Fully Distributed Cooperative Spectrum Sensing for Cognitive Radio Networks

Cognitive radio networks (CRN) sense spectrum occupancy and manage themselves to operate in unused bands without disturbing licensed users. The detection capability of a radio system can be enhanced if the sensing process is performed jointly by a group of nodes so that the effects of wireless fading and shadowing can be minimized. However, taking a collaborative approach poses new security threats to the system as nodes can report false sensing data to force a wrong decision. Providing security to the sensing process is also complex, as it usually involves introducing limitations to the CRN applications. The most common limitation is the need for a static trusted node that is able to authenticate and merge the reports of all CRN nodes. This paper overcomes this limitation by presenting a protocol that is suitable for fully distributed scenarios, where there is no static trusted node

Trust-based mechanisms for secure communication in cognitive radio networks

Cognitive radio (CR) technology was introduced to solve the problem of spectrum scarcity to support the growth of wireless communication. However, the inherent properties of CR technology make such networks more vulnerable to attacks. This thesis is an effort to develop a trust-based framework to ensure secure communication in CRN by authenticating trustworthy nodes to share spectrum securely and increasing system's availability and reliability by selecting the trustworthy key nodes in CRNs

A Hierarchical Structure towards Securing Data Transmission in Cognitive Radio Networks

Cognitive Radio (CR) technology is considered as a promising technology to overcome spectrum scarcity problem in wireless networks, by sharing the spectrum between both unlicensed users (secondary users, (SUs)) and licensed users (primary users, (PUs)), provided that the SUs respect the PUs’ rights to use the spectrum exclusively. An important technical area in cognitive radio networks (CRNs) is wireless security. A secure CRN must meet different security requirements, which are: confidentiality, integrity, availability and authentication. Data confidentiality is a mandatory requirement in cognitive radio networks, generally to maintain the privacy of the data owner (PU or SU). Integrity means that data is transmitted from the source to the destination without alteration. While availability is to release the channels assigned to one SU as soon as a PU wants to use its spectrum. Authentication in CRN means that each node has to authenticate itself before it can use the available spectrum channels. New classes of security threats and challenges in CRNs have been introduced that target the different layers of OSI model and affect the security requirements. Providing strong security may prove to be the most difficult aspect of making CR a long-term commercially-viable concept. Protection of routes used for data transmission is a critical prerequisite to ensure the robustness of iv the routing process. Therefore, route discovery must be done in such a way that lets each node find the best secure path(s) for its data transmission. In this work, network security of CRN is improved through proposing different models that are built to fulfil the security requirements mentioned above. Improving the network security enhances the network performance, taking into consideration the quality of service (QoS) desired by the different network nodes such as bandwidth and time delay. This work aims to combine the spectrum sensing phase and the spectrum management phase, as well as to detect all the adversary nodes that slow down the network performance by selectively holding and not forwarding packets to their next hop(s). We measure the network node’s reliability for using network resources through a value called belief level (BL), which is considered as the main parameter for our entire work. BL is used to monitor the nodes’ behavior during the spectrum sensing phase, and then it is used to form the best path(s) during the spectrum management phase. Particularly, this work follows a hierarchical structure that has three different layers. At the bottom layer, a novel authentication mechanism is developed to fulfil the authentication and the availability security requirements, which ends assigning a belief level (BL) to each node. At the middle layer, the nodes’ behavior during the spectrum sensing phase is monitored to detect all the adversary node(s). Finally, at the top layer, a novel routing algorithm is proposed that uses the nodes’ security (BL) as a routing metric. SUs collaborate with each other to monitor other nodes’ behavior. Users’ data confidentiality and integrity are satisfied through this hierarchical structure that uses the cluster-based, central authority, and nodes collaboration concepts. By doing so, the traffic carried in the CRN is secured and adversary nodes are detected and penalized

Security and Privacy in Dynamic Spectrum Access: Challenges and Solutions

abstract: Dynamic spectrum access (DSA) has great potential to address worldwide spectrum shortage by enhancing spectrum efficiency. It allows unlicensed secondary users to access the under-utilized spectrum when the primary users are not transmitting. On the other hand, the open wireless medium subjects DSA systems to various security and privacy issues, which might hinder the practical deployment. This dissertation consists of two parts to discuss the potential challenges and solutions. The first part consists of three chapters, with a focus on secondary-user authentication. Chapter One gives an overview of the challenges and existing solutions in spectrum-misuse detection. Chapter Two presents SpecGuard, the first crowdsourced spectrum-misuse detection framework for DSA systems. In SpecGuard, three novel schemes are proposed for embedding and detecting a spectrum permit at the physical layer. Chapter Three proposes SafeDSA, a novel PHY-based scheme utilizing temporal features for authenticating secondary users. In SafeDSA, the secondary user embeds his spectrum authorization into the cyclic prefix of each physical-layer symbol, which can be detected and authenticated by a verifier. The second part also consists of three chapters, with a focus on crowdsourced spectrum sensing (CSS) with privacy consideration. CSS allows a spectrum sensing provider (SSP) to outsource the spectrum sensing to distributed mobile users. Without strong incentives and location-privacy protection in place, however, mobile users are reluctant to act as crowdsourcing workers for spectrum-sensing tasks. Chapter Four gives an overview of the challenges and existing solutions. Chapter Five presents PriCSS, where the SSP selects participants based on the exponential mechanism such that the participants' sensing cost, associated with their locations, are privacy-preserved. Chapter Six further proposes DPSense, a framework that allows the honest-but-curious SSP to select mobile users for executing spatiotemporal spectrum-sensing tasks without violating the location privacy of mobile users. By collecting perturbed location traces with differential privacy guarantee from participants, the SSP assigns spectrum-sensing tasks to participants with the consideration of both spatial and temporal factors. Through theoretical analysis and simulations, the efficacy and effectiveness of the proposed schemes are validated.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201

