Towards a Trust Aware Cognitive Radio Architecture Tao Qin a Han Yu a Cyril Leung b Zhiqi Shen c Chunyan Miao a
[email protected] [email protected] [email protected] {zqshen, ascymiao}@ntu.edu.sg a School of Computer Engineering, Nanyang Technological University, Singapore b Department of Electrical and Computer Engineering, University of British Columbia, Vancouver, BC, Canada c School of Electrical and Electronic Engineering, Nanyang Technological University, Singapore Abstract – Cognitive radio (CR) is a promising concept for improving the utilization of scarce radio spectrum resources. A reliable strategy for the detection of unused spectrum bands is essential to the design and practical implementation of CR systems. It is widely accepted that in a real-world environment, cooperative spectrum sensing involving many secondary users scattered in a wide geographical area can greatly improve sensing accuracy. However, some secondary users may misbehave, i.e. provide false sensing information, in an attempt to maximize their own utility gains. Such selfish behaviour, if unchecked, can severely impact the operation of the CR system. In this paper, we propose a novel trustaware hybrid spectrum sensing scheme which can detect misbehaving secondary users and filter out their reported spectrum sensing results from the decision making process. The robustness and efficiency of the proposed scheme are verified through extensive computer simulations.
I.
Introduction
As the demand for wireless communications grows, so does the importance for efficient utilization of the scarce radio spectrum resource. The Federal Communications Commission (FCC) has reported that most of the licensed spectrum is currently under-utilized [1]. Cognitive radio (CR) is a novel approach for improving the utilization by making it possible for a group of secondary (unlicensed) users (SUs) to access spectrum bands which are not being used by the primary (licensed) users (PU) in some geographical location [2]. A CR system is an intelligent wireless communication system which is able to survey its radio environment and dynamically adjust its transmission characteristics accordingly. Dynamic spectrum allocation (DSA) is one of the central ideas in the cognitive radio network (CRN) paradigm. Efficient DSA requires the SU to be able to accurately determine the activity state of a PU spectrum band. In a CRN, the sensing accuracy is affected by a number of factors such as terrain features, the types of the sensing devices, etc. [3]. Sensing accuracy can be improved by collecting measurements from a number of sensing devices located in a wider geographic area rather than relying on one or two dedicated devices [4], [5]. SU devices may possess different sensing capabilities or may purposely choose to misbehave in order to maximize their own utility gains. Although efforts have been directed at mak86
ing CRNs more robust against traditional security attacks [6], few attempts have been made to deal with legitimate users who behave dishonestly for selfish purposes. The term “soft security threat” is used in [7] to describe the aforementioned situation. In the field of multi-agent systems (MAS) research, these threats are commonly addressed by computational trust and reputation models. Trust is a concept that has attracted a lot of research interest in a myriad of disciplines such as sociology, psychology, economics and computer science, just to name a few. Although there is no universal definition for trust within the research community, it is common in computational trust research to view the trustworthiness of a trustee as a particular level of the subjective probability with which a truster assesses that the trustee will perform a particular action, both before he can monitor such action and in a context in which it affects his own action [8]. Essentially, the trustworthiness evaluates both a trustee’s reliability as well as its regularity. In our view, a number of parallels can be drawn between a MAS and a CRN, notably in the domain of cooperation amongst the participants (i.e. intelligent agents and SU devices) in both systems to accomplish system objectives more efficiently. A SU’s actions in the PU spectrum usage sensing process can impact the collective decision making process either positively or negatively depending on both its intentions and its capabilities. Therefore, we study the ef-
Mobile Computing and Communications Review, Volume 13, Number 2
fectiveness of incorporating the results from computational trust and reputation modeling research into the CR system architecture in improving the robustness of the distributed PU spectrum sensing process. In Section II, relevant research is reviewed to provide taxonomy of the state of the art of trust and reputation research in CR and wireless sensor networks (WSN). Section III describes the architecture of the CR system used in this study. Section IV details the proposed trust-aware spectrum sensing results aggregation scheme. In Section V, the proposed scheme is subject to a range of well-known attacks on the soft security aspects of a CRN and its effectiveness is discussed. Conclusions and future work are presented in Section VI.
II.
