (Clancyand Goergen, 2008).

However, to date, there has been no comprehensive analysis ordiscussion of security threats caused specifically by CR techniquesand the special characteristics of CR in CRNs. So, a comprehensivesurvey of CRNs and their architectures and security issues hasbeen carried out in this paper.

1.1. Motivation and contribution

One of the key advantages of CRNs is that they can offer lowcost solutions to a variety of real-world challenges. CRNs canreduce or eliminate the need for human interaction in informa-tion gathering in certain civilian and military applications (Arslanand Ahmed, 2007) by solving spectrum scarcity problems in thereal world. CRNs are vulnerable to various attacks because theyare usually deployed in unattended environments and use unreli-able wireless communication. However, it is not simple toimplement security defences in CRNs. One of the major obstaclesin deploying security on CRNs is that the current CRNs havelimited computation and communication capabilities. With this inmind, many researchers have begun to ensure security for CRNSwith different security mechanisms. Security mechanisms,including trust management, have the ability to secure CRNsagainst attackers. CRNs are application-specific networks. Except


for some common features, a CRN for a specific application hassome unique features and correspondingly, some unique securityrequirements. Our design is driven by specific applications andtheir security requirements, this principle making the designedscheme more practical. To date, there has been no comprehensiveanalysis or discussion of security threats caused specifically by CRtechniques and the special characteristics of CR in CRNs and thereare still several gaps in CRNs research which have not yet beenaddressed, resulting in there being no effective defense mechan-ism against attacks in CRNs, as well as no guidelines for theselection of defense mechanisms. Hence, in this work, we inte-grate prior research results and investigate the current problemsin CRNs. The main contributions of this paper are as follows:

1.
We clarify the security requirements of CRNs according to foursecurity levels which are depicted in Fig. 8, providing a betterunderstanding of the attacks against CRNs and the priority ofeach security requirement.
2.

Fig. 2. Working process of cognitive radio networks.

We highlight the advantages and disadvantages of existingschemes and identify open problems in relation to CRNs. Wediscuss the security model, and threat model for the establish-ment of four different secure schemes of spectrum manage-ment in CRNs.

The rest of the paper is organized as follows: from Sections 2 to 6,we present an overview of CRNs, including CRN architecture; andthe different types of attacks on different protocol layers and theircountermeasures is discussed in CRNs in Section 7. In Section 8,we describe the spectrum management schemes in CRNs. Subse-quently, we consider open problems and challenges in CRNs inSection 9. We conclude the paper in Section 10.

Fig. 3. Comparison between different sensing methods (Yucek and Arslan, 2009).

2. Cognitive radio network working process and applications

The working capabilities of a CRN can be classified accordingto the working functionalities as shown in Fig. 2. A cognitive radiosenses the environment (cognitive capability), analyzes andunderstands the sensed information (self-organized capability),makes decisions (decision capability) and adapts to the environ-ment (reconfigurable capabilities). In this section, for complete-ness, we give an overview of each of these activities.

2.1. Sense (Cognitive capability)

In this section, we give an overview of the various sensingcapabilities of CRNs.

2.1.1. Spectrum sensing

A cognitive radio has the capability of spectrum sensing by usingseveral sensing algorithms. By using this sensing capability, it cansense the spectrum and detect whether there are any ‘‘spectrumholes’’ surrounding the networks or not. CRNs use free frequencybands which are not used by licensed users or have limitedinterference with them. Some of the methods used for spectrumsensing purposes in CRNs are Energy Detector-Based Sensing,Waveform-based sensing, Cyclostationarity-based sensing, RadioIdentification-based sensing, and Matched-Filtering. Tevfik et al. inYucek and Arslan (2009) described all of these spectrum sensingmethods. They also provided a basic comparison between all of thesemethods in terms of complexity and accuracy.

Figure 3 shows a basic comparison between different sensingmethods in terms of complexity and accuracy.

Unnikrishnan and Veeravalli (2008) considered cognitive radiosystems where the secondary user (SU) cooperates with each other inorder to detect the presence of the primary signal in the frequency

band that the SUs are monitoring. In the cooperative sensing(Unnikrishnan and Veeravalli, 2008), the individual secondary usersmake independent decisions about the presence of the primarysignal. They send their decisions to a fusion center that makes thefinal decision about the occupancy of the band by fusing the decisionsmade by all cooperating radios in that area. Various cooperativesensing schemes (Chair and Varshney, 1986; Quan et al., 2008) areused to fuse the sensing information of the secondary users. Peh et al.(2009) proposed an iterative algorithm to optimize the sensing timeand the parameters of the fusion scheme in order to maximize thethroughput of CRNs. Shahid and Kamruzzaman (2008) proposed anew cooperative spectrum sensing technique in CRNs. The proposedmethod (Shahid and Kamruzzaman, 2008) is able to detect thepresence of PU with higher probability.

2.1.2. Spectrum sharing

A cognitive radio could incorporate a mechanism that helps toshare spectrum under different terms of agreement and policies

Fig. 4. Cognitive radio applications.


between a licensee and a third party, meaning that parties may beable to negotiate for spectrum use on an ad hoc or real-time basis,without the need for prior agreements between all parties (Xieet al., 2011). There are different approaches for spectrum sharingin CRNs. Of these, the Game-Theory approach (Wang et al., 2010a)and Auction-based approach (Wang et al., 2010b) are the mostpopular and efficient.

2.1.3. Location identification

CRNs should have the ability to determine their location andthe location of other transmitters. They then select the appro-priate operating parameters such as power and frequency,depending on the location technology (Chen et al., 2008a). Inrelation to this, we can give an example from satellite technology,where the bands are received only and do not transmit anysignals. Location technology may be an appropriate method toavoid interference because sensing technology does not identifythe location of nearby receivers (Chen et al., 2008a). Energy-basedmethods, Least squares methods, maximum likelihood (ML)-based acoustic source localization methods, etc. have been pro-posed in CRNs for location identification.

2.1.4. Network/system discovery

In a CRN, at first the cognitive radio terminal discoversavailable networks around it to determine the best way tocommunicate. CRNs can use these networks either via directedone hop communication or via multi-hop relay nodes. Forexample, when a cognitive radio terminal needs to make a phonecall, it first determines whether there are GSM BTSs or WiFi APsnearby. If there is no direct communication link between theterminal and the BTSs/APs, but through other cognitive radioterminals through which some access networks are reachable, itcan still make a call in this circumstance (Chen et al., 2008a). So, itis very important to discover one hop or multi-hop away accessnetworks.

2.1.5. Service discovery

Service discovery is almost similar to network/system discov-ery. Network or system operators provide their services throughtheir access networks. A cognitive radio terminal tries to findappropriate services to fulfill its demands throughout the net-work. Cognitive radio terminals discover the service by identify-ing near by Bluetooth, WiFi devices based on the Time-binningapproach, the Bit-Comparison approach, etc.

2.2. Understand (Self-Organized capability)

In this section, we present an overview of the various self-organizing capabilities of CRNs. Like wireless sensor networks(WSNs), CRNs have a limited energy supply, so the CR nodes needto cooperate and self-organize to provide smooth network opera-tion by either putting off the communication of those nodeswhich are not required or giving permission to use the radio ofthose nodes which are required (Sudip and Ankur, 2011).

2.2.1. Spectrum/radio resource management

An efficient spectrum management scheme is necessary toefficiently manage and organize information on spectrum holesbetween cognitive radios. Using these spectrum holes, the CRterminals can meet their demands. The Preemptive Resume Priority(PRP) M/G/1 queuing model is proposed for efficient spectrummanagement in CRNs. Based on the PRP M/G/1 queuing model,the impact of multiple interruptions on the overall system time canbe evaluated. In addition to this model, a spectrum sensing, aspectrum decision, a spectrum sharing, and spectrum handoffalgorithms are investigated to reduce the overall system time.

2.2.2. Mobility and connection management

Routing and topology information is becoming increasinglycomplex day by day, due to the heterogeneity of CRNs. So, goodmobility and connection management techniques can help neigh-borhood discovery and provide related information. By using thisinformation, CRNs can detect the available Internet access andsupport vertical hand-offs, which help cognitive radios to selectroutes and networks (Chen et al., 2008a).

2.2.3. Trust/security management

The various heterogeneities nature of CRNs (e.g. wirelessaccess technologies, system/network operators) introduce severalsecurity issues. Security is a very challenging issue in CRNs, asdifferent types of attacks are very common to cognitive radiotechnology compared to the general wireless network. In thiscase, trust is a prerequisite for securing operations in CRNs. ThePublic Key Infrastructure-based approach is used to ensuresecurity in CRNs. Also, different trust-based approaches are usedin CRNs for better performance.

2.3. Decide (decision capability)

It is very important to have a sound understanding of theCRN’s fundamental precondition before deployment, with a viewto ensure reliable outcomes of the decision making process.Decisions include the use of shared and device-particularresources, the formation of co-operative clusters, a change incommunication parameters (e.g. link adaptation) and deviceconfigurations, the use of a particular cooperative strategy orprotocol, the promotion of a service being used, etc. (Chen et al.,2008a). Based on spectrum characteristics and SU’s quality ofservice (QoS) requirements, the decision making results in theselection of a reasonable spectrum channel from the PU. Zhengand Cao (2005) proposed a device-centric spectrum management


scheme, and five spectrum decision rules to regulate users’ access,trading off fairness and utilization with communication costs andalgorithm complexity.

2.4. Adapt (Reconfigurable capability)

In this section, we give an overview of the reconfigurablecapabilities of CRNs.

2.4.1. Frequency agility

Frequency agility means the ability of a radio to change itsoperating frequency. This ability is usually combined with amethod for dynamically selecting the appropriate operatingfrequency, based on the sensing of signals from other transmittersor by some other method (Chen et al., 2008a).

2.4.2. Dynamic frequency selection

Dynamic frequency selection is defined in the rules as amechanism that has the ability to dynamically detect signalsfrom other radio frequency systems and avoid co-channel opera-tion with those systems. Bahramian and Khalaj (2007) proposed anovel low-complexity dynamic frequency selection approach forCRNs which is based on the game theoretical approach.

2.4.3. Adaptive modulation/coding

Adaptive modulation techniques have the ability to changetransmission characteristics and waveforms with a view toproviding opportunities for improved spectrum access and a moreintensive use of spectrum while ‘‘working around’’ other signalsthat are present (Chen et al., 2008a). A cognitive radio couldchoose the appropriate modulation type to permit interoperabil-ity between systems within a particular transmission system.

2.4.4. Transmit power control

Transmit power control has the ability to enable a device todynamically switch between several transmission power levels inthe data transmission process (Chen et al., 2008a). The mostsignificant benefit of transmit control power is that it allowstransmission at permissible limits when necessary by reducingthe transmitter power to a lower level to facilitate greater sharingof spectrum when higher power operation is not necessary.

2.4.5. Dynamic system/network access

It is important that cognitive radio terminals are able toreconfigure themselves to be compatible with multiple commu-nication systems/networks which run different protocols.

