* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Primary User Protection Using MSP in Cognitive Radio Networks
Survey
Document related concepts
Computer security wikipedia , lookup
Wireless security wikipedia , lookup
SIP extensions for the IP Multimedia Subsystem wikipedia , lookup
Policies promoting wireless broadband in the United States wikipedia , lookup
Spectrum reallocation wikipedia , lookup
Deep packet inspection wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
IEEE 802.11 wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Transcript
ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering (IJARCSEE) Volume 3, Issue 3, March 2014 Primary User Protection Using MSP in Cognitive Radio Networks Rekha Raj. R, Reeja. R. Rajan Abstract – Cognitive Radio Networks (CRN) provides a promising solution to solve the scarcity of radio spectrum by the investigation of Medium Access Control (MAC) protocols. MAC protocols are used to sense the channels for data transmission and are considered for the secondary users to efficiently utilize and share the spectrum licensed by the primary user. One important issue associated with MAC protocol design is how the secondary users determine when and which channel they should sense and access without causing harmful interference to the primary user. Normal Spectrum Sensing (NSS) is used at the beginning of each frame to determine whether the channel is idle. Then the secondary users employ CSMA for channel contention on detecting the available transmission opportunity. Fast Spectrum Sensing (FSS) is inserted after channel contention to promptly detect the return of the primary users. So the primary users can benefit from more protection by using FSS. In addition, this work investigates how the performance of the proposed protocol will be if there are different Selfish Attacks and Detection in Cognitive Radio Networks. CRN have several intrinsic security threats due to the opportunistic exploitation of the bandwidth in cognitive radio network. In particular, jamming is one of the most challenging security threats for Cognitive Radio Networks. So in this proposed work Intrusion Detection Systems are used for combating these threats against Cognitive Radio Networks. Keywords-cognitive radio networks, MAC protocol, fast spectrum sensing (FSS), Jamming attack, intrusion Detection system (IDS) I. INTRODUCTION In the recent years the scarcity of spectral resources while most of the allocated spectrum is underutilized. What may look like a paradox it is only the waste of spectral resources. Most of the useful spectrum is allocated to licensed users (e.g. mobile carriers, TV broadcasting companies) that do not transmit at all the geographical locations all the time. If this spectrum is opened for unlicensed use (e.g. private users, short range networks ...) then a vast array of new services will Manuscript received March, 2014. Rekha Raj. R, Department of Computer Science and Engineering, Jawaharlal College of engineering and Technology, Palakkad, India, Mobile No. +919633215100 Reeja. R. Rajan, Department of Computer Science and Engineering, Jawaharlal College of Engineering and Technology, Palakkad, India, Mobile No. +919846387054 appear in the network. For example the huge innovation that has occurred in WiFi and Bluetooth operating in unlicensed bands, even though these two standards share just scraps of undesirable spectrum with many other technologies. However, before opening the licensed spectrum to new users in a Dynamic Spectrum Access (DSA), it is necessary to guarantee the primary users; they are having the rights over these bands, that they will not be interfered. For future communication and networking Cognitive radio networks (CRNs) are one of the enabling technologies. In order to improve and optimize the radio electromagnetic spectrum CRNs have been developed. A cognitive radio system is a 'smart' network that can observe, learn from, and adjust to changing environment conditions. CRNs’ users can be divided into two classes: primary users-they are the license holders of the radio spectrum; and, secondary users-they are allowed for using the temporarily unused licensed spectrum. Whenever the primary users directly access the radio channel, secondary users must carefully monitor the spectrum availability to hold unused portion of it. There by avoiding any interference on primary users’ communications. To secure this goal, secondary users perform a continuous spectrum sensing and analysis, and when they find a “spectrum hole”, they tune their radios in order to perform the communication in the available spectrum. Therefore, secondary users opportunistically access the free spectrum bands when they are free, while releasing them back when needed by primary users. In order to achieve this, secondary users are asked to continuously sense the radio environment Figure 1 shows a typical CRN spectrum utilization: primary users are the license holders, and therefore, they directly access the wireless spectrum; nevertheless, for large time spans, the frequency bands are not