Related Works
The trustworthiness value is meaningless unless it is attached to an entity which can be definitively recognized. For this reason, identifying a SU is critical to the successful application of trust in CRN. The most widely used technique for identifying a wireless device is through Radio Frequency Fingerprinting (RFF). Its application in intrusion detection has been studied in [9]. Although uniquely identifying each wireless device remains a difficult challenge, RFF technique is promising. In this research, we treat the mechanism for uniquely identifying a SU via RFF as a black-box and assume the availability of the identity information for our trust model. The idea of applying trust and reputation modeling in a CR has recently attracted research interest. A mathematical framework of trust in a CRN is constructed in [10]. Detailed definitions for the terms related to trust in CRN were proposed under the trusted routing context. Although no concrete experiment was carried out, it served as a first attempt to theoretically introduce the idea of applying trust and reputation modeling to the field of cognitive radio research. A brief discussion of the impact of trust model on CRN is provided in [6]. Although not their main focus, the authors suggested potential ways for incorporating trust modeling to CRNs including identity management, the trust building process and possible mechanisms for disseminating the trust information. Nonetheless, these discussions were purely conceptual and no experiments were conducted. In [5], the authors The work explicitly advocated the use of trust and reputation in integrating local spectrum sensing results in combating the threat of spectrum sensing data falsification (SSDF) attack on
CRNs. However, since trust modeling was not the focus of their paper, the model described was only a high level overview. No working model for acquiring the trustworthiness data or framework was proposed. Therefore, no quantitative analysis of the effectiveness of such a scheme in a CRN was provided. Perhaps the most closely related research to applying trust modeling in cognitive radio is the use of trust to defend against malicious nodes in a wireless sensor network (WSN). In [11] a layered architecture is proposed for aggregating sensor inputs from a large WSN to detect Byzantine failures as well as malicious node behaviours. The trust model relies on an endogenous method which implicitly assumes that the malicious nodes comprise a minority among all the sensor nodes in the system. A variant of the majority voting technique - trust weighted aggregation - is used to compute the final collective sensor input. Their proposed system works well when a relatively small fraction of the nodes are compromised. However, when over quarter of the nodes are compromised, the performance is not satisfactory. Although similar to WSNs on some ways, CRNs have unique characteristics which may make it inappropriate to directly employ a trust-based sensor input aggregation scheme. Moreover, the choice of the computational trust model depends on the architecture of the target cognitive radio system. In the next section, we illustrate the architecture of the CRN used for our proposed scheme.
III. System Architecture III.A. A CRN Architecture CRNs can be deployed in various kinds of network configurations such as centralized, Ad-hoc and mesh architectures [12]. Figure 1 shows a general architecture of CRNs as depicted in [13]. In this paper, we adopt an infrastructure-based CRN with centralized network entities such as a base station in cellular networks which is an extension of the one in [14]. We assume that PUs coexist with SUs in some geographical area and PUs are controlled by a fixed PU base station (PUBS). In this CRN, SUs are distributed in the coverage area of a fixed SU base station (SUBS) and SUs within the transmission range of the SUBS can only communicate with each other through the SUBS. The SUs are not able to communicate with PUs or the PUBS but communication between the SUBS and PUBS is possible. In this study, we assume the absence of any market infrastructure support for the PUBS to sell its unused spectrum band
Mobile Computing and Communications Review, Volume 13, Number 2
87
to the SUs. Therefore, the PUBS has little incentive to inform the SUBS each time the activity states of a spectrum band changes. During the sensing process, each SU senses the PU spectrum bands individually and reports the results to the SUBS. By integrating the sensing results reported by the SUs with its own sensing result, the SUBS determines the activity states of each PU spectrum band and allocates resources to SUs within its range. When a PU experiences undue interference, it informs its PUBS which identifies the offending SUBSs by using the localization technique in [15]. A complaint message is then sent immediately by the PUBS to the identified SUBSs. This complaint message from the PUBS to the SUBSs will cause a temporary shutdown of the offending SUBS operations and may result in a great utility loss for SUs. In this paper, we assume that PUs, PUBS and SUBS are trustworthy entities in the CRN.