2.5. Application and scenarios

The applications of CRNs (Arslan and Ahmed, 2007) in differ-ent fields are described as follows and depicted in Fig. 4:

�
Emergency management or disaster recovery: According to theFederal Emergency Management Agency (FEMA), a disaster isdefined as the abnormal occurrence of any situation. Cognitiveradio can resolve problems in disaster situations (Arslan andAhmed, 2007). CR can adapt its operating parameters toprovide an ad hoc connection in times of need. � Search and rescue: In a typical search and rescue scenario, the
person in distress can send information about his location bycreating visual signs such as smoke or fire from a flare gun. TheGPS capability of CR can come in handy to appropriately detectthe position of the person in need of rescue. At the same time,if a special channel over the available spectrum hole is used forshort range signaling, this channel can work like a beacon for

the distressed person (Arslan and Ahmed, 2007; Maldonadoet al., 2005).
� Mining: A mining accident can occur any time. In the event of a
mining accident, CR can choose an appropriate waveform andapply other techniques to establish a clear signal between theadverse environment in the mine and the outside world(Arslan and Ahmed, 2007).
� Traffic control: Traffic is a major problem, especially during the
rush hours in the mornings and in the evenings. In suchsituations, the local traffic control can transmit to the mobileuser the location of congested traffic, the predicted trafficdelay and an alternate route. Cognitive intelligence can beapplied to traffic signals themselves as well, to determine howlong the red or green signal remains on, depending on thetraffic volume in each direction (Arslan and Ahmed, 2007).
� Medical applications: The application of cognitive radio can bring
improvements in areas of medical and bio-medical engineering.In a hospital environment, a new-born baby needs to beidentified by its mother. A cognitive radio tag can inform themother intelligently if the baby is carried outside of a designatedpremise, such as outside the hospital baby ward. In relation toadult patients, each may be provided with a personal cognitiveID tag, which can record the vital signs of the patient andintelligently inform the respective authority if an abnormalityis detected (Arslan and Ahmed, 2007). Cognitive radio can enableintelligent detection of abnormal tissues or blood cells in ahuman body and notify the doctor (Arslan and Ahmed, 2007).
� Weather forecast: If sensors are equipped with a cognitive ability,
they can communicate with each other without any user inter-vention (Arslan and Ahmed, 2007). The authors in Arslan andAhmed (2007) describe how cognitive radio can be used inweather forecasting. Sensors, which can detect, collect and shareinformation among themselves for optimum performance, aredeployed in the field. When the required amount of data iscollected, the data can be passed to the central control by thesensor closest to the station for optimum power usage, optimumnetwork usage, and minimized delay (Arslan and Ahmed, 2007).
� Military application: Of all the applications of CR, the military is
perhaps one of the most significant areas, where differentaspects of cognitive radio have been deployed for some time.The SDR, SPEAKeasy, Joint Tactical Radio System (JTRS), andjamming and anti-jamming are some of the most importanttechnologies in the military field that utilize CR concepts(Maldonado et al., 2005).

3. Cognitive radio network architecture

According to Chen et al. (2008a), a CRN can sense availablenetworks and communication systems around it, depending onthe spectrum sensing to effectively improve spectrum utilization.CNRs are composed of various kinds of communication systemsand networks, and can be viewed as types of heterogeneousnetworks. The purpose of CRN architecture design is to improvethe entire network utilization, rather than just link spectralefficiency. Actually, from the user’s perspective, network utiliza-tion means that they can always meet their demands, anytimeand anywhere, by accessing CRNS without creating interferenceto other networks. CRNs can be deployed in network-centric,distributed, ad hoc and mesh architectures, and serve the needs ofboth licensed and unlicensed applications. The basic componentsof CRNs are a mobile station (MS), a base station/access point(BSs/APs) and backbone/ core networks. These three basic com-ponents comprise three kinds of network architectures in theCRNs: Infrastructure, Ad hoc and Mesh architectures, which areintroduced below from Chen et al. (2008a):

Fig. 5. Infrastructure architecture.

Fig. 6. Ad hoc architecture.

Fig. 7. Mesh architecture.


3.1. Infrastructure architecture

In infrastructure architecture, as shown in Fig. 5, an MS can accessa BS/AP only in a one-hop manner. MSs under the transmission rangeof the same BS/AP communicate with each other through the BS/AP.Communications between different cells are routed through back-bone/core networks. The BS/AP may be able to execute one or multiplecommunication standards/protocols to meet different demands fromMSs. A cognitive radio terminal can also access different kinds ofcommunication systems through its BS or AP. The infrastructure-based CR network has a central network entity, such as a base stationin cellular networks or an access point in wireless local area networks(LANs) (Akyildiz et al., 2009).

In infrastructure-based architecture, the activities of a CR node aredefined. This means that a CR node can not set up links with other CRnodes except for within its one-hop communication range.

In the infrastructure-based CR networks architecture, theinformation observed and gathered by each CR node is forwardedto the central CR-base station. Hence, a CR-base station can avoidinterference with primary networks. Depending on this decision,each CR node reconfigures its communication parameters inaccordance with the base-station.

3.2. Ad hoc architecture

There is no infrastructure support in ad hoc architecture. If anMS recognizes that there are other MSs nearby and are connect-able through certain communication standards/protocols, theycan set up a link and thus form an ad hoc network, as shown inFig. 6. Note that links between nodes may be set up by differentcommunication technologies. Two cognitive radio terminals caneither communicate with each other by using existing commu-nication protocols (e.g. WiFi, Bluetooth) or by dynamically usingspectrum holes. The authors in Zhou and Harada (2012) proposedcognitive maritime wireless ad hoc networks to provide high-speed and low-cost communication by using licensed but unusedfrequency bands opportunistically for the maritime users.

Hence, in ad hoc architecture, there is no infrastructure back-bone. Thus, a CR user can communicate with other CR usersthrough an ad hoc connection on both licensed and unlicensedspectrum bands (Akyildiz et al., 2009).

In ad hoc-based CR networks architecture, each CR node has all CRcapabilities and is responsible for determining its next events basedon the local information that it observes. Since the CR user cannotpredict the influence of its actions on the entire network based on itslocal observation, cooperation schemes are essential, where theobserved information can be exchanged between devices to broadenthe knowledge on the network (Akyildiz et al., 2009).

3.3. Mesh architecture

This architecture, as shown in Fig. 7, is a combination ofinfrastructure and ad hoc architecture by enabling the wirelessconnections between BSs/APs, which is similar to Hybrid WirelessMesh Networks (Chen et al., 2008a). BSs/APs work as wirelessrouters and form wireless backbones (Chen et al., 2008a). MSs caneither access the BSs/APs directly or use other MSs as multi-hoprelay nodes. Some BSs/APs may connect to the wired backbone/core networks and function as gateways. Since BSs/APs can bedeployed without necessarily connecting to a wired backbone orcore networks, they are more flexible and less costly in planningthe locations of BSs/APs. BSs/APs with cognitive radio capabilitiescan use spectrum holes to communicate with each other. Due topotentially numerous spectrum holes being available, the capa-city of wireless communication links between cognitive radio BSs/APs may be enough to serve as a wireless backbone.

As mesh architecture is the combination of infrastructure andad hoc architecture, it has the advantages and disadvantages ofboth architectures.

4. Security requirements of cognitive radio networks

As a CRN solves the spectrum shortage problem by dynami-cally utilizing the spectrum, CRN security becomes a challengingissue. Cognitive radio technology is more susceptible to attackcompared to general wireless networks due to its intrinsic nature.


Several survey papers (Clancy and Goergen, 2008; Burbank, 2008;Chen et al., 2008b) examine only a small number of generalsecurity requirements of CRNs. Mathur et al. were the first todescribe security requirements elaborately (Mathur andSubbalakshmi, 2007a). For example, spectrum sensing is a keycharacteristic used in CRNs, which scans a certain range of thespectrum to detect unoccupied spectrum (Naveed and Kanhere,2006a; Kaligineedi et al., 2008a; Akyildiz et al., 2008). Throughthis process, an unlicensed user can determine whether the radiospectrum can be used. In this case, if the spectrum sensing resultis modified maliciously, normal network activities will be dis-abled, and the whole network traffic may be broken down.Fragkiadakis et al. (2011) described and categorized the securitythreats in CRNs. They also made an analytical survey for thedetection of several attacks in CRNs in Fragkiadakis et al. (2011).

Security guarantee is urgently needed in CRNs (Burbank,2008). Although security requirements may vary in differentapplication environments, there are in fact some general require-ments that provide basic safety controls. As referred to in Chenet al. (2008b), the security requirements are outlined below:

�
Access control. Access control is a security requirement for thephysical layer. Users must be guaranteed to have access to thenetwork, and they must obey their organization’s policy. Sincedifferent SUs coexist in CRNs, collisions may happen if theysimultaneously move to and use the same spectrum band,according to their spectrum sensing results (Xiang et al., 2010).Thus, the access control property should coordinate thespectrum access of different SUs to avoid collisions. � Confidentiality. Confidentiality is closely related to integrity.
While integrity ensures that data is not maliciously modifiedin transit, confidentiality ensures that the data is transformedin such a way that it is unintelligible to an unauthorized entity(Mathur and Subbalakshmi, 2007a). This issue is even morepronounced in CRNs, where the SU access to the network isopportunistic and spectrum availability is not guaranteed(Mathur and Subbalakshmi, 2007a).
� Authentication. The primary objective of an authentication
scheme is to prevent unauthorized users from gaining accessto protected systems (Mathur and Subbalakshmi, 2007a). InCRNs, there is an inherent requirement to distinguish betweenprimary and SUs. Therefore, authentication can be consideredone of the basic requirements for CRNs. A serious authentica-tion problem occurs in CRNs in the situation when a receiverdetects signals at a particular spectrum, in that how can areceiver be sure that the signal is indeed sent by the primaryowner of the spectrum? This situation outlines the authentica-tion problem in CRNs. Tan et al. (2011) mentioned that it isimpossible to conduct authentication in CRNs other than thephysical layer. For example, a cognitive radio receiver may beable to receive signals from TV stations, process them at thephysical layer, but it may lack the component to understandthe data in the signals. Therefore, if the authenticationdepends on the correct understanding of the data (done atupper layers), the cognitive radio receiver will be unable toauthenticate the PU. The authors Tan et al. (2011) proposed amethod that allows PUs to add a cryptographic link signatureto its signal so the spectrum usage by PUs can be authenticate.Zhu and Mao (2011) proposed an authentication mechanismfor CRNs which is based on third-party Certification Authority(CA). However, in CRNs with a number of SUs dispersed over alarge geographical area, providing the functionalities of a CAcan be quite challenging (Zhou, 2003).
� Identification. Identification is one of the basic security require-
ments for any communication device. It is a method whereby auser is associated with his name or identity (Mathur and