used, and they might be accessed by secondary users with an opportunistic behavior, i.e., using a free frequency band till no primary users Requests it, and jumping to a new unused frequency band as soon as a primary user intends to access the band in use. Thus A common assumption in cognitive radio systems is that the licensed users which are having the spectrum rights are unaware of the presence of secondary users. Hence the burden of interference management relies mainly on the secondary system. In particular, either there is a maximum interference level that 133 All Rights Reserved © 2014 IJARCSEE ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering (IJARCSEE) Volume 3, Issue 3, March 2014 the primary system is willing to tolerate, and the secondary powers/activity are to be adjusted within this constraint, A. CRN architecture hence both primary and secondary users transmit in the same The CRN system model is depicted in Fig. 2. For easiness, band, or secondary users are allowed to opportunistically the figure contains only one television broadcasting tower access the spectrum on the basis of no-interference to the primary (licensed) users. These two paradigms referring to whereas multiple broadcasting towers may also be present. the fact that secondary users need to fulfill the constraints The television companies have license to broadcast their programs through the reserved band of the 54 to 806 MHz, so imposed by the primary user. One challenge faced by coexisting cognitive radio the television companies (along with their subscribers) networks is how to reduce the internetwork media contention formulate the “primary users” of the system. On the other (with primary user using spectrum sensing) and intranetwork hand, the IEEE 802.22 WRAN (Wireless Regional Area contention (with other secondary users via, e.g., CSMA/CA Network) specification allows a number of “cells” and each mechanism). The design of the optimal sensing-transmission of the cells are managed by a base station (BS). The WRAN strategies on a single channel is investigated under imperfect cells form our considered CRN. The service coverage radius sensing, where the total collision probability is restricted to of each of the WRAN cells featuring collocated CRNs varies satisfy the protection required by the primary user. So the from 33 to 100km. Each CRN can support a number of joint consideration of both MAC-layer sensing and channel “secondary users,” who may access the unused spaces of the contention access has been introduced. The usual method, spectrum, which is usually reserved for the television namely Opportunistic Spectrum Access-MAC or OSA-MAC companies, i.e. the primary users. in short, which allows the secondary users to perform channel contention before spectrum sensing and that may result in contending unavailable channel and wasting system resource. Another method is that spectrum sensing is carried out at the beginning of each frame to detect the presence of the primary user followed by channel contention. This will benefit from the up-to-date sensing information. Due to the random arrival of the primary packet, the primary user will transmit without sensing and contention whenever it becomes active. This may results in severe interference between primary and secondary users, whenever a secondary user gains the channel access and attempts to transmit its packet in this busy scheme. Radio spectrum use 100% 80% Spectrum currently occupied by primary users 60% 40% 20% 0% t1 t2 t3 t4 White space for secondary users access Time Fig 1. Spectrum management in CRNs: Secondary users exploit frequency bands left from primary users in order to communicate. Fig 2. Considered CRN architecture illustrating how the licensed band with white spaces can be shared by the secondary users. 134 All Rights Reserved © 2013 IJARCSEE ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering (IJARCSEE) Volume 3, Issue 3, March 2014 available, intranetwork contention takes place where These unused spaces of the spectrum might occur due to cognitive users compete for channel access. different scenarios, e.g. when the television broadcast is offline/ idle. The unused portions of the spectrum are referred B. Carrier Sense Multiple Access (CSMA) to as “white spaces.” Each secondary user is equipped with software radio to sense whether the primary users are On a half-duplex Ethernet network, multiple nodes share a currently occupying a channel or not. If the channel is single transmission medium. A MAC protocol is used to occupied, the secondary user has the ability to adapt his radio allow the nodes to gain access to the shared transmission to another channel in order to sense the white spaces of that medium and to ensure error-free data transfer. CSMA/CD is channel. the MAC protocol used on half-duplex Ethernet networks. It II. MAC SENSING-TRANSMISSION PROTOCOL manages the access to the shared transmission medium and DESIGN prevents multiple nodes from transmitting frames This section deals with the design of MAC simultaneously. Before transmitting a packet, the