or the SUs may at times not be very confident about their sensing results. Therefore, when SUs report their sensing results to the SUBS and when the results are aggregated, the confidence level, θ, of each result is taken into account. The confidence level of the sensing result depends on several factors. For simplicity, in our subsequent experiments, we assume it to be related only to the channel gains between the transmitters and the sensors. Three types of sensing results can be obtained when trying to establish whether PUBS is using its allocated spectrum band: 1) the PU spectrum band is in active use (denoted by numeric value 1); 2) the PU spectrum band is not in active use (denoted by numeric value -1), and 3) the band activity state is not clear or SU/SUBS abstains from the sensing operation (denoted by numeric value 0). A SU can choose to return any one of these three types of results to the SUBS on the basis of its sensing algorithm output and its own confidence level about the result. The aggregated sensing result for a particular PU spectrum band p is calculated as: M
i=1 Rp = θΓBS + (1 − θ) M
τip Γip
i=1 τip
,
(1)
• Rp is the overall sensing result for PU spectrum band p; • θ is the confidence level of the SUBS; • ΓBS is the sensing result provided by the SUBS; • τip is the trustworthiness of SU i in the context of PU spectrum band p; Figure 1: A general cognitive radio network architecture [13].
• Γip is the sensing result for PU spectrum band p provided by SU i;
III.B.
• M is the number of SUs whose trustworthiness with respect to PU spectrum band p is above a predefined threshold η.
A Weighted Sensing Result Aggregation Scheme
With the CRN architecture described above, the decision on the activity state of a PUBS (the band is active if it is being used for PU communication and inactive otherwise) depends on 1) the sensing result from the SUBS, and 2) the collective sensing results obtained from the SUs managed by this SUBS. This mode of operation enables the SUBS sensing result to act as a control while still harnessing the power of distributed sensing by participating SUs which could enhance the overall sensing result accuracy provided they act in a benevolent way. However, as the sensing results can be significantly influenced by the relative locations of the PU transmitter, the SUBS and the SUs, the SUBS 88
In the case when the variance in trustworthiness of each SU in the context of a primary spectrum band p is not considered, η is set to 0 and all τip are set to 1. Then, the second term in (1) reduces to a simple average of all the sensing results obtained from the SUs. It is effectively a weighted sum of the SUBS sensing result and a majority voting from all the SUs who choose to participate in the distributed sensing operation. The final decision Dp is made based on the sign of Rp ⎧ ⎨ −1, Rp < 0 0, Rp = 0 (2) Dp = ⎩ 1, Rp > 0
Mobile Computing and Communications Review, Volume 13, Number 2
In a CRN, two types of errors in the decision to utilize the PU spectrum can occur: 1) the PU spectrum band is idle but the final decision of the SUBS is not to use the band; and 2) the PU spectrum band is being used but the final decision of the SUBS is to use the band. We will refer to these two category errors as a false alarm, E1 , and a miss detection, E2 , respectively. A false alarm tends to reduce the system throughput while the a miss detection may cause interference to a PU and may result in a forced shutdown of the SUBS sharing the band. Usually, a miss detection has more serious consequences than a false alarm.
IV.B. The Proposed Trust-aware Collaborative Sensing Framework for CRN In order to fit into the CR system architecture described in Sections III, the Beta reputation model has to be extended. Figure 2 shows the overall architecture of the proposed trust and reputation model.
IV. Computational Trust Model In this section, an overview of the Beta Reputation System (BRS) is first given. The BRS is then extended so that it can be applied on a trust-aware CR cooperative sensing scheme.
IV.A. An Overview of Beta Reputation Model The Beta reputation system proposed in [16] is a generic de-centralized reputation evaluation model. It is context independent - which implies that it does not account for possible differences in a trustee’s trustworthiness under different circumstances or towards different interaction partners. The Beta reputation system regards the behaviour of each individual trustee as a binary event modeled by the Beta distribution. The Beta distribution is commonly used to represent the posterior probability of a binary event. This feature provides a basis for evaluating the trust and reputation of each trustee. The Beta family of probability distribution functions (PDFs) is a set of continuous functions indexed by two parameters: α and β. In the Beta reputation model, α is set to be the number, Np , of positive ratings plus 1 and β is set to be the number, Nn , of negative ratings plus 1. As trust is intuitively the expectation of positive behaviour from a trustee in future interactions, the trustworthiness value is calculated as Np + 1 α = . Np + Nn + 2 α+β
(3)
A forgetting or decay factor ρ may be applied to assign more weight to new ratings and gradually decrease the influence of older ratings.