Exploiting Rogue Signals to Attack Trust-based Cooperative Spectrum Sensing in Cognitive Radio Networks

Cognitive radios are currently presented as the solution to the ever-increasing spectrum shortage problem. However, their increased capabilities over traditional radios introduce a new dimension of security threats. Cooperative Spectrum Sensing (CSS) has been proposed as a means to protect cognitive radio networks from the well known security threats: Primary User Emulation (PUE) and Spectrum Sensing Data Falsification (SSDF). I demonstrate a new threat to trust-based CSS protocols, called the Rogue Signal Framing (RSF) intrusion. Rogue signals can be exploited to create the illusion of malicious sensors which leads to the framing of innocent sensors and consequently, their removal from the shared spectrum sensing. Ultimately, with fewer sensors working together, the spectrum sensing is less robust for making correct spectrum access decisions. The simulation experiments illustrate the impact of RSF intrusions which, in severe cases, shows roughly 40\% of sensors removed. To mitigate the RSF intrusion\u27s damage to the network\u27s trust, I introduce a new defense based on community detection from analyzing the network\u27s Received Signal Strength (RSS) diversity. Tests show a 95\% damage reduction in terms of removed sensors from the shared spectrum sensing, thus retaining the benefits of CSS protocols

Security and Privacy in Heterogeneous Wireless and Mobile Networks: Challenges and Solutions

abstract: The rapid advances in wireless communications and networking have given rise to a number of emerging heterogeneous wireless and mobile networks along with novel networking paradigms, including wireless sensor networks, mobile crowdsourcing, and mobile social networking. While offering promising solutions to a wide range of new applications, their widespread adoption and large-scale deployment are often hindered by people's concerns about the security, user privacy, or both. In this dissertation, we aim to address a number of challenging security and privacy issues in heterogeneous wireless and mobile networks in an attempt to foster their widespread adoption. Our contributions are mainly fivefold. First, we introduce a novel secure and loss-resilient code dissemination scheme for wireless sensor networks deployed in hostile and harsh environments. Second, we devise a novel scheme to enable mobile users to detect any inauthentic or unsound location-based top-k query result returned by an untrusted location-based service providers. Third, we develop a novel verifiable privacy-preserving aggregation scheme for people-centric mobile sensing systems. Fourth, we present a suite of privacy-preserving profile matching protocols for proximity-based mobile social networking, which can support a wide range of matching metrics with different privacy levels. Last, we present a secure combination scheme for crowdsourcing-based cooperative spectrum sensing systems that can enable robust primary user detection even when malicious cognitive radio users constitute the majority.Dissertation/ThesisPh.D. Electrical Engineering 201

Resource Efficient Authentication and Session Key Establishment Procedure for Low-Resource IoT Devices

open access journalThe Internet of Things (IoT) can includes many resource-constrained devices, with most usually needing to securely communicate with their network managers, which are more resource-rich devices in the IoT network. We propose a resource-efficient security scheme that includes authentication of devices with their network managers, authentication between devices on different networks, and an attack-resilient key establishment procedure. Using automated validation with internet security protocols and applications tool-set, we analyse several attack scenarios to determine the security soundness of the proposed solution, and then we evaluate its performance analytically and experimentally. The performance analysis shows that the proposed solution occupies little memory and consumes low energy during the authentication and key generation processes respectively. Moreover, it protects the network from well-known attacks (man-in-the-middle attacks, replay attacks, impersonation attacks, key compromission attacks and denial of service attacks)

Leveraging user-related internet of things for continuous authentication: a survey

Among all Internet of Things (IoT) devices, a subset of them are related to users. Leveraging these user-related IoT elements, itis possible to ensure the identity of the user for a period of time, thus avoiding impersonation. This need is known as ContinuousAuthentication (CA). Since 2009, a plethora of IoT-based CA academic research and industrial contributions have been proposed. Weoffer a comprehensive overview of 58 research papers regarding the main components of such a CA system. The status of the industryis studied as well, covering 32 market contributions, research projects and related standards. Lessons learned, challenges and openissues to foster further research in this area are finally presented.This work was supported by the MINECO grant TIN2016-79095-C2-2-R (SMOG-DEV) and by the CAM grants S2013/ICE-3095 (CIBERDINE) and P2018/TCS4566 (CYNAMON-CM) both co-funded with European FEDER funds