cognitive sensing-transmission protocol. As shown in Fig. 3, each user is required to monitor the channel to avoid collision with cognitive user operates on a frame-by-frame basis, with each packets being transmitted by other cognitive users. If two or frame of duration T. The cognitive user first senses the more nodes simultaneously transmit frames, CSMA/CD channel for a duration TN. Then CSMA is invoked to contend ensures that the frames are detected and retransmitted. To ensure reliable frame transfer, CSMA/CD follows a for channel access, whenever the channel is declared idle. sequence of steps. The first step for transmitting a frame by Thereafter, the return of the primary user is detected by performing FSS. The secondary users can use the idle using CSMA/CD is carrier sensing or listen before talking. A channel for data transmission, if no active primary user is node that has to transmit a frame monitors the transmission detected. This protocol design overcomes the limitations of medium to detect whether the medium is free. The node does OSA-MAC that allows channel contention before spectrum this by sensing a carrier on the medium. A carrier is a specific sensing by the contention of unavailable channel. Moreover, level of voltage used to transmit a frame. The presence of a it will improve the efficiency of MAC protocols. The channel carrier on the transmission medium indicates that the may become busy anytime due to the random arrival of the medium is being used. If a carrier is detected, the primary user in the network. FSS can avoid causing major transmission is deferred until the carrier ceases and the interference to the primary user. The detailed design of the transmission medium is free. The node continues to monitor proposed MAC sensing-transmission protocol is described as the transmission medium until the carrier ceases. However, if the node does not detect a carrier, it indicates follows. that the transmission medium is free. The node can then transmit the frame. The node begins the transmission after waiting for a minimum period of time known as an Inter Frame Gap (IFG). At any specific point in time, multiple nodes may sense a carrier on the transmission medium. At times, more than one node may simultaneously determine that the transmission medium is free and begin to transmit frames. In a situation where two or more nodes simultaneously transmit frames a collision occurs. A collision corrupts the frames that are transmitted together. To detect a collision, the node that has initiated a transmission needs to monitor the transmission medium for a possible collision. This process is Fig. 3. The frame structure of cognitive user known as listen while talking. During the process of listen while talking, the transmission is complete if a collision is A. Normal Spectrum Sensing (NSS) not detected. However, if a collision is detected, the node stops the transmission of the frame. This process is known as NSS is carried out at the beginning of each frame. collision detection. After stopping the transmission of the Efficient detection and identification of the availability of the frame, the node sends a collision enforcement jam signal to primary channel which can be accessed by the cognitive user the other nodes on the network. When the other nodes receive is focused in NSS. If the channel is indicated as occupied by the jam signal, they discard the frames that are corrupted by the primary user, then the secondary user will keep silent the collision. After sending the jam signal, the nodes until the next frame. On the other hand, if the channel is 135 All Rights Reserved © 2014 IJARCSEE ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering (IJARCSEE) Volume 3, Issue 3, March 2014 involved in the collision wait for an indefinite period of time before retransmitting the frames. This process in which the III. SECURITY THREATS AGAINST CRN nodes wait before transmitting frames is known as backoff. The backoff period is determined by a random number In fact, CRNs suffer both traditional wireless security generated by a collision counter located on each node. After a issues, as well as specific threats: many attacks have been backoff, the nodes involved in the collision try to transmit recently introduced in order to prevent secondary users from data again. This may cause repeated collisions. The accessing available spectrum slots. One of the most possibility of repeated collisions is reduced if each node challenging security threat in CRNs is jamming, i.e., backs off for a different period of time. The value of the malicious signal transmissions. Jamming has been backoff period is cumulative until a node retransmits a frame introduced in military scenarios to prevent an adversary from without a collision. communicating. The two principal goals of jamming in Finally, the last step in the process of transmitting a frame CRNs are avoiding all the communications of primary and by using CSMA/CD is retransmitting the frame that is secondary users, or preventing only secondary users from corrupted because of a