Figure 2: Overall architecture of the proposed trust and reputation model. The behaviour of a SU can be generally divided into two categories: honest and dishonest. An honest SU will always report its actual spectrum sensing result to the SUBS if it is confident about the result. On the other hand, a dishonest SU may tamper with its sensing result or even fabricate the result without sensing at all and report the dubious result to the SUBS. Although there can be many forms of dishonest behaviour in a particular system, their common characteristic is to bias the final decision about the PU band activity state. Even if a SU has benevolent intention (i.e. is honest), its sensing result may not always be correct due to a range of factors (e.g. the sensing method used, the capability of its sensor etc.). To achieve a high trustworthiness score, a SU should be honest and be able to provide accurate sensing results. The evaluation of the behaviour of a SU in one sensing operation is of the form [A, B], where A, B ∈ {0, 1}. For example, if a SU is regarded as having provided a correct sensing result a value of [1, 0] can be added to the storage of its historic behaviours. A window size N of past behaviours are recorded. This provides a way for the trust and reputation score of a SU to vary with deviations in its behaviours from the past but also dampens the rate of change of these scores to
Mobile Computing and Communications Review, Volume 13, Number 2
89
prevent them from being overly affected by the latest behaviour. It is commonly acknowledged in the computational trust and reputation model literature that trust is a context-dependent concept. For instance, a trustee who behaves honestly when dealing with a large and well established organization may be malicious towards an individual person in order to maximize its utility gain. Therefore, to better account for the possible dichotomy in a SU’s sensing behaviour towards different PU spectrum bands, we divide the trustworthiness score of each SU into contexts based on the PU’s characteristics (e.g. geographical location, general spectrum usage rate etc.). Therefore, a history of behaviours and the corresponding forgetting factor of each SU for each context is stored in the trust and reputation database. The context-dependent trustworthiness score can be computed as follows: N −1
N −1−j αjic j=0 ρic . N −1−j ρ (α + β ) jic jic j=0 ic
τic = N −1
(4)
• τic is the trustworthiness score of SU i in the context c; • N is the total number of the ratings the SU has been given in the past; • ρic (0 ≤ ρic ≤ 1) is the forgetting factor for the SU i in the context c; • αjic is the jth positive behaviour score of SU i in the context c; • βjic is the jth negative behaviour score of SU i in the context c. Since in our system, E2 is regarded as having more serious consequences than E1 , it is desirable to drastically reduce the trust and reputation score of a SU when its sensing result could contribute to the complaint from the PUBS. In our trust and reputation model, two techniques are employed to accomplish this goal. The first one is the adaptive forget factor technique. The context-dependent forget factor is adapted as follows: ⎧ ⎨ ρ1 , if i contributed to E2 or the latest τic < η ρic = ⎩ ρ2 , otherwise
K ri =
c=1 τic ρic αjic . K c=1 ρic
(6)
• ri is the reputation of SU i; • K is the total number of contexts.
V. Simulation Results (5)
where 0 ≤ (ρ1 , ρ2 ) ≤ 1 and ρ1 ≥ ρ2 . A larger forgetting factor translates into more weight assigned to past behaviours. So when new ratings come in, the 90
past negative ratings exert more dampening effect to prevent the trustworthiness score to vary too much. However, this technique alone is not adequate in combating E2 causing behaviours since it magnifies both past negative and positive behaviours. Therefore, we employ a second technique which assigns larger weight to negative behaviours causing E2 . In the case when the sensing result of a SU is considered to have caused a complaint from a PUBS, a record of [0, N ] is entered into its behaviour history. This technique can dramatically reduce the trustworthiness of a dishonest SU when a complaint from a PUBS is received by the SUBS. The E2 errors result in definitive feedbacks from the PUBS in the form of complaints to the SUBS. In this case, those SUs who reported that the PU spectrum band was inactive will be subject to both the aforementioned punitive measures. However, in the situation when the overall decision suggests the PU spectrum band is active, there is no definitive feedback which can be used to guide the subsequent reward and punishment decisions. Therefore, in these cases, our trust model adopts a conservative approach which assigns a unit positive rating of [1, 0] to those who agrees with the overall decision Dp and a unit negative rating [0, 1] to those who disagree with the overall decision Dp . Abstaining SUs will always get a rating of [1, 1] regardless of Dp . However, in the situation where Dp is 0 (i.e. not sure), no rewards or punishments will be bestowed on any SUs. The trust and reputation update algorithm is illustrated by Algorithm 1. The reputation of a SU which represents its overall probability of behaving honestly across different contexts is calculated as a weighted sum of its contextdependent trustworthiness. In our model, the forgetting factor under each context is used as the weight (i.e. lower trustworthiness are given more weight).