Subbalakshmi, 2007a). For example, in cellular networks, themobile devices are provided with an equipment identificationdevice called an international mobile equipment identifier(IMEI). A tamper-proof identification mechanism is built intothe SU (unlicensed) devices in CRNs. Miller et al. (2007)described the identification in CRNs. They mentioned that itwould be advantageous for a CR to know how many networksexist, how many users are associated with each network, andeven certain properties about the devices themselves. To achievethis level of information, it is essential for a cognitive radio togather an accurate picture of the RF environment. CRs identifydifferent network services (e.g. Bluetooth, WiFi) and deviceidentification, where CRs identify distinct wireless devices andnetworks. Service discovery and device identification provide thenecessary building blocks for constructing efficient and trust-worthy CRNs (Miller et al., 2007). CRs identify different networkservices (e.g. Bluetooth, WiFi), and device identification, whereCRs identify distinct wireless devices and networks. Servicediscovery and device identification provide the necessary build-ing blocks for constructing efficient and trustworthy CRNs.
� Integrity. Data that is in transit in the network needs to be
protected from malicious modification, insertion, deletion orreplay. Integrity is extremely important in a wireless networkbecause, unlike their wired counterparts, the wireless mediumis easily accessible to intruders. Hence, in wireless LANs, anadditional layer of security is added at the link layer, to makethe wireless links as secure as wired links. The securityprotocol used in this layer is called the CCMP (Winget et al.,2003) (counter-mode encryption with CBC-MAC authentica-tion protocol). The CCMP protocol uses a state-of-the artadvanced encryption standard (AES) (FIPS, 1987) in cipherblock chaining mode (Schneier, 1996) to produce a messageintegrity check. Data integrity can be achieved by applyinghigher cryptographic techniques in CRNs.
� Non-repudiation. Non-repudiation techniques prevent either
the sender or receiver from denying a transmitted message.In a cognitive radio ad hoc network setting, if malicious SUsviolating the protocol are identified, non-repudiation techni-ques can be used to prove the misbehavior and disassociate/ban the malicious users from the secondary network (Mathurand Subbalakshmi, 2007a). The proof of an activity which hasalready happened should be available in CRNs.
� Availability. Availability refers to the ability of primary and SUs
to access the spectrum in CRNs. For primary (licensed) users,availability refers to being able to transmit in the licensedband without harmful interference from SUs. From the defini-tion of dynamic spectrum access policies (FCC, 2003), spec-trum availability for PUs is guaranteed. For secondary(unlicensed) users, availability refers to the existence ofchunks of spectrum, where the SU can transmit withoutcausing harmful interference to the primary user. In CRNs,one of the important functions of this service is to preventenergy starvation and denial of service attacks, as well asmisbehaviour, such as selfishness (Chen et al., 2008b).

The security issues for CRNs are depicted in Fig. 8. Figure 9shows the security requirements in terms of the CIA (Confidenti-ality, Integrity and Availability) model in CRNs.

5. Attacks on protocol layers and scope of attacks in cognitiveradio networks

In this section, we describe attacks on various protocol layersof CRNs and these attacks are categorized depending on theirtarget in security requirements.

Fig. 8. Security issues in CRNs.

Fig. 9. Security requirements.


5.1. Attacks on various protocol layers

The motivations for attacks on CRNs are discussed in Chenet al. (2008b), which classifies the motivation into two types:selfish attack and malicious attack (Zhang and Li, 2009b).

1.
Selfish attacks: A selfish attack occurs in a situation where theattacker wants to use the spectrum with higher priority. Thisattack meets its target by misleading other unlicensed users tobelieve he is a licensed user. As a result, the adversarial usercan occupy the spectrum resource as long as he or she wants.Since this selfish behaviour does not obey the spectrumsharing scheme (Akyildiz et al., 2008), this attack is called aselfish attack. The CR network is vulnerable to selfish attacks,where selfish SUs increase their accessing probability bychanging the transmission parameters to enhance their ownutilities by degrading the performance of other users. Hence,the CR network’s performance is degraded.
2.
Malicious attack: Malicious attack means that the adversaryprevents other unlicensed users from using the spectrum andcauses a denial of service (DoS). As a serious result, maliciousattack will drastically decrease the available bandwidth andbreak down the whole traffic. Here we examine a scenario thatcauses a cognitive radio to become a jammer as referred to inClancy and Goergen (2008). Suppose there is a system where aPU is intermittently accessing a channel. SUs have channelsensing algorithms that can detect primary and secondary
users’ access to the channel. They have an objective functionthat balances throughput T and interference I and looks like

f ¼w1T�w2I ð1Þ

where Wi is the weight for the system member. The systemseeks to maximize throughput while minimizing interference.According to Clancy and Goergen (2008), the desired result isthat an SU will communicate only when the PU is idle.However, if an adversary uses a jamming waveform thatcannot be detected by the SU’s sensing algorithms, he canartificially decrease T when the PU is idle. As a result, thecognitive radio will believe that the only time it can achieveuseful communication is when the PU is active. This effectivelyturns the cognitive radio into a jammer.There are other different types of attacks as described inClancy and Goergen (2008):

Attacks on Spectrum Managers: It is not wise to use only onespectrum manager for assigning frequency bands as it may be asingle point of failure on the network. So, if the spectrum manageris not available, communication between cognitive radio nodes isnot possible. Thus, the spectrum availability should be distributedand replicated in CRNs. The attack can be prevented by specificpilot channel in the licensed band. Eavesdropping on the trans-mission range of cognitive radios is not limited to a short distanceas it is using bands lower than UNII and ISM. This allows thecollection of data by attackers invisible to emergency services. So,strong data encryption is needed at the physical level. In thissection, we describe the various attacks on CRNs, depending onvarious protocol layers as follows:

�
Intentional Jamming Attack: This is one of the most basic typesof attack that can be performed by SUs in CRNs. The maliciousSU jams primary and other secondary users by intentionallyand continuously transmitting in a licensed band (Mathur andSubbalakshmi, 2007a). According to Mathur and Subbalakshmi(2007a), this attack can be more serious and dangerous inCRNs by a mobile malicious SU during its performance in onegeographical area and if the secondary user moves to anotherarea before the attack is being detected. � Primary Receiver Jamming Attack: In CRNs, a lack of knowl-
edge about the location of primary receivers can be used by amalicious entity to intentionally cause harmful interference toa victim primary receiver (Mathur and Subbalakshmi, 2007a).This attack occurs whenever a malicious entity closer to thevictim primary receiver participates in a collaborative protocoland requests transmissions from other SUs to be directedtowards the malicious user (Mathur and Subbalakshmi,2007a).
� Sensitivity Amplifying Attack: In CRNs, some PU detection
techniques have higher sensitivity towards primary transmis-sions with a view to prevent interference to the primarynetwork. SUs are vulnerable to this event as this leads tofrequent false detections and missed opportunities. A mal-icious entity can amplify the sensitivity and hence the numberof missed opportunities by replaying the primary transmis-sions (Mathur and Subbalakshmi, 2007a).
� Overlapping Secondary User Attack: In both centralized and
distributed architectures in CRNs, multiple secondary net-works may coexist over the same geographical region(Mathur and Subbalakshmi, 2007a). Transmissions from mal-icious entities can cause harm to primary and secondary users,not only in one network, but also of other CRNs.
� Biased Utility Attack: In CRNs, a malicious SU may intention-
ally tweak parameters of the utility function to increase itsbandwidth (Mathur and Subbalakshmi, 2007a). If the SU or


base stations are unable to detect this malicious behavior, thismay block the transmission media for other SUs. If a malicioususer tweaks its utility function to transmit at higher power, itwill result in other users receiving less bandwidth (Mathurand Subbalakshmi, 2007a).
� Asynchronous Sensing Attack: In CRNs, a malicious SU may
transmit asynchronously instead of synchronizing the sensingactivity with other SUs in the network during sensing opera-tions. This attack results in missed opportunities whenever thebase station or other SUs in CRNs consider this event as anactual transmission from a PU.
� False Feedback Attack: In CRNs, false feedback from one or a
group of malicious uses could make other SUs take inappropri-ate action and violate the terms of the protocol. This attack canoccur for both centralized and decentralized architecturesin CRNs.
� Network Endo-Parasite Attack (NEPA): In CRNs, the malicious
nodes attempt to increase the interference at a heavily loadedhigh priority channel (Naveed and Kanhere, 2006a). Undernormal channel assignment operation in CRNs, a node assignsthe least loaded channels to its interfaces and transmits thelatest information to its neighbors (Mathur and Subbalakshmi,2007a). A compromised node launches NEPA by assigning itsinterfaces the high priority channels but the neighbors are notinformed about the change.
� Channel Ecto-Parasite Attack (CEPA): In CRNs, a compromised
node launches CEPA by switching all its interfaces to thechannel that is being used by the highest priority link(Naveed and Kanhere, 2006a). This can be detected easilywhenever a serious attack of this type occurs in the network.
� Low cost Ripple effect Attack (LORA): Misleading information
about spectrum assignments is transmitted to all the neigh-bors to push the network into a quasi-stable state (Naveed andKanhere, 2006a). In CRNs, this attack is launched whenever thecompromised node transmits the misleading channel informa-tion through the network and forces other nodes to adjusttheir channel assignments.
� Key Depletion Attack: Transport layer sessions in CRNs last
only for a short duration because of frequently occurringretransmissions in the network (Mathur and Subbalakshmi,2007a). Most of the transport layer security protocols like SSLand TLS establish cryptographic keys at the beginning of everytransport layer session (Mathur and Subbalakshmi, 2007a). Ahigh number of sessions in CRNs and hence the number of keyestablishments will increase the probability of the same keybeing used twice.
� Any attack on physical, link, network or transport layers
impacts adversely on the application layer as the applicationlayer is the final layer of the communication protocol stack.
� Licensed User Emulation Attack: A CRN uses the licensed
spectrum when it is free; otherwise it uses the unlicensedband. The attacker may jam the licensed band and emulate thePU, thereby limiting the CRN to operating in the unlicensedbands and limiting CRN capacity. This problem as yet has nosolution (Clancy and Goergen, 2008).
� Common Control Channel Jamming: In this case, the attacker
transmits periodical pulses in the control channel spectrum.The jamming of one channel blocks the probable communica-tion between all cognitive radio nodes. UWB, as the commoncontrol channel deployment, may solve the problem of jam-ming (Clancy and Goergen, 2008).
� Objective Function Attacks: In adaptive radio, the cognitive radio
has a large number of radio parameters under its control. Thecognitive radio engine manipulates these parameters over time inan effort to maximize its objective. Some possible input para-meters could be center frequency, bandwidth, power, modulation

type, coding rate, channel access protocol, encryption type andframe size. According to Clancy and Goergen (2008), the radiomight then have three goals: low-power, high- rate and securecommunication. Each of these goals has a different weight,depending on the application. For example, if using the systemfor instant messages or email, low-power and security wouldhave higher weights than high-rate. For voice or video applica-tions, high-rate and secure would have higher weights thansecure (Clancy and Goergen, 2008).We assume the following objective function:

f ¼w1Pþw2Rþw3S ð2Þ

where wi are the weights and P, R, and S represent the three goalsof power, rate, and security. Suppose an adversary wishes to forcea radio to use some security level s1 rather than the more secureversion s2, where s24s1 . Whenever the cognitive engine triesusing s2, the adversary can jam the channel, artificially decreasingthe rate, R from r2 to r1 with r24r1. In particular, an adversarywould need to cause sufficient interference such that w1Pþ

w2r2þw3s14w1Pþw2r1þw3s2 or by solving r1 : r1or2�

w3=w2ðs2�s1Þ. The consequence of such an attack is that when-ever a higher security level is attempted, the system’s objectivefunction decreases, and that higher lever is never used. Othertypes of attacks that are frequently used to attack CRNs include:
� Spectrum Sensing Data Falsification Attack: In this attack, an
attacker may send false local spectrum sensing results to adata collector, causing the data collector to make a wrongspectrum sensing decision in CRNs (Chen et al., 2008b).
� Fabrication Attack: In this attack, a malicious SU deliberately
reports inverted sensing results to an SU base-station (SUBS)all the time. This kind of misbehavior aims to cause deteriora-tion to the overall performance of all the CRNs since it willeither prevent other SUs from accessing network resources orintroduce excessive interference to PU spectrum bands (Qinet al., 2009).
� On–off Attack: The on–off attack refers to malicious SUs
alternating between providing honest sensing opinions toattain a high level of reputation and leveraging on theirreputation to try to distort the collaborative sensing resultby giving false opinions (Qin et al., 2009). This attack follows adynamic pattern which makes the misbehaviours harder todetect.
� Denial of Service Attack. The denial of service attack prevents
SUs from utilizing the PU spectrum band. The attackersgenerate sensing results showing that the PU spectrum bandis occupied by PUs. If their sensing results are aggregated intothe final decision making process without proper filtering,they could adversely influence the final decision, resulting infalse alarm errors and loss of opportunity to utilize the PUspectrum bands when they are actually available. If the attacksare successful, the system performance will degrade sharply(Qin et al., 2009).
� Resource Hungry Attack. In this attack (Qin et al., 2009) in
CRNs, malicious SUs always report to SUBS that the PUspectrum band is not in use. By doing so, they hope that theSUBS will make a miss detection error and consequentlyallocate resources to them. This kind of misbehavior, ifsuccessful, will introduce undue interference to PU using thesame spectrum band. This could lead to serious consequencessuch as the SUBS being shut down for a certain period of timewhich will significantly impair the whole system.
� Lion Attack. In CRNs, lion attack actually causes the jamming
to slow down the throughput of the Transmission ControlProtocol by forcing frequency handoff (Leon et al., 2009). Amalicious user, trying to interrupt a TCP connection of an SU,can achieve a PUEA to force a hand-off in the CRNs. As the

TabAtta

Pla

P

la

Li

N

la

T

la

A

la

TabSco

N

P

O

Fa

Li

O

D

R

Fa

P

N

C

LO

Je

Table 3Attacks and their associated problems.

Name ofattacks

Security relatedproblems

Trust relatedproblems

Performance relatedproblems


transport layer is not informed about the TCP disconnection, itcontinues to send data which are already listed in the queuebut not transmitted. As a result, the TCP segments can bedelayed or even lost (Leon et al., 2009).
�
Intentional | |Jamming

Attack

PUEA | | |OFA | |CCDA |Lion Attack |Biased

Utility

|

Attack

Key

Depletion

|

Attack |Licensed

User

| |

Emulation

Attack

DoS attack |

Jellyfish Attack. This type of attack is aimed at the networklayer but it affects the performance of the transport layer,especially the TCP protocol (Mathur and Subbalakshmi,2007a). The main objective of this attack is to reduce thethroughput of the TCP protocol. To perform this attack, anattacker causes the victim cognitive node in CRNs to switchfrom one frequency band to another frequency band, therebycausing considerable delay in the network and transportlayers.

5.2. Scope of attacks in cognitive radio networks

The various types of attacks described in the above section areclassified depending on whether their goal is to compromise theconfidentiality of stored data, alter the integrity of such data ordisrupt the availability of the victim communications. Figure 9shows the CIA (Confidentiality, Integrity and Availability) modelfor security requirements (Table 1).

Table 2 shows an overview of the attacks on the CIA model.Table 3 shows that different attacks affect the CIA model in

different ways.PUEA breaks down the communication by forcing frequency

hand-offs.OFA may temporarily slow down the communication by not

using optimal transmission parameters, as well as posing a threat

le 1cks on protocol layers.

rotocolyers

Attacks

hysical

yer

International Jamming Attack; Primary Receiver Jamming

Attack; Sensitivity Amplifying Attack; Overlapping Secondary

User Attack; Primary User Emulation Attack; Objective

Function Attack; Common Control Data Attack

nk layer Biased Utility Attack; Asynchronous Sensing Attack; False

Feedback Attack

etwork

yer

Network Endo-Parasite Attack; Channel Ecto-Parasite Attack

(CEPA); Low cost Ripple effect Attack (LORA)

ransport

yer

Key Depletion Attack; Jellyfish Attack Lion Attack DoS Attack

pplication

yer

Any attack on physical, link, network or transport layers impact

adversely on the application layer as application layer is the

final layer of the communication protocol stack

le 2pe of attacks.

ame of attacks Confidentiality Availability Integrity

UEA | |FA | | |lse Feedback Attack |on Attack |n–Off Attack |oS Attack | |esource Hungry Attack | |brication Attack |

rimary Receiver Jamming Attack |EPA |EPA |

RA |lly Fish Attack |

to confidentiality and integrity, as it reduces the security level ofthe victim network.

CCDA attacks and breaks down the network activity by usingeavesdropping in order to peruse data.

FFA breaks down the normal activity by taking inappropriateactions.

Lion Attack slows down the performance of the TCPconnection.

CCDA is also a risk to confidentiality, as it provides informationto the attacker about the present and future functionalities of thenetwork.

In Table 3 we show how these different types of attack causeproblems to the security, performance and trust in CRNs.

6. Challenges and threats in cognitive radio networks

6.1. Spectrum sensing

A CR is considered to be aware of and sensitive to the changesin its surroundings, which makes spectrum sensing an importantrequirement for the realization of CRNs. Spectrum sensingenables CR users to adapt to the environment by detectingspectrum holes without causing interference to the primarynetwork. This task can be accomplished by a real-time wide bandsensing capability to detect weak primary signals within a broadspectrum range. Generally, spectrum sensing techniques can beclassified into three groups: primary transmitter detection, pri-mary receiver detection and interference temperature manage-ment (Akyildiz et al., 2008).

6.1.1. Spectrum sensing challenges

Several open research challenges currently exist which mustbe investigated for the development of spectrum sensing techni-ques (Akyildiz et al., 2008):

�
Interference temperature measurement: Due to the lack ofinteraction between primary networks and CR networks,generally a CR user cannot be aware of the precise locationsof the primary receivers. Thus, new techniques are required tomeasure or estimate the interference temperature at nearbyprimary receivers. � Spectrum sensing in multi-user networks: The multi-user envir-
onment, consisting of multiple CR users and PUs, makes it


more difficult to sense spectrum holes and estimate interfer-ence. Hence, spectrum sensing functions should be developedwhich take into consideration the multi-user environment. Inmulti-user CRNs, different users share their sensing results andcollaboratively decide on the presence of the licensed band. Toaddress these challenges, different sensing schemes in multi-user networks have been proposed. Ghasemi and Sousa (2007)mentioned the effectiveness of collaborative sensing in multi-user CRNs. In multi-user CRNs, the CR users can achieve thedesired performance through collaborative sensing, even if theindividual users do not meet the minimum SNR (Signal toNoise Ratio) requirement. Shahid and Kamruzzaman (2008)proposed a new cooperative spectrum sensing scheme inmulti-user CRNs where each user’s contribution is weightedby a factor that depends on received power and path loss.
� Spectrum-efficient sensing: In CRNs, the CR users cannot perform
sensing and transmission at the same time, which inevitablydecreases their transmission opportunities. This problem istermed the so-called sensing efficiency problem. Hence, CR usersshould stop transmitting while sensing. For this reason, balancingspectrum efficiency and sensing accuracy is an important issue.Moreover, because sensing time directly affects transmissionperformance, novel spectrum sensing algorithms must be devel-oped so that the sensing time is minimized within a given sensingaccuracy. To solve this sensing efficiency problem, Lee andAkyildiz (2008) proposed an optimal sensing framework to avoidinterference and the sensing limitation problem in CRNs as well asto maximize spectrum access opportunities. To avoid the sensingefficiency problem in CRNs, Shahid and Kamruzzaman (2010)proposed cooperative spectrum sensing techniques for CRNs. Tosolve the interference problem in spectrum sensing, Shahid andKamruzzaman (2010) proposed a new method of agile spectrumevacuation through the formation of a set of users that are able todetect the return of PU while SUs continue to use the spectrumband in a cooperative manner.
� Hardware attachment: Spectrum sensing in CRNs requires a
high sampling rate, high resolution analog to digital converters(ADCs) with large dynamic range, and high speed signalprocessors (Yucek and Arslan, 2009). Cognitive radio terminalsare required to process transmission over a larger, wider bandfor searching and utilizing any opportunity. So, a cognitiveradio node needs to capture and analyze a large band to findout the spectrum opportunity. This large operating bandwidthadds additional requirements, such as antennas and poweramplifiers, etc. and increases the cost.
� Hidden primary user problem: This problem is a well known
problem in CRNs. Cognitive radio devices cause unwantedinterference to the PU as the primary transmitter’s signal cannot be detected because of the locations of devices.
� Detecting spread spectrum primary users: PUs that use spread
spectrum signaling are difficult to detect as the power of thePU is distributed over a wide frequency range.
�
Fig. 10. Security threats in cognitive radio network’s sensing.

Security: In CRNs, a selfish or malicious user can alter its airinterference to the PU. So, it can give false information to thenetworks regarding the PU’s spectrum sensing performance. Thisproblem is termed a ‘‘Primary User Emulation (PUE)’’ attack. It isvery difficult and challenging to develop countermeasures whenan attack is already identified. A PU identification method isproposed, based on the public key encryption in Mathur andSubbalakshmi (2007b) to prevent SUs masquerading as PUs.