collision. This step is performed after accessing the free spectrum bands. The former goal is a a collision is detected, and the node backs off for a period of general problem of standard wireless communications; while time. If the retransmission is successful, the node clears its the latter one is specific to CRNs. In fact, recalling Fig. 1, collision counter consider several secondary users might compete to gain the free spectrum access. A malicious secondary user could aim C. Fast Spectrum Sensing (FSS) at increasing the chances to use the free spectrum by disrupting the other secondary users’ communications. FSS is introduced as a preliminary step before NSS. The The attack taxonomy presented in [4] classifies these aim of FSS is to quickly determining whether a subsequent threats based on the layer in which they are carried out. The spectrum sensing is required in a network. FSS is performed transport layer threats usually disrupt the transport control before the cognitive user attempts to transmit packet during protocol (TCP). An example of this attack is “Lion” attack. the channel contention phase whenever its backoff counter Sinkhole and HELLO flood attacks are the network layer reaches to zero. The primary packet may arrive at any attacks against CRN. The link layer attacks comprise instant, and be transmitted without sensing and contention; spectrum sensing data falsification and a denial of service therefore the channel may become busy again, and need to be (DoS) attack by saturating the control channel of the CRN. completely used by the primary user. Thus spectrum sensing Meanwhile, the physical layer attacks against CRNs consist is required to be carried out frequently to protect the primary of primary user emulation (PUE) attack, objective function user. Due to the random value of Tc, Tc may be very large, attack, and the jamming attack and physical layer attacks are such that the return of the primary user will occur with high more challenging to deal with. probability. Thus, it is necessary to perform FSS with duration TF < TN after the channel contention phase. A. Primary User Emulation (PUE) attack The FSS is provided with threefold purpose. First purpose is to declare the channel busy if any misdetection happens in NSS. Second is to quickly detect the return of the primary user after the Tc period. The secondary user will utilize the available channel to transmit its packet, if the channel is still declared idle in FSS and it can also prevent the secondary user from transmitting on busy channel due to the return of primary user after Tc. Third, if the channel is declared as busy, then the backoff counter is reaches to frozen at a special stage for a duration which is equal to the ON period of the primary packet, TON; then keeps sensing until the channel is declared idle. FSS is a continuous sensing strategy. If the secondary user senses the channel as busy, it will leave the channel for TON duration, and then keeps sensing until the channel is declared idle due to its short sensing time. Therefore, the remaining available transmission opportunity can be utilized by the secondary user. This will results in a more effective utilization of the available channel. In this attack, competitive secondary user aims at preventing authorized secondary users from using the white spaces in the spectrum. For example, the competitor may exploit the “quiet periods” of the CRN during which no secondary user should transmit in order to facilitate spectrum sensing. If the competitor transmits during the quiet period, then the other authorized users will back off by considering that a primary user (i.e. the competitor) is accessing the spectrum. There is realistic possibility of PUE attacks since CRs are highly reconfigurable. There are a number of other techniques by which the adversary may pretend to be a primary user and trick the authorized secondary users. B. Objective function attack Cognitive radio is capable of sensing the spectral environment. CRN learns from previous history, and making 136 All Rights Reserved © 2013 IJARCSEE ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering (IJARCSEE) Volume 3, Issue 3, March 2014 smart decisions for adjusting its transmission parameters flow, primary user access time, packet delivery ratio (PDR), based on the current environmental conditions. signal strength (SS), and so forth. To make it clear, an By solving objective functions these parameters are example of a physical layer attack, i.e. the jamming attack, is computed by the cognitive engine. Consider a simple considered. In order to identify the jamming attack, consider objective function to find the radio parameters, which a simple observation made by a secondary user involving its balance the data rate and security. Assume the impact when PDR and SS. The PDR of a user indicates the ratio of the an intelligent malicious attacker performs a jamming attack number of packets received by the user to that of the packets every time an authorized secondary user attempts to transmit sent to him. This is an example case of