Spectrum sharing security and attacks in CRNs: a review

Cognitive Radio plays a major part in communication technology by resolving the shortage of the spectrum through usage of dynamic spectrum access and artificial intelligence characteristics. The element of spectrum sharing in cognitive radio is a fundament al approach in utilising free channels. Cooperatively communicating cognitive radio devices use the common control channel of the cognitive radio medium access control to achieve spectrum sharing. Thus, the common control channel and consequently spectrum sharing security are vital to ensuring security in the subsequent data communication among cognitive radio nodes. In addition to well known security problems in wireless networks, cognitive radio networks introduce new classes of security threats and challenges, such as licensed user emulation attacks in spectrum sensing and misbehaviours in the common control channel transactions, which degrade the overall network operation and performance. This review paper briefly presents the known threats and attacks in wireless networks before it looks into the concept of cognitive radio and its main functionality. The paper then mainly focuses on spectrum sharing security and its related challenges. Since spectrum sharing is enabled through usage of the common control channel, more attention is paid to the security of the common control channel by looking into its security threats as well as protection and detection mechanisms. Finally, the pros and cons as well as the comparisons of different CR - specific security mechanisms are presented with some open research issues and challenges

Intrusion Detection Systems for Community Wireless Mesh Networks

Wireless mesh networks are being increasingly used to provide affordable network connectivity to communities where wired deployment strategies are either not possible or are prohibitively expensive. Unfortunately, computer networks (including mesh networks) are frequently being exploited by increasingly profit-driven and insidious attackers, which can affect their utility for legitimate use. In response to this, a number of countermeasures have been developed, including intrusion detection systems that aim to detect anomalous behaviour caused by attacks. We present a set of socio-technical challenges associated with developing an intrusion detection system for a community wireless mesh network. The attack space on a mesh network is particularly large; we motivate the need for and describe the challenges of adopting an asset-driven approach to managing this space. Finally, we present an initial design of a modular architecture for intrusion detection, highlighting how it addresses the identified challenges

Smart attacks based on control packets vulnerabilities with IEEE 802.11 MAC

International audienceIn this paper, we show new smart attacks which were not dealt with in the solutions proposed recently. We focus on the Medium Access Control (MAC), particularly the IEEE 802.11 and we study some hidden vulnerabilities based on the control packets. The malicious nodes can exploit these vulnerabilities to reduce the network's performance, to disturb the monitoring, routing processes and to escape the Intrusion Detection System (IDS). Furthermore, we show how vulnerabilities can be exploited and how these attacks can be implemented by the attacker. Moreover, attacks' algorithms and the security analysis are presented. We investigate on the effect of these attacks with the simulations and the experimentations. The simulations' results and their analysis illustrate the negative impact of these attacks on the network. In addition, the experimentation results demonstrate the feasibility to real exploitation of these attacks and they confirm the simulation's results

Implementation and Evaluation of a Cooperative Vehicle-to-Pedestrian Safety Application

While the development of Vehicle-to-Vehicle (V2V) safety applications based on Dedicated Short-Range Communications (DSRC) has been extensively undergoing standardization for more than a decade, such applications are extremely missing for Vulnerable Road Users (VRUs). Nonexistence of collaborative systems between VRUs and vehicles was the main reason for this lack of attention. Recent developments in Wi-Fi Direct and DSRC-enabled smartphones are changing this perspective. Leveraging the existing V2V platforms, we propose a new framework using a DSRC-enabled smartphone to extend safety benefits to VRUs. The interoperability of applications between vehicles and portable DSRC enabled devices is achieved through the SAE J2735 Personal Safety Message (PSM). However, considering the fact that VRU movement dynamics, response times, and crash scenarios are fundamentally different from vehicles, a specific framework should be designed for VRU safety applications to study their performance. In this article, we first propose an end-to-end Vehicle-to-Pedestrian (V2P) framework to provide situational awareness and hazard detection based on the most common and injury-prone crash scenarios. The details of our VRU safety module, including target classification and collision detection algorithms, are explained next. Furthermore, we propose and evaluate a mitigating solution for congestion and power consumption issues in such systems. Finally, the whole system is implemented and analyzed for realistic crash scenarios

FAPRP: A Machine Learning Approach to Flooding Attacks Prevention Routing Protocol in Mobile Ad Hoc Networks

