Prevention of Emulation Attack in Cognitive Radio Networks Using Integrated Authentication

Security is the prominent problem in emerging cognitive radio. Protecting the chief user’s and sub-ordinate user’s right to use the spectrum results in the correct cognitive radio operation. The major user emulation attack is a physical layer attack which disrupts the secondary user’s operation. An Advanced Encryption Standard scheme is used in this work that aims to defeat the chief User Emulation Attack by the correct detection of the chief user. The reference signal is encrypted and transmitted along with the Digital TV signal. Using a shared secret the receiver regenerates the reference and the cross association and the auto correlation are calculated which helps in the accurate detection of the chief user as well as the malicious user. The simulations were carried out and the results show that the detection scheme results in zero misdetection and also false alarm which is below a set threshold

Spectrum Sensing and Mitigation of Primary User Emulation Attack in Cognitive Radio

The overwhelming growth of wireless communication has led to spectrum shortage issues. In recent days, cognitive radio (CR) has risen as a complete solution for the issue. It is an artificial intelligence-based radio which is capable of finding the free spectrum and utilises it by adapting itself to the environment. Hence, searching of the free spectrum becomes the key task of the cognitive radio termed as spectrum sensing. Some malicious users disrupt the decision-making ability of the cognitive radio. Proper selection of the spectrum scheme and decision-making capability of the cognitive reduces the chance of colliding with the primary user. This chapter discusses the suitable spectrum sensing scheme for low noise environment and a trilayered solution to mitigate the primary user emulation attack (PUEA) in the physical layer of the cognitive radio. The tag is generated in three ways. Sequences were generated using DNA and chaotic algorithm. These sequences are then used as the initial seed value for the generation of gold codes. The output of the generator is considered as the authentication tag. This tag is used to identify the malicious user, thereby PUEA is mitigated. Threat-free environment enables the cognitive radio to come up with a precise decision about the spectrum holes

On robust and secure wireless communication system design using software-defined radios

This dissertation is composed of three parts: airborne multi input multi output (MIMO) communications, physical layer authentication, and software radio design for DARPA Spectrum Challenge. A common theme for the three distinct problems is the system perspective that we have adopted throughout this dissertation. Instead of considering isolated issues within these problems, we have provided a holistic design approach to the three problems and have implemented all three systems using the GNU Radio/USRP (Universal Software Radio Peripheral) platform. In the first part, we develop a MIMO communication system for airborne platforms. MIMO communication has long been considered to be suitable only for environment that is rich in scatterers. This, unfortunately is not the case for airborne platforms. However, this lack of scattering can be compensated by the large aperture of the airborne MIMO platform; this is corroborated by our careful analysis using real measurement data. Our analysis of the airborne MIMO channels leads to the development of a variable rate MIMO transceiver architecture. This architecture is numerically shown to improve the bit error rate (BER) over conventional transceiver architectures that are developed for rich scattering environments. A software radio based MIMO system is then implemented to demonstrate experimentally the efficacy of the developed architecture. In the second part, we develop a physical layer authentication scheme as a counter measure to primary user emulation attack (PUEA) in cognitive radio (CR) networks. In this attack, a malicious user emulates the signal characteristics of the primary user (PU) when it is silent which prevents unsuspecting secondary user (SU) from utilizing the network. The developed physical layer authentication is based on embedding cryptographic hash signatures, referred to as authentication tags, within PU\u27s signal constellations. The embedding is performed such that the legacy receivers are not affected. We analyze the scheme using the fast fading Rayleigh channel model and present an optimal scheme to embed signals in PU\u27s constellations which minimizes the tag BER. Experimental results are obtained that corroborate our theoretical claims, thereby establish that reliable authentication can be achieved without sacrificing signal quality at the primary receivers. In the final part, we describe in detail our design of software radios developed as part of the DARPA Spectrum Challenge (DSC), a year long competition that started in January 2013 and concluded in March 2014 with the final tournament held in Arlington, VA at the DARPA headquarter. DSC was comprised of two tournaments, competitive and cooperative. In the competitive mode two radio pairs, each composed of a transmitter and a receiver, are pitted against each other to transmit the most amount of data error-free while operating concurrently in the same frequency band. In the cooperative mode, three radio pairs have to share a frequency band in a cooperative manner wherein the goal is to maximize the throughput of all the three pairs. We describe the design of our software radio system that integrates some key technologies crucial in operating in an environment that does not allow user coordination and spectrum pre-planning, including: spectrum sensing, adaptive transmission both in spectrum utilization and transmission rate, opportunistic jamming, and sliding window feedback. The developed radio is robust in the presence of unknown interference and achieves the desired balance between throughput and reliability in an uncoordinated transmission environment