6.1.2. Spectrum sensing threats

One of the major technical challenges in spectrum sensing isthe problem of precisely distinguishing incumbent signals fromSU signals. To distinguish the two signals, existing spectrum

sensing schemes based on energy detectors (Challapali et al.,2004; Olivieri et al., 2005) implicitly assume a ‘‘naive’’ trustmodel. When energy detection is used, an SU can recognize thesignal of other SUs but cannot recognize the PU’s signal. When anSU detects a signal that it recognizes, it assumes that the signal isthat of an SU; otherwise, it concludes that the signal is that of aPU. Under such an overly simplistic trust model, a selfish ormalicious SU (i.e., an attacker) can easily exploit the spectrumsensing process (Chen and Park, 2006). The malicious SU can sendfalse information and mislead the spectrum sensing results tocause collision or inefficient spectrum usage. For example, someSUs always report the existence of the PU so that they can occupythe spectrum themselves (Wang et al., 2009). The problem ofdishonest users in distributed spectrum sensing is discussed inChen et al. (2008). From the literature review (Clancy andGoergen, 2008; Zhang et al., 2008; Maldonado et al., 2005;Burbank, 2008; Mathur and Subbalakshmi, 2007a), it can be seenthat some attackers can seriously affect the spectrum sensingscheme in CRNs, as depicted in Fig. 10.

6.2. Spectrum decision

CRNs need to be able to decide which of the available bands isthe best spectrum band according to the QoS requirements of theapplications. This notation is called spectrum decision and con-stitutes an important topic in CRNs. Spectrum decision is closelyrelated to the channel characteristics and operations of PUs.Furthermore, spectrum decision is affected by the activities ofother CR users in the network. Spectrum decision usually consistsof two steps: first, each spectrum band is characterized, based onnot only local observations of CR users but also statisticalinformation of primary networks. Then, based on this character-ization, the most appropriate spectrum band can be chosen.

6.2.1. Spectrum decision threats

CRNs need to be able to decide which is the best spectrumband of the available bands, according to the QoS requirements ofthe applications. The threats here come from the possibility offalse or fake spectrum characteristic parameters. The false or fakeparameters affect the outcome of spectrum decisions. So a CR mayselect the wrong band or a sub-optimal band, and communicationmay be impaired (Zhang et al., 2008). Paper (Akyildiz et al., 2006)proposed a spectrum capacity estimation method that takes into


consideration the bandwidth and the permission power to miti-gate this threat.

6.2.2. Spectrum decision challenges

In the development of the spectrum decision function, severalchallenges still need to be addressed:

�
Decision model: Spectrum capacity estimation using signal-to-noise (SNR) is not sufficient to characterize the spectrum bandin CRNs. Also, applications require different QoS requirements.Thus, the design of application and spectrum-adaptive spec-trum decision models is still an open issue. � Cooperation with reconfiguration: CR techniques enable trans-
mission parameters to be reconfigured for optimal operationin a certain spectrum band. For example, even if SNR ischanged, bit rate and bit error rate (BER) can be maintainedby exploiting adaptive modulation instead of spectrumdecision.
� Spectrum decision over heterogeneous spectrum bands: Cur-
rently, certain spectrum bands are assigned to different pur-poses, whereas some bands remain unlicensed. Thus, a CRnetwork should support spectrum decision operations on bothlicensed and unlicensed bands.

6.3. Spectrum sharing

Spectrum sharing techniques actually follow two types ofarchitecture: spectrum sharing inside a CR network (intra-net-work spectrum sharing) and among multiple coexisting CR net-works (inter-network spectrum sharing) (Huseyin, 2007). One ofthe main challenges of CRNs is spectrum sharing. There are twomain reasons for the challenges of spectrum sharing in CRNs:(1) co-existence with licensed users and (2) wide range ofavailable spectrum.

6.3.1. Spectrum sharing challenges

There are many open challenges for spectrum sharing in CRNssuch as:

�
Common control channel: A common control channel (CCC) isassociated with many spectrum sharing functionalities. Butimplementation of a fixed CCC is infeasible because a channelmust be vacated whenever a PU chooses it. � Dynamic radio range: The cognitive radio nodes, as well as their
neighbours, often change the operating frequency because ofthe interdependence between radio range and operatingfrequency. So far, no prior work has addressed this importantissue of spectrum sharing in CRNs.
� Location information: In most of the existing work, it is
assumed that SUs are always informed about the PU’s locationand transmission power. Such an assumption is always valid(Akyildiz et al., 2008). The authors in Kim (2011) proposed aprotocol which uses location information as a key factor toauthenticate each other to provide privacy and confidentialityin CRNs.

6.4. Spectrum mobility

After a CR captures the suitable available spectrum, PU activityon the selected spectrum may require the user to change itsoperating spectrum band, which is referred to as ‘spectrummobility’. Spectrum mobility is associated with ‘spectrum hand-off’, where the users transfer their connections to an unusedspectrum band in CRNs. Whenever the CR user tries to modify theoperating frequency, the network protocol needs to be modified

according to the operating parameters as well. Actually, theobjective of spectrum mobility in spectrum management in CRNsis to guarantee continuous and smooth communication duringthe period of spectrum hand-off.

6.4.1. Spectrum mobility threats

The function of spectrum mobility is to ensure a seamlessconnection when a CR vacates a channel and moves to a betterchannel. According to Zhang et al. (2008), in CRNs, one shouldvacate the current spectrum band whenever the PU is active. Inorder to establish smooth communication as soon as possible, theSU needs to select a new appropriate spectrum band, and move tothe band immediately. This process is called ‘‘spectrum hand-off’’.During hand-off, the security threats are serious. An attacker caninduce a failed spectrum hand-off by means of: compelling the CRto vacate the current band by masking the PU, jamming to slowthe process of selecting a new available band or causing acommunication failure, etc. To mitigate this kind of threat, anSU can randomly hop over multiple channels. This opens a trade-off between choosing good channels and evading an attacker’sjamming when different channels have different qualities (e.g. theprobability of being idle, propagation characteristics, etc.). Theinteraction between the SU and the attacker has been called a‘dogfight’ in spectrum due to the dynamics of pursuit and evasion(Li and Han, 2009). Li and Han (2009) analyzed one-stage andmulti-stage cases by numerical simulation results, showing thatthe performance of an SU was improved when the number ofchannels was increased or the channel state certainty wasreduced.

6.4.2. Spectrum mobility challenges

The following are the open research issues for spectrummobility in CRNs.

�
Spectrum mobility in time domain: CR networks always adjustto the wireless spectrum based on the availability of thefree bands. As these free available channels alter over time,this makes QoS in this spectrum sharing environment achallenging issue. � Spectrum mobility in space: The availability of the bands also
changes as the CR user can move at any time from one place toanother in the network. Hence, continuous spectrum alloca-tion in CRNs is a major and challenging issue.

7. Countermeasures for various attacks on cognitive radionetworks

In this section, we discuss various possible countermeasures tothe potential attacks on CRNs. The authors in Leon et al. (2010)proposed various possible countermeasures on different attacksin CRNs.

7.1. Jamming countermeasures

Most of the attacks targeting CRNs are associated with jam-ming specified frequencies. Security protocols can mitigate manyof the attacker’s goals but cannot effectively deal with DoS orchannel degradation due to jamming (Leon et al., 2009). There-fore, it is essential to identify the source of attack. An IntrusionDetection System (IDS) has the ability to identify which nodes aresuspicious or malicious, and supply this information to otherprotocols of the node such as routing and aggregation. So IDS isconsidered an important tool for detecting attackers. In CRNs,feedback from the CR devices can enhance the efficiency of IDS.The redundancy of the network is used as an advantage because


the feedback of many participants can lead to easier detection ofthe jamming source (Leon et al., 2009). The authors in Zhang andLee (2000) proposed a new model for intrusion detection andresponse for mobile, ad hoc wireless networks in a distributedand cooperative manner. The same idea could be applied to CRNswhere cooperation is an integral part of their architecture. Thebest approach is probably based on the detection of abnormaloperation through traffic analysis and cooperation (Leon et al.,2009).

IDS must execute in every networking layer in a cross-layermanner with a view to perform this task. There are many IDSapproaches (Xie et al., 2011; Zhang and Lee, 2000; Mishra et al.,2004; Bhuse and Gupta, 2006), which are adequate for other wirelessnetworks but not sufficient for CRNs. Filho et al. (2012) mentionedtwo types of CRN intrusion detection mechanisms, namely thelocalization mechanism (LM) and reputation mechanism (RM). LMof malicious users in CRN will make possible the determination of theradio’s geographical positioning. RMs are necessary to validate theconfidence of the data supplied for the radios. The architecture of anIDS entity for distributed systems is based on its basic elements: alocal packet monitoring module that receives the packets from theneighborhood, a statistics module that stores the information derivedfrom the packets and information regarding the neighborhood, a localdetection module that detects the existence of the different attacks,an alert database that stores information about possible attacks, acooperative detection module that collaborates with other detectionentities located within the neighborhood, and a local responsemodule that makes decisions according to the output of the detectionmodules (Leon et al., 2011). Focusing on the detection modules usedin these IDS for CRNs, they must make use of first-hand information,second-hand information, statistical data, and the data acquired bythe CRs during its normal operation. These modules can then use thisdata to distinguish between normal and abnormal activities, thusdiscovering the existence of intrusions.

7.2. Primary user emulation attack countermeasures

Prevention of Primary User Emulation Attack (PUEA) in CRNs isvital. A detection technique to verify the authenticity of primarysignals is an essential issue for the protection of PUEA. The authorsin Leon et al. (2009) proposed various techniques to counter thisattack in CRNs. The simplest way would be to embed a signaturein an incumbent signal or to use an authentication protocolbetween primary and secondary users (Leon et al., 2009). How-ever, these approaches do not ensure the requirement establishedby the FCC (FCC, 2003) which states that no modification to the

incumbent system should be required to accommodate opportunistic

use of the spectrum by secondary users. The authors in Chen et al.(2008a) proposed one technique to use signal energy level detec-tion in accordance with the location of transmitters to deal withPUEA in CRNs. This approach is based on the existence of a set ofnodes known as Location Verifiers (LV) in CRNs, these nodes beingresponsible for measuring the received signal strength (RSS). Butthe authors in Leon et al. (2009) criticized this approach as it doesnot work in network environments where PUs are not fixed andtransmit with low transmission, such as wireless microphones.There are alternative countermeasures against PUEA in CRNs suchas radio frequency fingerprinting (RFF), which has been broadlymentioned in the literature as a method of transmitter identifica-tion (Toonstra and Kinsner, 1996).

7.3. OFA countermeasures

OFAs attempt on-line learning of the AI protocol used by CRdevices. OFAs always modify the behavior of the wireless mediaby jamming at specific times and frequencies in respect to a

policy-defined parameter, such as the security level, and thuschange the learning curve to make it favorable to the attacker. Asa result, low level security is achieved in this case. The authors inLeon et al. (2009) proposed a naive solution for updatable radioparameters for the selection of threshold values. This scheme canprevent the situation where only one or a set of parameters do notmeet the predefined threshold requirements.