© 2019 Ngoc T. Luong et al. Request route flooding attack is one of the main challenges in the security of Mobile Ad Hoc Networks (MANETs) as it is easy to initiate and difficult to prevent. A malicious node can launch an attack simply by sending an excessively high number of route request (RREQ) packets or useless data packets to nonexistent destinations. As a result, the network is rendered useless as all its resources are used up to serve this storm of RREQ packets and hence unable to perform its normal routing duty. Most existing research efforts on detecting such a flooding attack use the number of RREQs originated by a node per unit time as the threshold to classify an attacker. These algorithms work to some extent; however, they suffer high misdetection rate and reduce network performance. This paper proposes a new flooding attacks detection algorithm (FADA) for MANETs based on a machine learning approach. The algorithm relies on the route discovery history information of each node to capture similar characteristics and behaviors of nodes belonging to the same class to decide if a node is malicious. The paper also proposes a new flooding attacks prevention routing protocol (FAPRP) by extending the original AODV protocol and integrating FADA algorithm. The performance of the proposed solution is evaluated in terms of successful attack detection ratio, packet delivery ratio, and routing load both in normal and under RREQ attack scenarios using NS2 simulation. The simulation results show that the proposed FAPRP can detect over 99% of RREQ flooding attacks for all scenarios using route discovery frequency vector of sizes larger than 35 and performs better in terms of packet delivery ratio and routing load compared to existing solutions for RREQ flooding attacks

Wireless and Mobile Computing Security Challenges and Their Possible Solutions

Mobile device security has become more critical as businesses begin to rely on these devices for everyday processes. Securing information from unauthorized access is a major problem for any network, especially in the wireless networks. This paper will discuss the main security challenges concerning the mobile devices such as tablet and cell phones which run a mobile Operating System (OS). More specifically, these are Android (Google), iOS (Apple), or BlackBerry OS (RIM). Major solutions to the security challenges will also presented and discussed in this paper

A Defense Framework Against Denial-of-Service in Computer Networks

Denial-of-Service (DoS) is a computer security problem that poses a serious challenge totrustworthiness of services deployed over computer networks. The aim of DoS attacks isto make services unavailable to legitimate users, and current network architectures alloweasy-to-launch, hard-to-stop DoS attacks. Particularly challenging are the service-level DoSattacks, whereby the victim service is flooded with legitimate-like requests, and the jammingattack, in which wireless communication is blocked by malicious radio interference. Theseattacks are overwhelming even for massively-resourced services, and effective and efficientdefenses are highly needed. This work contributes a novel defense framework, which I call dodging, against service-level DoS and wireless jamming. Dodging has two components: (1) the careful assignment ofservers to clients to achieve accurate and quick identification of service-level DoS attackersand (2) the continuous and unpredictable-to-attackers reconfiguration of the client-serverassignment and the radio-channel mapping to withstand service-level and jamming DoSattacks. Dodging creates hard-to-evade baits, or traps, and dilutes the attack "fire power".The traps identify the attackers when they violate the mapping function and even when theyattack while correctly following the mapping function. Moreover, dodging keeps attackers"in the dark", trying to follow the unpredictably changing mapping. They may hit a fewtimes but lose "precious" time before they are identified and stopped. Three dodging-based DoS defense algorithms are developed in this work. They are moreresource-efficient than state-of-the-art DoS detection and mitigation techniques. Honeybees combines channel hopping and error-correcting codes to achieve bandwidth-efficientand energy-efficient mitigation of jamming in multi-radio networks. In roaming honeypots, dodging enables the camouflaging of honeypots, or trap machines, as real servers,making it hard for attackers to locate and avoid the traps. Furthermore, shuffling requestsover servers opens up windows of opportunity, during which legitimate requests are serviced.Live baiting, efficiently identifies service-level DoS attackers by employing results fromthe group-testing theory, discovering defective members in a population using the minimumnumber of tests. The cost and benefit of the dodging algorithms are analyzed theoretically,in simulation, and using prototype experiments

An Improved Intrusion Prevention Sytem for WLAN

The volatile growth in wireless networks over the last few years resembles the rapid growth of the Internet within the last decade. The current IPS presents a less security. Unfortunately, our work combined with the work of others show that each of these mechanisms are completely futile. As a result, organizations with deployed wireless networks are vulnerable to illegal use of, and access to, their internal communications