In this section, we investigate the robustness and efficiency of the proposed scheme using computer simulations. We considered a system with 8 PU spectrum bands and a total of 100 secondary users. The confidence level, θ, of SUBS and SU is an outcome of an independent, identically uniformly distributed random
Mobile Computing and Communications Review, Volume 13, Number 2
variable with a mean of 0.5 and a variance of 0.25. A confidence level below 0.25 was considered to be inadequate to justify the sensing result which led to the reporting of a abstaining message (0 in our case). The trustworthiness threshold was set to η = 0.65. Only SUs with trustworthiness scores exceeding this threshold have their sensing results used by the SUBS in the decision making process. The forgetting factors was set to ρ1 = 1 and ρ2 = 0.9. Each experiment consisted of 10, 000 iterations for each PU spectrum band. To investigate the effectiveness of the proposed scheme against various attacks, we introduced the total utility loss (TUL) in the system due to the attacks as a performance evaluation metric. The TUL can be expressed as follows: TUL = W1 ε1 + W2 ε2 ,
(7)
where ε1 and ε2 denote the false alarm error rate and miss detection error rate respectively. W1 and W2 are numerical values that denote the weight factors for ε1 and ε2 respectively. In the proposed CRN, since a miss detection is regarded as more damaging to the system than false alarm, W2 is assigned a larger value than W1 in the following simulations where W1 = 1 and W2 = 10. The attacker ratio σ is the fraction of malicious SUs in the entire SU population engaged in the respective attack. To show that the proposed
scheme is robust and efficient, we consider a number of commonly assumed attacks.
V.A. Fabrication Attack In the fabrication attack, a malicious SU deliberately reports inverted sensing results to SUBS all the time. This kind of misbehaviour aims to cause deterioration to the overall performance of the network since it will either prevent other secondary users from accessing network resources or introduce excessive interference to PU spectrum bands. Figure 3 shows the total utility loss under the fabrication attack. As σ increases above 40%, the proposed scheme can reduce the total utility loss significantly. Without the proposed scheme, the decision depends on the majority vote from the SUs. If the majority of the SUs present fabricated sensing results, the probability of miss detection error increases with increasing PU spectrum usage rate. Thus, when the PUs are using their designated spectrum bands more actively, the fabrication attack will cause more miss detection errors in the long run which, in turn, result in dramatic increases in the TUL. The simulation results with σ < 40% are not presented here since both CRN with and without the proposed scheme can handle this case well. The cumulative rates of false alarm 4.5 4 3.5 without proposed scheme σ=100% σ=100% σ=80% σ=80% σ=60% σ=60% σ=40% σ=40%
3
TUL
FUNCTION reward punish(pu) if complaint from(pu) then foreach su.sensing result== −1 do su.forget factor= ρ1 ; su.ratings.removeAt(0); su.ratings.append([0, N ]); end else if Dp ! = 0 then forall su do su.ratings.removeAt(0); if su.sensing result == Dp then su.ratings.append([1, 0]); else if su.sensing result == 0 then su.ratings.append([1, 1]); else su.ratings.append([0, 1]); end end end end Algorithm 1: Pseudo code for the trust and reputation update module
2.5 2 1.5 1
with proposed scheme
0.5 0 10
20
30
40 50 60 PU band usage rate (%)
70
80
90
Figure 3: Total utility loss, TUL, of CRN under the fabrication attack error and miss detection error with the fabrication attack are shown in Figure 4. We can see that as the number of iterations increases, both false alarm and miss detection rate increase if the proposed scheme is not used. However, with the proposed scheme in place, both cumulative rates remain close to 0. It can be concluded that the proposed scheme is robust under the fabrication attack. Figure 5 shows the trustworthiness score for each
Mobile Computing and Communications Review, Volume 13, Number 2
91
misbehaviours harder to detect.