7.4. Lion attack countermeasures

As explained previously in the section on Lion Attack, TCPthroughput becomes lower because of frequency hand-offs as thetransport layer is not informed about the physical/link layerinformation and this situation causes a network disconnectiondue to network congestion. The authors in Hanbali et al. (2005)proposed several cross-layer solutions in order to obtain betterTCP performance in the context of wireless networks, especiallyad hoc networks. These TCP performance improvement techni-ques can be used as directions to develop new protocols whichare appropriate for CRNs with a view to increasing efficiency andmaking them strong enough against cross-layer attacks.

7.5. General countermeasures in CRNs

Cooperation is the main characteristic of CRNs as the partici-pants (e.g. CR nodes) of CRNs cooperate with each other in orderto find spectrum opportunities for communication. For thispurpose, the information bears the shared data to exchange formulticast communications. Therefore, it is very necessary todefend the data from intruders within the group and outside ofthe group. So ‘Group Security’ should be ensured to provide groupprivacy and group authentication to protect data from outsiders.A common shared secret key known as a ‘‘session key’’ or ‘‘groupkey’’ should be set up to ensure group security. This key’s mainfunctionalities allow every member within the group to:

�
encrypt data for sending � decrypt data for receiving � authenticate as a group member
As the group key is known only to the current group members,the key is updated every time a group member changes. Accord-ing to Wallner et al. (1999), the application of Group Key Manage-

ment techniques is critical to apply to CRNs as they might causelow network performance. The authors in William and Dongwan(2011) proposed a combination of a group-based distributionmodel and identity-based cryptography to protect wireless sensornetworks based on a security policy, enforced at the node level. Toprovide essential security services such as availability, confiden-tiality, authentication, and access control for the communication,it is necessary to run cryptographic operations such as symmetrickey encryption (SKE), hash functions, and public key cryptogra-phy (PKI) on CR nodes in order to establish security in CRNs. Forkey distribution in CRNs, the authors in Marques et al. (2009)proposed the use of a KDC (key distribution centre) within the CRnetwork. The KDC provides session keys to authenticated CRterminals willing to interact with other specific CR terminals.The KDC must share a secret key with each secure CR terminal. Todistribute all these session keys, we propose the use of a KDCwithin the CR network. The secure CR terminal first runs an802.1X authentication protocol with the Authentication Server/KDC and both end up with an Extended Master Session Key(EMSK) after a successful authentication of the former. The EMSKwill then be the authentication secret shared between the KDCand an authenticated CR terminal and is associated to someidentification of the user (e.g. username, X.500 Distinguished

XE1At sensing


Name, phone number, e-mail address, etc) that ran the 802.1Xauthentication protocol.

LU

CUn

CU2

CU1

XE1

XEn

noit

a ni

miler

esu

suo i

c ilM

a Param

eters update

Data fusion rule

time k-th

Local Sensing Data Fusion Centre

Fig. 11. Secure spectrum sensing scheme (Nhan and Koo, 2009).

8. Secure spectrum management schemes in cognitive radionetworks

8.1. Secure spectrum sensing scheme

One of the functionalities of cognitive radio is to detectspectrum holes by spectrum sensing which keeps monitoring agiven spectrum band and captures the information. CR users maytemporarily use the spectrum holes without creating any harmfulinterference to the PUs. However, CR must periodically sense thespectrum to detect the presence of incumbents and quit the bandonce detected. The detection techniques which are often used inlocal sensing are energy detection, matched filter, and cylcosta-tionary feature detection. However, few studies have considered anovel security threat of spectrum sensing which is called spec-trum sensing data falsification (Chen et al., 2008b), whereby anattacker or malicious user can send false local spectrum sensingresults to a data fusion center and can cause the data fusioncenter to make an incorrect spectrum sensing decision. This kindof security attack was first mentioned in Mishra et al. (2006) andfurther considered in Chen et al. (2008b), Chen et al. (2008). InChen et al. (2008), the spectrum sensing data falsification pro-blem was solved by a Weighted Sequential Probability Ratio Testwhich gives a good performance. However, this method requiresknowledge of the physical location of sensing terminals and theposition of LU in order to obtain some required prior probabilities.This is inappropriate to apply to a mobile CR system, and to suchsystems in which the information about PU is completelyunknown. Nhan and Koo (2009) proposed a robust secure dis-tributed spectrum sensing scheme that uses robust statistics toapproximate the distributions for both hypotheses of all nodes,discriminatingly, based on their past data reports. The achievedparameters are used for the testing of malicious users andcalculating the necessary information for data fusion by meansof D-S theory. This scheme has the powerful capability ofeliminating malicious users due to the abnormality of the dis-tribution of malicious users compared with that of legitimateusers. Their algorithm, taking advantage of an appropriatemethod of data fusion and the benefit of robust statistics foroutlier testing based on two estimated distribution separately,can operate without needing knowledge of primary systems, evenin very adverse circumstances where there are numerous mal-icious users. After sensing, each CU sends its own received powerdata to a DFC (data fusion center) where the global sensingdecision is made. For the purpose of improving security andcooperative sensing gain, we consider a robust secure distributedspectrum sensing scheme such as that depicted in Fig. 11.

In their scheme, the authors consider two kinds of maliciousnodes: the ‘‘always-yes’’ node and ‘‘always-no’’ node. The‘‘always-no’’ user will always report the absence of a primarysignal, whereas the ‘‘always-yes’’ node will always inform thepresence of the LU (Licensed User). ‘‘always-yes’’ users increasethe probability of false alarm Pf while ‘‘always-no’’ users decreasethe probability of detection Pd. A malicious user will haveabnormal estimated parameters. Based on this feature, it caneasily detect consistent malicious users by the following testcondition: 9m1i�moi9oe1 where N¼2TW where T and W aredetection time and signal bandwidth respectively, and e1 is thedetection thresholds which is predefined based on N so that themalicious users can be removed completely (Nhan and Koo,2009). This test is used for detecting ‘‘consistent malicious’’ nodeswhich generate false sensing data from one hypothesis.

An ‘‘always-yes’’ or ‘‘always-no’’ node will have very small differencebetween two hypotheses means and deviations since its data setfxEi9H0g and fxEi9H1g are derived from one hypothesis distribution oreven from a constant value. If a node has a smaller distance betweentwo mean values of two hypotheses than a minimum tolerablevalue, it will be considered a consistent malicious user.

Several studies address the security issues of spectrum sensingin CRNs. Primary user emulation attack is analyzed in Chen et al.(2008a), Newman and Clancy (2009). In this attack, malicioususers transmit false signals which have features similar to thoseof a primary signal. In this way, the attacker can misleadlegitimate SUs to believe that a PU is present. The defense schemein Chen et al. (2008a) is designed to identify malicious users byestimating location information and observing received signalstrength (RSS). In Newman and Clancy (2009), signal classificationalgorithms are used to distinguish between primary and second-ary signals. Primary user emulation attack is an outsider attack,targeting both collaborative and non-collaborative spectrum sen-sing. Another type of attack is insider attack that targets colla-borative spectrum sensing. In current collaborative sensingschemes, SUs are often assumed to report their sensing informa-tion honestly. However, it is quite possible that wireless devicesare compromised by malicious parties. Compromised nodes cansend false sensing information to mislead the system. A naturaldefense scheme (Mishra et al., 2006) is to change the decisionrule. The revised rule is: when there are k�1 malicious nodes, thedecision result is based on there being at least k nodes beingreporting on. However, this defense scheme has three disadvan-tages. First, the scheme does not specify how to estimate thenumber of malicious users, which is difficult to measure inpractice. Second, the scheme will not work in soft-decision cases,where SUs report sensed energy levels instead of binary harddecisions. Third, the scheme has a very high false alarm rate whenthere are multiple attackers. The problem of dishonest users indistributed spectrum sensing is discussed in Chen et al. (2008).The defense scheme in this work requires SUs to collect sensingreports from their neighbors when a confirmatory decisioncannot be made. Moreover, the scheme is applied only to hard-decision reporting cases. Finally, current security issues in CRNs,including attacks and corresponding defense schemes, are sum-marized in Clancy and Goergen (2008).

8.2. Secure spectrum decision scheme

The main benefit of introducing security in the spectrumdecision process is a stronger guarantee that the service of PUswill not be significantly disrupted. At no additional cost, theresilience of the spectrum decision against malicious attackersprotects the secondary network as well. For instance, the DoS


types of attacks presented in Jakimoski and Subbalakshmi (2008)will not be applicable if the spectrum decision is secured. Theauthors proposed a protocol designed to provide secure spectrumdecisions in a clustered infrastructure-based network wherespectrum decisions are made periodically and independently ineach cluster. The proposed protocol guarantees that a maliciousoutsider and a limited number of corrupt insiders (i.e., nodes thatparticipate in the protocol) cannot have a significant impact onthe spectrum decision. The protocol is provably secure, and it ismore efficient than the straightforward solutions involving digitalsignatures or key establishment protocols. Many existingdynamic spectrum access protocols make spectrum decisionsbased on the assumption that all parties involved in the spectrumdecision are honest and there is no malicious outsider that canmanipulate the spectrum decision process. Jakimoski andSubbalakshmi (2009) assume that there is some sort of synchro-nization among the nodes in the cluster in the network. The timeis divided into equal length intervals (or cycles). The nodes knowwhen each cycle begins and ends, and they are also aware of theschedule of the events during a cycle (e.g., which node sends itschannel availability data, which channels it uses, etc.). There arethree main events that are handled in a given cycle: one or morenodes may join the spectrum decision process in a given cluster,the nodes of the cluster send their spectrum sensing data, and thecluster head sends to the other nodes the final channel assign-ment. They also describe how each of these operations can beaccomplished in a secure and efficient manner. But they do notdeal with the details of the data sent by the nodes during thespectrum decision. They simply present techniques that enablesecure transmission.

8.3. Secure spectrum sharing scheme

In the existing work, it appears that, to date, nothing has beendone to secure spectrum sharing in CRNs. A public key crypto-graphy-based PU identification mechanism has been proposed toprevent malicious SUs from masquerading as PUs (Mathur andSubbalakshmi, 2007b). So, this approach could be applied tosecure spectrum sharing among the cognitive radio nodesin CRNs.

8.4. Secure spectrum mobility scheme

The protocols of different layers of CRNs must be able to adaptto the channel parameters of the operating frequency. As well,they must be apparent to the spectrum hand-off and relatedlatency. An algorithm should be implemented and the bestavailable spectrum should be chosen, depending on the channelcharacteristics of the available spectrum and the Quality ofService requirements of the CR user.

9. Challenges and open problems in cognitive radio networks

Previous research investigations on spectrum management, aswell as the attention (little though it is) given to security for CRNs,mainly focus on spectrum selection and availability on a hypothe-tical network model, rather than on a specific application. Gapsstill exist in the area of security for CRNs and must be thoroughlyinvestigated.

1.
No guideline for security model definition: Current spectrummanagement schemes lack a formal security model. Existingliterature (Mathur and Subbalakshmi, 2007a; Zhang and Li,2009b; Qin et al., 2009; Chen and Park, 2006; Chen et al.,2008a; Nhan and Koo, 2009; Jakimoski and Subbalakshmi,
2008) assumes only a hierarchical security model, or distrib-uted security model according to the corresponding networktopology. There is no quantized security model. Accordingly,the security proof is simply a heuristic description.