the IDS learning data with high security. So this makes the authorized phase (which arises from a specific jamming attack against secondary user’s cognitive engine to experience that the the CRN), but IDS is not limited to learning this feature only. network conditions are unfavourable for secure transmission. If the IDS is designed appropriately by taking into As a result, the user drops his security level and transmits consideration the CRN system specifications, wireless data with low/no security. Thus, the malicious attacker forces protocol behaviour, and so on, it can learn various modes of the victim radio to use a low security level, which can be operation of the CRN. The acquired information can smooth eavesdropped or hacked. the detection phase of the IDS to discover unknown intrusions or attacks against the targeted CRN. C. Jamming attack B. Detection Phase Jamming attack is one of the most difficult security threats The IDS detection phase is based on finding the point of in CRNs. A jamming attacker may transmit continuous change in the CRN operation as quickly as possible under an packets to force an authorized secondary user to never sense an idle channel. This leads to a DoS type attack whereby the attack. First, consider a physical layer jamming attack as follows. When a malicious user jams a secondary user’s legitimate user is unable to access any white space. connection, the following observations can be made. While the SS measured at that secondary user remains high, his IV. IDS FOR DETECTING THREATS PDR usually drops. Intrusion detection system (IDS) is effective to quickly detect whether the secondary user are being attacked. Usually Algorithm: PDRSS_Detect_Jam the IDSs follow either mis-use or anomaly based attack { PDR(N) : N € Neighbors} = Measure_PDR() detection methods. The mis-use based detection method uses MaxPDR = max{ PDR(N) : N € Neighbors} signatures of already known attacks. But, the mis-use based if MaxPDR < PDRThresh then SS = Sample_Signal_Strength() approach cannot find new types of attacks effectively. On the CCheck = SS_ConsistencyCheck(MaxPDR, SS) other hand, as its name suggests, the anomaly based if CCheck == False then detection methodology relies on finding the “anomaly”, post NodeIsJammed () which represents an abnormal mode of operation in the end system. It may be possible to detect new attacks- which generate some abnormal change in the CRN by designing an end appropriate anomaly based intrusion/attack detection system. This is the reason why it is better to use the anomaly-based Algorithm 1: Jamming detection algorithm that checks the intrusion detection technique in the IDS for identifying consistency of PDR measurements with observed signal attacks in CRNs. In CRN, single centralized IDS may not be strength. able to detect a malicious attack and notify the secondary This happens only because the secondary user never users quickly enough. Therefore it is important to facilitate lightweight yet effective IDSs in the secondary users’ receives some/all of the packets sent to him. Our point of themselves.ie, each secondary user is assumed to have an interest is how to detect the change point in the PDR IDS. The IDS operates in two steps, namely the learning or behaviour of a secondary user (targeted by a jamming attacker). In other words, how can the IDS find when the profiling phase and the detection phase. PDR of the secondary user is dropping significantly enough to reflect the impact of a jamming attack? In the following, A. Learning Phase the proposed IDS with anomaly detection is presented to deal To effectively detect anomalies due to various types of with this issue. attacks, the IDS needs to be designed in such a fashion that it may learn the normal behaviour of protocol operation, traffic 137 All Rights Reserved © 2014 IJARCSEE ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering (IJARCSEE) Volume 3, Issue 3, March 2014 Based on these observations this work proposes the detection protocol shown in Algorithm 1. In the PDRSS_Detect_Jam algorithm, a wireless node will declare that it is not jammed if at least one of its neighbors has a high PDR value. However, if the PDRs of all the neighbors are low, then the node may or may not be jammed and we need to further differentiate the possibilities by measuring the ambient signal strength. Rather than continually sample the ambient signal levels, the function Sample_Signal_Strength() instead reactively measures the signal strength values for a window of time after the PDR values fall below a threshold, and the sampling returns the maximum value of the signal strengths, which is denoted as SS. The duration of the sampling window should be carefully tuned based upon the traffic rate, the jamming model, the Graph 1: Throughput versus Time measuring accuracy, and the desired detection confidence level. The function SS_ConsistencyCheck() takes as input the maximum PDR value of all the neighbors, denoted as MaxPDR, and the signal strength reading SS. A consistency check is performed to see whether the low PDR values are