0.16 ε
1
ε1
0.14
3.5
ε
2
0.12
ε
t=100% t=100% t=80% t=80% t=60% t=60% t=40% t=40%
without proposed scheme
2
0.1 2.5
0.08
2
0.06
TUL
Cumulative Rate
3
0.04 with proposed scheme
0.02 0
without proposed scheme 1.5
1 with proposed scheme
0
2000
4000
6000
8000
10000
Iterations
0.5
0 10
Figure 4: Cumulative false alarm rate, ε1 , and miss detection rate, ε2 with the fabrication attacker ratio, σ = 50% for PU band usage rate at 45% SU. As shown, the last 50 SUs who are launching malicious fabrication attacks hold a trustworthiness score of 0, i.e. they cannot participate in the decision making process. The proposed scheme thus efficiently filters out the malicious SUs in the fabrication attack.
20
30
40 50 60 PU band usage rate (%)
70
80
90
Figure 6: Total utility loss, TUL, of CRN under the on-off attack with attacker ratio σ = 100% Figure 6 shows the TUL as a function of PU band usage under high rate of the on-off attack. The results with an attack rate of below 40% are not shown since the TUL in these cases approaches 0. It can be seen that the proposed scheme reduces TUL greatly under the on-off attacks.
1 Trustworthiness score τ Reputation threshold η
0.9 0.8 0.7
τ
0.6 0.5 0.4 0.3 0.2 0.1 0
0
20
40
60
80
100
SU i
Figure 5: Trustworthiness score, τ of each SU with the fabrication attacker ratio, σ = 50% for PU band usage rate at 45%
V.B. On-Off Attack The on-off attack refers to malicious SUs alternating between providing honest sensing opinions to attain high level of reputation and leveraging on their reputation to try to distort the collaborative sensing result by giving false opinions. We denote on-off attack rate, i.e. the percentage of time an attacker may engage in the attack, by t. Unlike the fabrication attack in which the behaviours of the attackers are constant, the onoff attack follows a dynamic pattern which makes the
92
V.C. Denial of Service Attack The denial of service attack prevents SUs from utilizing the PU spectrum band. The attackers generate sensing results showing that the PU spectrum band is occupied by the primary users. If their sensing results are aggregated into the final decision making process without proper filtering, they could adversely influence the final decision, resulting in false alarm errors and loss of opportunity to utilize the PU spectrum bands when they are actually available. If the attacks are successfully conducted, the system performance will degrade sharply. Figure 7 shows the total utility loss under the denial of service attack. The TUL results with an attacker ratio below 40% are not presented because they are close to 0. The TUL result with an attacker ratio equal to 100% is not presented here since it is a highly unlikely scenario. It can be seen that the proposed scheme works well under this kind of attack. The TULs converge as PU band usage increases. This is because only false alarm errors are possible due to this kind of attack and when the PU band usage rate increases the false alarm error rate decreases. When the PU band usage is very high, the denial of service attack may result in less loss of system throughput since the sensing results are indeed correct most of time. Then in this case, all the SUs tend to
Mobile Computing and Communications Review, Volume 13, Number 2
have higher trustworthiness scores than the aggregation decision threshold, for instance in Figure 8 when the PU usage rate is 75%. Therefore all the SUs participate in decision making process which is similar to the one without the proposed scheme. Figure 8 shows that the trustworthiness score, τ , of each SU for the different PU band usage rate is highly context dependent. 0.35 σ=80% σ=80% σ=60% σ=60% σ=40% σ=40%
0.3
0.25
serious consequences such as the SUBS being shut down for a certain period of time which will impair the whole system significantly. Figure 9 shows total utility loss, TUL, under the resource hungry attack. The results of TUL with the attacker ratio below 40% are not presented because they are close to 0. It can be seen that the proposed scheme significantly reduces the TUL compared to the one without the proposed scheme. Without the proposed scheme, TUL increases as PU band usage rate increases since more miss detection error occur and this will cause a large utility loss.
0.2 TUL
3.5
0.15
3 without proposed scheme
0.1
2.5
with proposed scheme
0 10
20
30
40 50 60 PU band usage rate (%)
70
80
90
2 TUL
0.05
σ=100% without proposed scheme σ=100% with proposed scheme σ=80% without proposed scheme σ=80% with proposed scheme σ=60% without proposed scheme σ=60% with proposed scheme σ=40% without proposed scheme σ=40% with proposed scheme
1.5
1
0.5
Figure 7: Total utility loss, TUL, of CRN under the denial of service attack
1
Trustworthiness score τ Reputation threshold η
20
30
40 50 60 PU band usage rate (%)
70
80
90
Figure 9: Total utility loss, TUL, of CRN under the resource hungry attack
τ
0.8
0 10
0.6 0.4
0
20
40 60 SU i with PU band usage rate=45%
80
100
0
20
40 60 SU i with PU band usage rate=75%
80
100
1
τ
0.9 0.8 0.7
Since the miss detection error is regarded as a serious offense in this CRN, the two techniques mentioned in section IV, i.e. the adaptive forget factor technique and assigning a larger weight to negative behaviours causing miss detection errors are used to cope with this kind of error. It can be seen in Figure 10 that the proposed scheme can successfully filter out the resource hungry malicious SUs.