2.
No secure mechanisms: CRNs communicate through radio. Forsecurity purposes, CRNs require mechanisms to authenticate,authorize and protect information flows of cognitive radionodes. But conventional authentication and authorizationmechanisms are not suitable in CRNs because of theirdynamic behaviors, overhead and cost.
3.
Dynamic natures of CRNs: The dynamic nature of CRNs makesthe security issues more vulnerable. In CRNs, new dynamicissues: communication protocol, modulation, frequency, sen-sibility or emitted power are introduced (Araujo et al., 2012).The attacker can affect the data transmissions between CRnodes by using these powerful characteristics. Securityschemes must be able to operate within this dynamicenvironment.
4.
Deployment in a Hostile Environment: Cognitive radio nodesare deployed in a hostile environment depending on theapplications. Attackers can capture the nodes easily in ahostile environment and gain physical access to the devicesand extract valuable information (e.g. cryptographic keys)from the nodes. A captured node can affect the whole net-work due to the change in the communication protocol. Forexample, a malicious node can capture all the network relatedinformation by ordering the network to use a specific mod-ulation or cryptographic algorithm and provide wrong infor-mation to the network with a view to causing a badconfiguration. So, the deployment of CR nodes in a hostileenvironment presents serious security challenges in CRNs.
5.
Lack of support of asynchronous sensing: Since each user hasindependent and asynchronous sensing and transmissionschedules in CRNs, it can detect the transmissions of otherCR users, as well as PUs during its sensing period. However,with energy detection, which is most commonly used forspectrum sensing, a CR user can not distinguish the transmis-sion of CR and PUs, and can detect only the presence of atransmission. As a result, the transmission of CR usersdetected during sensing operations produces a false alarmin spectrum sensing, thereby increasing spectrum opportu-nities (Akyildiz et al., 2009). Thus, how to coordinate thesensing cooperation of each CR user to reduce these falsealarms is the most important and challenging issue inspectrum sensing.
6.
High latency: In CRNs, cooperative sensing introduces anothercrucial issue. By requesting sensing information from severalCR users, the user who initiates the cooperative sensing,improves the accuracy but also increases the network traffic.However, this also results in higher latency in collecting thisinformation due to channel contention and packet re-trans-missions (Prasad, 2008). Thus, this is still an open problem incognitive radio ad hoc networks (CRAHNs).
7.
Resource limitations in CRNs: Extreme resource limitations ofCRNs make the security mechanisms more challenging. Effi-cient and secure algorithms can not be used in CRNs becauseof extreme hardware constraints. Communications in CRNsare expensive in terms of power (Araujo et al., 2012). So, thedesigners of CRNs should emphasize security mechanisms tomake CRN communication efficient in order to save energy.
8.
Spectrum sensing in multi-user network: The multi-user envir-onment, consisting of multiple CRNs, increases the difficultyof sensing spectrum holes and estimating the interference. Ina multi-user network, many spectrum hand-offs will occurand the attackers will take the opportunity to slow down thewhole network (Akyildiz et al., 2008).


9.
Lack of trust management: The immediate challenge of estab-lishing trust in CRNs plays a vital role in designing CRAHNs.To ensure the smooth operation of CRNs to support ubiqui-tous computing, trust forms the foundation of CRNs (Chenet al., 2008b). However, trust for CRNs is quite different fromother wireless scenarios. Trust is critical in CRN operation andbeyond security design, as security usually needs advancedcommunication overhead.
10.
Develop analog cryptographic primitives: One of the openproblems in integrating security mechanisms into cognitivenetworks is that the primary base stations transmit analogsignals in some frequency bands such as the TV band. Sincemost of the cryptographic primitives work in the digitaldomain, it may not be even possible to integrate them intoanalog TV signals (Mathur and Subbalakshmi, 2007a).
11.
Performance degradation during hand-off: Severe performancedegradation occurs in CRNs during hand-off (Fu et al., 2007).So, new approaches for mobility and connection managementneed to be established to avoid delay and loss of informationwhen the CR-nodes will be transferred from one frequencyband to another available frequency band, due to the appear-ance of a PU in the network.
12.
Multiple spectrum bands: In CRNs, multiple spectrum bandscan be simultaneously used for transmission which areresponsible for the quality degradation during spectrumhand-off in comparison to other conventional wireless trans-mission which is transmitted on a single spectrum band andrequires less power (Atakan and Akan, 2007). Securitymechanisms must be scalable to CRN with multiple spectrumbands while maintaining high computation and communica-tion efficiency.
13.
Aggregate interference in spectrum sensing: Spectrum Sensingsuffers from uncertainty in aggregate inference due to theunknown number of secondary systems and their locations(Khalid and Anpalagan, 2010). Even though a primary systemmay be out of any secondary system’s interference range, theaggregate interference may turn out to be harmful in CRNs(Sahai et al., 2004).
14.
Channel fading in spectrum sensing: Under channel fading orshadowing, it is not necessarily implied by the low receivedsignal strength that the primary system is not within the SUs’interference range, because the primary signal may beshadowed by heavy obstacles or experience a deep fade.Therefore, CRs have to be more sensitive and capable ofdistinguishing a faded or shadowed primary signal from awhite space (Khalid and Anpalagan, 2010). White space isdefined by the authors in Yau et al. (2012) based on time,frequency and maximum transmission power at a particularlocation.
10. Conclusion

This research work aims to address the problem of spectrummanagement for CRNs, focusing in particular on the securityissues of CRNs. Attacks on different protocol layers have beenaddressed in this paper and possible countermeasures to secureCRNs are presented. Although some work has been done in thisrealm, there is not a secure framework for CRNs. Hence, this paperpresents a survey on the architecture and security issues in CRNs.Challenging problems related to security issues are outlined dueto the characteristic of accessing spectrum dynamically in CRNs.First, we describe the architecture of CRNs. CRNs are also vulner-able to different security threats. There are more opportunities forattacks to attackers by cognitive radio technology compared withgeneral wireless network due to their intrinsic nature, hence, our

reason for analyzing security problems in CRNs in this paper.Further study can be focused on specific security problems andintrusion detection schemes in CRNs.

References

Akyildiz IF, et al. NeXt generation/dynamic spectrum access/cognitive radiowireless networks: a surveyThe International Journal of Computer and Tele-communications Networking 2006;50(13):2127–59.

Akyildiz IF, Lee WY, Vuran MC, Mohanty S. A survey on spectrum management incognitive radio networks. In: IEEE Communications Magazine 2008. p. 40–8.

Akyildiz IF, et al. CRAHNs: cognitive radio ad hoc networksAd Hoc Networks2009;7:810–36.

Araujo A, Blesa J, Romero E, Villanueva D. Security in cognitive wireless sensornetworks, challenges and open problems. EURASIP Journal on WirelessCommunications and Networking 2012;48(1).

Arslan H, Ahmed S. Applications of cognitive radio, in cognitive radio, softwaredefined radio, and adaptive wireless systems. Springer; 2007.

Atakan B, Akan O. Biologically-inspired spectrum sharing in cognitive radionetworks. In: Proceedings of IEEE wireless communications and networkingconference. Hong Kong; 2007. p. 43–8.

Bahramian S, Khalaj BH. A Novel low complexity dynamic frequency selectionalgorithm for cognitive radios. IEEE international symposium on wirelesscommunication systems. Trondheim; 2007. p. 558–62.

Bhuse V, Gupta A. Anomaly intrusion detection in wireless sensor networks.Journal of High Speed Networks 2006;15(1):33–51.

Burbank JL. Security in cognitive radio networks: the required evaluation inapproaches to wireless network security. In: Proc. of 3rd internationalconference on CrownCom. Singapore; 2008. p. 1–7.

Chair Z, Varshney PK. Optimal data fusion in multiple sensor detection systems.IEEE Transactions on Aerospace and Electronic Systems 1986;22(1):98–101.

Challapali K, Mangold S, Zhong Z. Spectrum agile radio: detecting spectrumopportunities. In: International symposium on advanced radio technologiesISART. Boulder CO, USA; 2004. p. 5.

Chen R, Park JM. Ensuring trustworthy spectrum sensing in cognitive radionetworks. In: 1st IEEE workshop on networking technologies for softwaredefined radio networks. SDR ’06, Reston, VA, USA; 2006. p. 110–9.

Chen R, Park J-M, Reed JH. Defense against primary user emulation attacks incognitive radio networks. IEEE Journal on Selected Areas in Communications2008;26(1):25–37.

Chen K-C, et al. Cognitive radio network architecture: part I—general structure. In:Proceedings of the 2nd international conference on ubiquitous informationmanagement and communication, Suwon, Korea; 2008a. p. 114–9.

Chen R, Park J-M, Hou YT, Reed JH. Toward secure distributed spectrum sensing incognitive radio networks. IEEE Communications Magazine, Special Issue onCognitive Radio Communications 2008b:50–5.

Chen K-C, et al. Cognitive radio network architecture: part II—trusted networklayer structure. In: Proceedings of ACM conference on ubiquitous informationmanagement and communication (ICUIMC). Suwon, Korea; 2008b. p. 120–4.

Chen R, Park J-M, Bian K. Robust distributed spectrum sensing in cognitive radionetworks. In: Proceedings of IEEE international conference on computercommunications (INFOCOM ’08). Phoenix, Ariz, USA, 2008; p. 1876–84.

Clancy TC, Goergen N. Security in cognitive radio networks: threats and mitiga-tion. In: Proc. of 3rd international IEEE conference on in cognitive radiooriented wireless networks and communications. Singapore; 2008. p. 1–8.

FCC, E T Docket No 03-222 Notice of Proposed rule making and order, 2003.Filho JG, Carmo LFRC, Machado R, Pirmez L. IDS-COG—intrusion detection system

for cognitive radio network. International Journal of Computer Science andNetwork Security 2012;12(3).

FIPS, Specification of the advanced encryption standard (AES). Federal InformationProcessing Standards Publication; 1987.

Fragkiadakis AG, Tragos EZ, Askoxylakis IG. A survey on security threats anddetection techniques in cognitive radio networks. In: IEEE communicationssurveys and tutorials, 2011. p. 1–18.

Fu X, Zhou W, Xu J, Song J. Extended mobility management challenges overcellular networks combined with cognitive radio by using multi-hop network.In: Proceedings of ACIS international conference on software engineering,artificial intelligence, networking, and parallel/distributed computing. Qing-dao, China; 2007. p. 683–8.

Ghasemi A, Sousa ES. Opportunistic spectrum access in fading channels throughcollaborative sensing. Journal of Communications (JCM) 2007;2(2):71–82.

Hanbali AA, Altman E, Nain P, France ISA. A survey of tcp over ad hoc networks.Communications Surveys and Tutorials. IEEE Communications Surveys2005;7(3):22–36.