consistent with the signal strength measurements. If the signal strength SS is too large to have produced the observed MaxPDR value, then SS_ConsistencyCheck() returns False, else it returns True. V. EXPERIMENTAL RESULTS The proposed work Protection to Primary User using MSP in Cognitive Radio Networks by using NS2 in a personal computer running Microsoft Fedora13 with the specifications such as Pentium IV 1.13 GHz, hard disk of 40 GB and Cache memory of 512 MB. Simulated results are analysed by using graph. Graph can be implemented on the basis of packet delivery ratio, throughput and channel contention. Throughput versus time is shown in graph1.The throughput is the rate of successful message delivery over a communication channel. This data may be delivered over a physical or logical link, or pass through a certain network node. As the time increases there is a gradual increase in the throughput. After 50secs maximum sustained throughput is obtained. The graph 2 plots packet delivery ratio (PDR) in Y-direction versus time in X-direction. PDR illustrates the ratio of number of delivered data packets to the destination . Graph 2: Packet Delivery Ratio versus Time It can be calculated by dividing the numbers of packet receive to the number of packet send. The greater value of packet delivery ratio means the better performance of the protocol. i.e., if the value of PDR is less than one, then there may be a chance of malicious attack and if the value of PDR is equal to one, then there is no attacks happen. The graph 3 illustrates the relationship between channel contention and time. Normal spectrum sensing is carried out during the time interval between 0-10 sec. 20 sec onwards there will be high channel sensing and channel access takes place. At an interval 40 sec the graph measures a peak increase in the channel contention. After the 50 sec the graph shows no channel access. 138 All Rights Reserved © 2013 IJARCSEE ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering (IJARCSEE) Volume 3, Issue 3, March 2014 [2] Intrusion Detection System (IDS) for Combating Attacks Against Cognitive Radio Networks Fadlullah, Z.M. , Nishiyama, H. , Kato, N., and Fouda, M.M. Network, IEEE Volume:2 , Issue: 3, June 2013. [3] Jamming Mitigation in Cognitive Radio Networks Di Pietro, R. ; Univ. of Roma Tre, Rome, Italy ; Oligeri, G. Network, IEEE ,Volume:27, Issue: 3, 07 June 2013. [4] Survey of Security Issues in Cognitive Radio Networks W. El-Hajj, H. Safa, and M. Guizani, J. Internet Technology (JIT), vol. 12, no. 2, Mar. 2011, pp. 181–98. Rekha Raj. R received her BTECH Degree in Information Technology from SHM Engineering College, which is affiliated to Kerala University, Thiruvananthapuram, Kerala. Now currently pursuing her Final Year Masters of Engineering in Computer Science and Engineering from Jawaharlal College of Engineering and Technology, which is affiliated to University of Calicut, Calicut, Kerala. Her area of Interest is Computer Networks and cloud computing. Graph 3: Channel Contention versus Time. VI. CONCLUSION AND FUTURE WORK In this work, we study the design of MAC sensing transmission protocol that inserts FSS after the channel contention phase. For a real environment, the primary user packet may arrive at any time, and utilizes the channel without sensing and contention due to its higher priority. Thus, the channel will become busy after the contention phase. Therefore, inserting Fast Spectrum Sensing into the MAC protocol design has significant impact in reducing the collision probability and improving the primary user protection. In addition, this work analyses several security threats occurs in CRN due to the mis use of the bandwidth in cognitive radio network. Specifically, jamming is one of the challenging security threats for Cognitive Radio Networks. This work also highlighted the importance of designing appropriate intrusion detection systems to combat attacks against cognitive radio networks. Also, we proposed simple yet effective IDS, which can be easily implemented in the secondary users. Our proposed IDS uses a Jamming detection algorithm, which offers anomaly detection. Simulation results clearly show the effectiveness of the proposed MAC sensing-transmission protocol with FSS. In the future, our work will perform further investigations of how to enhance the detection sensitivity of the IDS. Reeja. R. Rajan received her BTECH Degree in Information Technology from University of Calicut, Kerala and MTECH Degree in Embedded System from Anna University, Chennai. She is currently working as an Assistant Professor in the Department of Computer Science and Engineering at Jawaharlal College of Engineering and Technology, which is affiliated to university of Calicut. Her area of Interest is Embedded System, Data Mining, Data Compression and Computer Networks. REFERENCES [1] A MAC Sensing Protocol Design for Data Transmission with More Protection to Primary Users Wenjie Zhang, Chai Kiat Yeo, and Yifan Li , IEEE Transactions On Mobile Computing, Vol. 12, No. 4, April 2013. 139 All Rights Reserved © 2014 IJARCSEE