Physical Layer Defenses Against Primary User Emulation Attacks

Cognitive Radio (CR) is a promising technology that works by detecting unused parts of the spectrum and automatically reconfiguring the communication system\u27s parameters in order to operate in the available communication channels while minimizing interference. CR enables efficient use of the Radio Frequency (RF) spectrum by generating waveforms that can coexist with existing users in licensed spectrum bands. Spectrum sensing is one of the most important components of CR systems because it provides awareness of its operating environment, as well as detecting the presence of primary (licensed) users of the spectrum

Unified architecture of mobile ad hoc network security (MANS) system

In this dissertation, a unified architecture of Mobile Ad-hoc Network Security (MANS) system is proposed, under which IDS agent, authentication, recovery policy and other policies can be defined formally and explicitly, and are enforced by a uniform architecture. A new authentication model for high-value transactions in cluster-based MANET is also designed in MANS system. This model is motivated by previous works but try to use their beauties and avoid their shortcomings, by using threshold sharing of the certificate signing key within each cluster to distribute the certificate services, and using certificate chain and certificate repository to achieve better scalability, less overhead and better security performance. An Intrusion Detection System is installed in every node, which is responsible for colleting local data from its host node and neighbor nodes within its communication range, pro-processing raw data and periodically broadcasting to its neighborhood, classifying normal or abnormal based on pro-processed data from its host node and neighbor nodes. Security recovery policy in ad hoc networks is the procedure of making a global decision according to messages received from distributed IDS and restore to operational health the whole system if any user or host that conducts the inappropriate, incorrect, or anomalous activities that threaten the connectivity or reliability of the networks and the authenticity of the data traffic in the networks. Finally, quantitative risk assessment model is proposed to numerically evaluate MANS security

State-of-the-art authentication and verification schemes in VANETs:A survey

Vehicular Ad-Hoc Networks (VANETs), a subset of Mobile Ad-Hoc Networks (MANETs), are wireless networks formed around moving vehicles, enabling communication between vehicles, roadside infrastructure, and servers. With the rise of autonomous and connected vehicles, security concerns surrounding VANETs have grown. VANETs still face challenges related to privacy with full-scale deployment due to a lack of user trust. Critical factors shaping VANETs include their dynamic topology and high mobility characteristics. Authentication protocols emerge as the cornerstone of enabling the secure transmission of entities within a VANET. Despite concerted efforts, there remains a need to incorporate verification approaches for refining authentication protocols. Formal verification constitutes a mathematical approach enabling developers to validate protocols and rectify design errors with precision. Therefore, this review focuses on authentication protocols as a pivotal element for securing entity transmission within VANETs. It presents a comparative analysis of existing protocols, identifies research gaps, and introduces a novel framework that incorporates formal verification and threat modeling. The review considers key factors influencing security, sheds light on ongoing challenges, and emphasises the significance of user trust. The proposed framework not only enhances VANET security but also contributes to the growing field of formal verification in the automotive domain. As the outcomes of this study, several research gaps, challenges, and future research directions are identified. These insights would offer valuable guidance for researchers to establish secure authentication communication within VANETs

Discrete Moving Target Defense Application and Benchmarking in Software-Defined Networking

Moving Target Defense is a technique focused on disrupting certain phases of a cyber-attack. The static nature of the existing networks gives the adversaries an adequate amount of time to gather enough data concerning the target and succeed in mounting an attack. The random host address mutation is a well-known MTD technique that hides the actual IP address from external scanners. When the host establishes a session of transmitting or receiving data, due to mutation interval, the session is interrupted, leading to the host’s unavailability. Moving the network configuration creates overhead on the controller and additional switching costs resulting in latency, poor performance, packet loss, and jitter. In this dissertation, we proposed a novel discrete MTD technique in software-defined networking (SDN) to individualize the mutation interval for each host. The host IP address is changed at different intervals to avoid the termination of the existing sessions and to increase complexity in understanding mutation intervals for the attacker. We use the flow statistics of each host to determine if the host is in a session of transmitting or receiving data. Individualizing the mutation interval of each host enhances the defender game strategy making it complex in determining the pattern of mutation interval. Since the mutation of the host address is achieved using a pool of virtual (temporary) host addresses, a subnet game strategy is introduced to increase complexity in determining the network topology. A benchmarking framework is developed to measure the performance, scalability, and reliability of the MTD network with the traditional network. The analysis shows the discrete MTD network outperforms the random MTD network in all tests