A Primary User Authentication System for Mobile Cognitive Radio Networks Swathi Chandrashekar - Loukas Lazos Dept. of Electrical and Computer Engineering University of Arizona COGART 2010

Co-existence of a CRN with PRNs (1) (3) 9 PU1 8 free channels (6,7,8,9,10) PU2 (5) 6,7 SU (2) (4) PU5 PU3 PU4 PRN channels: 1-10

Spectrum Sensing Process Secondary users sense the medium for PU activity Energy-based detection Cyclostationary feature extraction Cooperative–diversity based detection PU SU PU signal is NOT AUTHENTICATED I am a PU adversary SU 5/24/2010

Problem Statement Authentication of the PU signal at the SUs Classic point-to-point authentication problem, but, Additional complexities Authentication has to be performed frequently (FCC mandates a 2 sec sensing period) No modification of the legacy system No interaction between PU and SU 5/24/2010

Detection of PUE Attacks – State of the Art Step 1 [Liu et al., 2010] (1) signature based on amplitude h1 (3) PU1 h2 PU2 (5) SU (2) h5 (4) PU5 h3 h4 PU3 PU4 Helper node

Detection of PUE Attacks – State of the Art Step 2 (1) RF training h1 (3) PU1 h2 PU2 (5) SU (2) h5 (4) PU5 h3 h4 PU3 PU4 Helper node

Detection of PUE Attacks – State of the Art Step 3 (1) Link signature h1 (3) PU1 h2 PU2 (5) SU (2) h5 (4) PU5 h3 h4 PU3 PU4 Helper node

Pros and Cons Pros Works well for static CRNs (training is performed sparingly) Does not require helpers to be awake at all times Helpers are placed at physically secure locations (PU premises) Cons Retraining needed with small position changes – not efficient for mobile CRNs Helpers must be as powerful as the PUs – not practical for TV stations (KW range) Helpers placed at the PU premises – Legacy network operators must consent

Our Contribution – Proposed System Architecture (1,3) Helpers placed in the area of interest – need not cover the same area as the PUs Helpers authenticate PU signals based on link signatures Helpers provide spectrum info to SUs SUs authenticate helper info based on crypto methods (2,10) (4,5,6,7,8,9) PU1 PU2 h3 link signature (6,7,8) (2,6,7,8,10) SU1 h1 (6,7,8) link signature h2 SU2 (4,5,9) (2,6,7,8,10) h4 PU3

PU – Helper Authentication Exploit the uniqueness of the multipath components RF characteristics between two points serve as a “signature” Helper is trained to the PU signal (initialization)

Helper - SU Authentication mi || sig(mi) hi mi : Vi || Li || SNi Vi : spectrum occupancy vector Li : the helper location SNi : a sequence number SU SU obtains occupancy vectors from all the neighbor helpers Helpers are synchronized to the same sequence number value Decision about the final channel occupancy is based on Spectrum Allocation Algorithm (AND rule on the occupancy vectors)

Security Analysis – Resistance to a PUE Attack Link Signature h PU Link Signature fails Emulate PU This attack is not possible as long as the PU is physically secure (not within a few wavelengths from the PU)

Security Analysis - Helper Impersonation Attack mi || sig(mi) mj || sig(mj) Adversary cannot impersonate a helper without the proper cryptographic credentials

Security Analysis – Replay Attack mi || sig(mi) mi || sig(mi) mi : Vi || Li || SNi A fresh SN is needed as long as one benign helper is heard at the SU Replays of messages with stale SNs are detected

Security Analysis – Wormhole Attack PU Region B Region A |Li – Lj|< 2r h4 h5 h10 V* h6 Wormhole link SU h1 n9 h3 h8 h2 h7 PU PU

Work in Progress Analytically evaluate the security level against replays Take into account misdetection and false alarm events, node distribution, comm. range, etc. Evaluate the communication overhead under various mobility models Identify possible tradeoffs between security and resource overhead Consider different strategies for alleviating costs; periodic and on-demand information update, computation-efficient crypto