Haykin S. Cognitive radio: brain-empowered wireless communicationsIEEE Jour-

nal on Selected Areas in Communications 2005;23(2):201–20.

Huseyin A. Cognitive radio, software defined radio, and adaptive wireless systems.Springer; 2007.

Jakimoski G, Subbalakshmi KP. Denial-of-service attacks on dynamic spectrumaccess networks. In: Proceedings of IEEE communications workshops. Beijing,China; 2008. p. 524–8.

Jakimoski G, Subbalakshmi KP. Towards secure spectrum decision. In: Proceedingsof the IEEE international conference on communications. Dresden, Germany;2009. p. 2759–63.


Kaligineedi P, Khabbazian M, Bhargava KM. Secure cooperative sensing techniquesfor cognitive radio systems. In: Proceedings of IEEE international conferenceon communications; 2008a. p. 3406–10.

Kaligineedi P, Khabbazian M, Bhargava VK. Secure cooperative sensing techniquesfor cognitive radio systems. In: Proceedings of the IEEE international con-ference on communications (ICC). Beijing, China, 2008b. p. 3406–10.

Khalid L, Anpalagan A. Emerging cognitive radio technology: principles, challengesand opportunitiesJournal of Computers and Electrical Engineering 2010;36(2):358–66.

Kim HS. Location-based authentication protocol for first cognitive radio network-ing standard. Journal of Network and Computer Applications 2011;34(4):1160–7.

Lee WY, Akyildiz I. Optimal spectrum sensing framework for cognitive radionetworks. IEEE Transactions on Wireless Communications 2008;7(10):3845–57.

Leon O, Serrano JH, Soriano M. A new cross-layer attack to TCP in cognitive radionetworks. Second international workshop on cross layer design, IWCLD ’09,Mallorca, Spain; 2009. p. 1–5.

Leon O, Serrano JH, Soriano M. Securing cognitive radio networks. InternationalJournal of Communication Systems 2010;23(5):633–52.

Leon O, Roman R, Hernandez-Serrano J. Towards a cooperative intrusion detectionsystem for cognitive radio networks. In: Proceedings of the IFIP TC 6thinternational conference on Networking (NETWORKING’11). Valencia, Spain,2011. p. 231–42.

Li H, Han Z. Dogfight in spectrum: jamming and anti-jamming in multichannelcognitive radio systems. In: Proceedings of IEEE conference on global tele-communications. Honolulu, Hawaii, 2009. p. 1–6.

Maldonado D, Le B, Hugine A, Rondeau TW, Bostian CW. Cognitive radio applica-tions to dynamic spectrum allocation. In: Proceedings of first IEEE interna-tional symposium on new frontiers in dynamic spectrum access. Baltimore,MD, USA, 2005. p. 597–600.

Marques H, Ribeiro J, Marques P, Zuquete A, Rodriguez J. A security framework forcognitive radio IP based cooperative protocols. In: IEEE 20th internationalsymposium on personal, indoor and mobile radio communications. Tokyo,2009. p. 2838–42.

Mathur CN, Subbalakshmi KP. Security issues in cognitive radio networks. In:Cognitive networks: towards self-aware networks. John Wiley and Sons, Ltd;2007 [chapter 11].

Mathur CN, Subbalakshmi KP. Digital signatures for centralized DSA networks. In:Proceedings of 4th IEEE conference on consumer communications andnetworking, 2007. p. 1037–41.

Miller R, Wenyuan X, Kamat P, Trappe W. Service discovery and device identifica-tion in cognitive radio networks. In: 4th annual conference on sensor, meshand Ad Hoc communications and networks, 2007. SECON ’07, San Diego, CA;2007. p. 670–7.

Mishra A, Nadkarni K, Patcha A. Intrusion detection in wireless Ad hoc networks.In: Proceedings of the 6th annual international conference on mobile comput-ing and networking. Boston, Massachusetts; 2004. p. 275–83.

Mishra SM, Sahai A, Brodersen RW. Cooperative sensing among cognitive radios.In: Proceedings of the IEEE international conference on communications (ICC2006). Turkey, Istanbul; 2006. p. 1658–63.

Mitola J. Cognitive radio: an integrated agent architecture for software definedradio. PhD thesis, in Royal Institute of Technology (KTH), 2000.

Naveed A, Kanhere SS. Security vulnerabilities in channel assignment of multi-radio multi-channel wireless mesh networks. In: Proceedings of IEEE con-ference in global telecommunications, GLOBECOM; 2006a. p. 1–5.

Naveed A, Kanhere SS. Security vulnerabilities in channel assignment of multi-radio multi-channel wireless mesh networks. In: Proceedings of the IEEEGLOBECOM. San Francisco, California, USA; 2006b. p. 1–5.

Newman TR, Clancy TC. Security threats to cognitive radio signal classifiers. In:Proceedings of the Virginia tech wireless personal communications sympo-sium. Blacksburg, VA, USA; 2009.

Nhan N-T, Koo I. A secure distributed spectrum sensing scheme in cognitive radio.In: Proceedings of the intelligent computing 5th international conference onemerging intelligent computing technology and applications. Springer, Berlin;2009. p. 698–707.

Olivieri MP, Barnett G, Lackpour A, Davis A, Ngo P. A scalable dynamic spectrumallocation system with interference mitigation for teams of spectrally agilesoftware defined radios. In: Proceedings of first IEELE international sympo-sium on new frontiers in dynamic spectrum access networks (DySPAN 2005).Baltimore, Maryland USA; 2005. p. 170–9.

Peh E, Liang Y-C, Guan YL, Zeng Y. Optimization of cooperative sensing in cognitiveradio networks: a sensing-throughput tradeoff viewIEEE Transactions onVehicular Technology 2009;58(9):5294–9.

Prasad NR. Secure cognitive networks. In: Proceedings of European conference onwireless technology, Amsterdam; 2008. p. 107–10.

Qin TYuH, Leung C, Shen Z, Miao C. Towards a trust aware cognitive radioarchitecture. Newsletter ACM SIGMOBILE Mobile Computing and Communica-tions Review 2009;13(2):86–95.

Quan Z, Cui S, Sayed AH. Optimal linear cooperation for spectrum sensing incognitive radio networks. IEEE Journal of Selected Topics in Signal Processing2008;2(1):28–40.

Sahai A, Hoven N, Tandra R. Some fundamental limits on cognitive radio. In:Proceedings of Allerton conference on communication, control and computing.Monticello, Chicago; 2004.

Schneier B. Applied cryptography: protocols, algorithm, and secure code in CNew

York, USA: John Wiley and Sons, Inc.; 1996.

Shahid MIB, Kamruzzaman J. Weighted soft decision for cooperative sensing incognitive radio networks. 16th IEEE international conference on networks(ICON). New Delhi; 2008. p. 1–6.

Shahid MIB, Kamruzzaman J. Agile spectrum evacuation in cognitive radio net-works. In: IEEE international conference on communications (ICC). Cape Town;2010. p. 1–6.

Sudip M, Ankur J. Policy controlled self-configuration in unattended wirelesssensor networks. Journal of Network and Computer Applications 2011;34(5):1530–44.

Tan X, Borle K, Du W, Chen B. Cryptographic link signatures for spectrum usageauthentication in cognitive radio. In: Proceedings of the fourth ACM con-ference on wireless network security. Hamburg, Germany; 2011. p. 79–90.

Toonstra J, Kinsner W. A radio transmitter fingerprinting system odo-1. Canadianconference on electrical and computer engineering. Canada; 1996. p. 60–3.

Unnikrishnan J, Veeravalli V. Cooperative sensing for primary detection incognitive radio. IEEE Journal of Selected Topics in Signal Processing2008;1(2):18–27.

Wallner D, Harder E, Agree R. Key management for multicast: issues andarchitectures. In: National Security Agency, Network Working Group-RFC;1999. p. 26–7.

Wang W, Li H, Sun Y, Han Z. Attack-proof collaborative spectrum sensing incognitive radio networks. In: Proceedings of IEEE 43rd annual conference oninformation sciences and systems. Baltimore, MD, USA; 2009. p. 130–4.

Wang B, Wu Y, Liu KJR. Game theory for cognitive radio networks: an over-viewJournal of Computer Networks 2010a;54(14):2537–61.

Wang X, Li Z, Xu P, Xu Y, Gao X, Chen HH. Spectrum sharing in cognitive radionetworks—an auction based approach. IEEE Transactions on Systems, Man,and Cybernetics—Part B 2010b;40(3):587–96.

William RC, Dongwan S. A novel node level security policy framework for wirelesssensor networks. Journal of Network and Computer Applications 2011;34(1):418–28.

Winget NC, Housley R, Wagner D, Walker J. Security flaws in 802.11 data linkprotocols. ACM Communications Magazine (Wireless networking security)2003:35–9.

Xiang J, Zhang Y, Skeie T. Medium access control protocols in cognitive radionetworks. Journal of Wireless Communications and Mobile Computing—

Recent Advances in Wireless Communications and Networks 2010;10(1):31–49.

Xie M, Han S, Tan B, Parvin S. Anomaly detection in wireless sensor networks: asurveyJournal of Network and Computer Applications 2011;34(4):1302–25.

Yau K-LA, et al. Reinforcement learning for context awareness and intelligence inwireless networks: review, new features and open issuesJournal of Networkand Computer Applications 2012;35(1):253–67.

Yucek T, Arslan H. A survey of spectrum sensing algorithms for cognitive radioapplications. In: IEEE communications surveys and tutorials, 2009. p. 116–30.

Zhang Y, Lee W. Intrusion detection in wireless ad-hoc networks. In: Proceedingsof the sixth ACM annual international conference on mobile computing andnetworking. NY, USA; 2000. p. 275–83.

Zhang X, Li C. The security in cognitive radio networks: a survey. In: Proceedings ofinternational conference on communications and mobile computing, ACM:Leipzig, Germany; 2009a. p. 309–13.

Zhang X, Li C. The security in cognitive radio networks: a survey. In: Proceedings ofinternational conference on wireless communications and mobile computing,Leipzig, Germany; 2009b. p. 309–13.

Zhang Y, Gaochao X, Geng X. Security threats in cognitive radio networks. In:Proceedings of 10th IEEE international conference on high performancecomputing and communications. Dalian; 2008. p. 1036–41.

Zheng H, Cao L. Device-centric spectrum management. In: Proceedings of IEEEDySPAN. Baltimore, USA; 2005. p. 56–65.

Zhou D. Security issues in Ad Hoc networks.Boca Raton, FL, USA: CRC Press, Inc.; 2003.Zhou MT, Harada H. Cognitive maritime wireless mesh/ad hoc networks. Journal of

Network and Computer Applications 2012;35(2):518–26.Zhu L, Mao H. An efficient authentication mechanism for cognitive radio networks.

In: Proceedings of power and energy engineering conference (APPEEC).Wuhan; 2011. p. 1–5.

cognitive radio network security a survey

Documents