V.E. Combinations of Attacks Figure 8: Trustworthiness score, τ of each SU with the denial of service attacker ratio, σ = 50% for PU band usage rate at 45% and 75% respectively.
V.D. Resource Hungry Attack In resource hungry attacks, malicious SUs always report to SUBS that the PU spectrum band is not in use. By doing so, they hope that the SUBS will make a miss detection error and consequently allocate resources to them. This kind of misbehaviour, if successful, will introduce undue interference to the PU using the same spectrum band. This could lead to
In practice, there is likely to be more than one type of attacker at any given time. Therefore testing the proposed scheme under a combination of attacks is a necessary step to verify the robustness and efficiency of the proposed scheme. The simulation results for TUL under several combinations of attacks are shown in Figures 11 to 13. We can conclude that the proposed scheme is effective in handling such attacks by reducing the total utility loss greatly and performs robustly under various combination of attacks. It can be seen from Figure 14 that the malicious SUs who are launching the fabrication, the denial of service and the resource hungry attacks are detected
Mobile Computing and Communications Review, Volume 13, Number 2
93
0.35 without proposed scheme with proposed scheme
Trustworthiness score τ Reputation threshold η
1
0.3
0.9 0.25 0.8
TUL
τ
0.2 0.7
0.15
0.6
0.1
0.5
0.05
0.4 0.3
0
20
40
60
80
0 10
100
20
30
SU i
Figure 10: Trustworthiness score, τ of each SU with resource hungry attacker ratio, σ = 50% for PU band usage rate at 45%. 0.35
σ1=80%, σ2=20%
40 50 60 PU band usage rate (%)
70
80
90
Figure 13: Total utility loss, TUL, of CRN under the combination of attacks with following composition: on-off σ = 50% with attack rate t = 20%, fabrication σ = 30%, denial of service σ = 10%, and resource hungry σ = 10%.
σ =80%, σ =20% 1
0.3
2
σ =60%, σ =40% 1
2
σ1=60%, σ2=40%
0.25
σ1=40%, σ2=60% σ1=40%, σ2=60%
0.2
σ =20%, σ =80%
TUL
1
0.1
2
σ1=20%, σ2=80%
without proposed scheme
0.15
with proposed scheme
and their sensing results are filtered out from decision making process by implementing the proposed trustaware scheme. Since the on-off attack rate is as low as t = 20%, i.e. they behave as trustworthy users 80% of time, most of their trustworthiness scores are above the threshold level η.
0.05
0 10
20
30
40 50 60 PU band usage rate (%)
70
80
1
90
Trustworthiness score τ Reputation threshold η
0.9 0.8 0.7 0.6 τ
Figure 11: Total utility loss, TUL, of CRN under the on-off and the denial of service combined attack with on-off attack rate t = 20%. σ1 and σ2 denote on-off and denial of service attacker ratio respectively.
0.5 0.4 0.3 0.2 0.1
3.5
0 3
2.5
40
60
80
100
without proposed scheme σ1=80%, σ2=20%
TUL
σ1=80%, σ2=20% σ =60%, σ =40%
1.5
1
2
σ1=60%, σ2=40% σ1=40%, σ2=60%
1
σ1=40%, σ2=60%
with proposed scheme
0.5
σ =20%, σ =80% 1
2
σ =20%, σ =80% 1
20
30
40 50 60 PU band usage rate (%)
70
2
80
90
Figure 12: Total utility loss, TUL, of CRN under the on-off and the resource hungry combined attack with on-off attack rate t = 20%. σ1 and σ2 denote on-off and resource hungry attacker ratio respectively.
94
20
SU i
2
0 10
0
Figure 14: Trustworthiness score, τ , of each SU under the combination of attacks with following composition: on-off σ = 50% with attack rate t = 20%, fabrication σ = 30%, denial of service σ = 10%, and resource hungry σ = 10% for the PU band usage rate at 45%.
