FastProbe: Malicious User Detection in Cognitive Radio Networks Through Active Transmissions Tarun Bansal, Bo Chen and Prasun Sinha Department of Computer Science and Engineering Ohio State University Columbus, Ohio This work is related to the scanning process in the cognitive radio networks. We consider the scenario when some of the reading are not reflecting the correct status of the channel information. How could we detect the radios who provides the misleading information. This is the focus of this talk. Page number
Taken from “How much white-space capacity is there?” IEEE DySPAN, 2010 White Space Channels Discrepancy in channel usage Unlicensed (ISM) bands are congested Licensed bands are free most of the time Unused channels can be used for data transmission When we consider the wireless spectrum, it gives us a feeling that it is a valuable resource. There is more and more wireless communication usage in our daily life. However… Taken from “How much white-space capacity is there?” IEEE DySPAN, 2010
Opportunistic Usage Unlicensed users must avoid interference to licensed user (or primary user, PU) Two Types: In band Scanning: Detect arrival of primary user to avoid causing interference to them Out of band Scanning: Detect channels currently not in use by licensed users Scanning takes time and results in throughput loss Scanning must be reliable Use Cooperation BS based model: BS collects scanning readings from users and aggregates Basestation model What if some users deliberately report incorrect results?
Malicious Cognitive Radio Users May not scan the channel Have a hardware error due to which its readings are erratic Reports arbitrary sensing results without performing any sensing to save time and/or energy Incorrectly report the channel to be busy (DoS attack) Objective: Identify the malicious users in the network
Related Work Existing algorithms (e.g., ADSP, Min et al. ICNP 2009) Divide the Cognitive Radios (CRs) in clusters All users in the same cluster are expected to have similar results If some node has substantially different result compared to its neighbors, it is marked as malicious
Limitations of the Related Work Presence of obstacles affect the readings Assumption that users in the same cluster have similar readings may not be true Vacant Busy Cluster Secondary Base Station (SBS) n1 Vacant n2 n3 Existing algorithms will label n1 as malicious
Limitations of the Related Work (contd.) Ground truth (State of the PU) is unknown Current algorithms detect malicious users reactively Users scan the channel and then base stations determine the malicious users BS may make multiple incorrect scanning decisions before it detects malicious users Incorrect scanning decisions cause interference to licensed users (Violation of FCC requirements)
Working of FastProbe Active Transmissions Based Approach: Proactively detect malicious users A subset of CRs (testing nodes) transmit PU-Emulated (PUE) signals Neighboring CRs are asked to scan the channel and report results back to the Base Station Malicious users can’t distinguish PUE signals from the actual PU signals and would report incorrect results. Mission Accomplished. Backup slides for PUE(2 types)
n5 did not participate in out of band sensing in this round Detecting Malicious Users (Out-of-Band Sensing) : FastProbe Illustration Link Historical Path Loss PathLoss (this round) n1 <-> n2 67 dB 66 dB n1 <-> n3 59 dB 60 dB n4 <-> n5 61dB 48 dB n4 <-> n6 46 dB 47 dB Reputation Value 0.8 -> 0.9 0.9 -> 0.95 0.82 -> 0.64 0.83 -> 0.89 Reputation Value 0.8 0.9 0.82 0.83 SBS n2 n1 n4 n3 n6 n5 Soft decision A difference of 13 dB: n5 did not participate in out of band sensing in this round Testing Nodes: n1, n4
Detecting Malicious Users (In-Band Sensing) FastProbe works similar as before SBS asks a subset of the users to transmit PUE signals The neighboring users must report the presence of PU within 2 seconds (FCC requirement)
Detecting Malicious Users (In-Band Sensing) : FastProbe Illustration SBS n2 and n3 must report the arrival of the licensed user within 2 seconds n1 n4 n2 n6 n5 n1 transmits PUE signals on the channel that n2 and n3 are currently using If not, mark them as malicious
Advantages of FastProbe Base Station has knowledge about the ground truth (e.g., transmission power level) for the tests It can more accurately conclude if the received power level reported by the tested node is correct Path loss readings compared with the previous readings for the same transmitter-receiver pair Uncertainties due to obstacles and multipath are removed
Other Challenges Answered in the Paper How do we test the nodes in the shortest possible time? Choose the set of testing nodes carefully Checking if the testing node itself is malicious and does not transmit PUE signals faithfully Aggregate data from neighboring CRs with high reputation How to make it difficult for the malicious users to distinguish PUE signals from the actual PU signals Transmit PUE signals at random power level Let multiple testing nodes transmit simultaneously to make it difficult to localize Detecting collusion of malicious users Use the SBS to transmit PUE signals Practical improvement PU-partern List the solution
Experiment Setup SBS CRs Wall affects the correlation among neighboring users CRs 3 PUs also deployed (not shown above) 5 channels in 2.4Ghz and 5Ghz spectrum Number of malicious CRs varied from 1 to 5
Experiments Setup (Contd.) Two different attack models: Attack 1: Malicious nodes sense the channel but they either report higher power level, lower power level or the correct power level, each with 1/3 probability . Attack 2: Multiple malicious CRs located close to each other collude so as to improve the reputation value of one of the malicious nodes.
Other Algorithms Implemented ADSP: “Attack-Tolerant Distributed Sensing for Dynamic Spectrum Access Networks”, Min et al., ICNP 2009 Arranges neighboring CRs in clusters CRs in the same cluster assumed to have similar readings Most of the existing algorithms work in a similar way
Experiment Results: Throughput Loss 65% lower loss Font size color FastProbe detects malicious users with up to 65% less throughput loss.
Experiment Results: Scanning Accuracy On an average, sensing accuracy of FastProbe is 1.2x of ADSP
Experiment Results: Detection Latency ADSP takes 4x longer On an average, ADSP takes 4x longer to detect malicious users
Thank you Summary Proposed an active transmissions based approach Proactively detect malicious CRs Detect malicious users that do not perform in-band sensing or out of band sensing Thank you
Simulation Setup 100 km X 100 km field Number of CRs: 400 Malicious CRs: 80 Number of PUs: 40 Number of Channels: 50
Simulation Results: Total Transmissions in FastProbe Number of transmissions done in FastProbe taper off since each user can test multiple neighbors
Simulation Results: Throughput Loss Throughput loss for ADSP is at least 2X compared to FastProbe for both the models FastProbe does not require multiple users to scan at the same time
Simulation Results under mobility: Throughput Loss Base Station in FastProbe knows the ground truth, and detects malicious users faster with lower overhead