VI. Conclusions and Future Work In a CRN, some SUs may misbehave in an attempt to maximize their own utility gains. Such malicious SUs, if unchecked, can severely impact the opera-
Mobile Computing and Communications Review, Volume 13, Number 2
tion of the CR system. In this paper, we proposed a novel trust-aware hybrid spectrum sensing scheme which can detect misbehaving SUs and filter out their reported spectrum sensing results from the decision making process. Simulations were performed to investigate the scheme under various malicious attacks. It can be concluded that the proposed scheme is robust and efficient against various malicious attacks. A CRN can be deployed in several configurations such as centralized, distributed, ad-hoc or mesh networks. In this paper, only the centralized infrastructure based network is investigated. Building a trust model which is suitable for each kind of CRN architecture is an interesting open problem. Under the on-off and the denial of service attacks, the threshold value η can profoundly impact the performance of the CRN. It would be useful to investigate ways to reduce this impact.
VII. Acknowledgments This work was supported in part by the Singapore Millennium Foundation (SMF) and in part by the Singapore Ministry of Education Grant No. RGM24/06.
References [1] Federal Communications Commission, “Spectrum Policy Task Force,” Report of ET Docket 02-135, Nov. 2002. [2] S. Haykin, “Cognitive radio: brain-empowered wireless communications,” IEEE Journal on Selected Areas in Communications, vol. 23, no. 2, pp. 201–220, Feb. 2005. [3] N. Ilisei, “A Survey on Dynamic Spectrum Allocation Protocols,” in Proc. of 8th International Conference on Development and Application Systems, May 2006, pp. 177–180. [4] S. Mishra et al., “Cooperative Sensing among Cognitive Radios,” in Proc. of IEEE International Conference on Communications, vol. 4, Jun. 2006, pp. 1658 – 1663. [5] R. Chen et al., “Toward secure distributed spectrum sensing in cognitive radio networks,” IEEE Communications Magazine, vol. 46, no. 4, pp. 50 – 55, April 2008. [6] T. C. Clancy and N. Goergen, “Security in Cognitive Radio Networks: Threats and Mitigation,”
in Proc. of 3rd International Conference on Cognitive Radio Oriented Wireless Networks and Communications, May 2008, pp. 1 – 8. [7] A. Jøsang et al., “A survey of trust and reputation systems for online service provision,” Decision Support Systems, vol. 43, no. 2, pp. 618– 644, Mar. 2007. [8] D. Gambetta, Can We Trust Trust, in Trust: Making and Breaking Cooperative Relations. University of Oxford, 2000. [9] C. C. Loh et al., “Identifying unique devices through wireless fingerprinting,” in Proc. of the first ACM conference on Wireless network security, Mar. 2008, pp. 46–55. [10] K. C. Chen et al., “Cognitive radio network architecture: part II – trusted network layer structure,” in Proc. of the 2nd international conference on Ubiquitous information management and communication, April 2008, pp. 120–124. [11] I. M. Atakli et al., “Malicious node detection in wireless sensor networks using weighted trust evaluation,” in Proc. of the 2008 Spring simulation multiconference, April 2008, pp. 836–843. [12] K. C. Chen et al., “Cognitive radio network architecture: part I – general structure,” in Proc. of the 2nd international conference on Ubiquitous information management and communication, April 2008, pp. 114–119. [13] I. F. Akyildiz et al., “NeXt generation/dynamic spectrum access/cognitive radio wireless networks: A survey,” Computer Networks, vol. 50, pp. 2127–2159, 2006. [14] W. Y. Lee and I. F. Akyildiz, “Optimal Spectrum Sensing Framework for Cognitive Radio Networks,” IEEE Transactions on Wireless Communications, vol. 7, no. 10, pp. 3845–3857, Oct. 2008. [15] R. Chen and J. H. Reed, “Defense against Primary User Emulation Attacks in Cognitive Radio Networks,” IEEE Journal on Selected Areas in Communications, vol. 26, no. 1, pp. 25 – 37, Jan. 2008. [16] A. Jøsang and R. Ismail, “The Beta Reputation System,” in Proc. of the 15th Bled Electronic Commerce Conference, Jun. 2002.
Mobile Computing and Communications Review, Volume 13, Number 2
95