Spectrum Sensing and Mitigation of Primary User Emulation Attack in Cognitive Radio

The overwhelming growth of wireless communication has led to spectrum shortage issues. In recent days, cognitive radio (CR) has risen as a complete solution for the issue. It is an artificial intelligence-based radio which is capable of finding the free spectrum and utilises it by adapting itself to the environment. Hence, searching of the free spectrum becomes the key task of the cognitive radio termed as spectrum sensing. Some malicious users disrupt the decision-making ability of the cognitive radio. Proper selection of the spectrum scheme and decision-making capability of the cognitive reduces the chance of colliding with the primary user. This chapter discusses the suitable spectrum sensing scheme for low noise environment and a trilayered solution to mitigate the primary user emulation attack (PUEA) in the physical layer of the cognitive radio. The tag is generated in three ways. Sequences were generated using DNA and chaotic algorithm. These sequences are then used as the initial seed value for the generation of gold codes. The output of the generator is considered as the authentica - tion tag. This tag is used to identify the malicious user, thereby PUEA is mitigated. Threat-free environment enables the cognitive radio to come up with a precise decision about the spectrum holes.


Overview
The introduction of wireless technique has led to the achievement of mobility and global connectivity through its advantages in flexibility, cost and convenience. Due to its rapid growth, there arises a demand for the spectrum. But analysis shows that there are portions of the spectrum which are not effectively used and those portions of the spectrum could be exploited, whenever in need. For dynamic spectrum access, cognitive radio has risen as a favourable solution [1,2]. Cognitive radio searches out for the free spectrum termed as 'spectrum holes'. The process of finding the spectrum holes is termed as spectrum sensing. Apart from spectrum sensing some of the other functions of cognitive radio are spectrum sharing, spectrum management and spectrum mobility. These four functions are put together termed as cognition cycle [3][4][5][6] and it is shown in Figure 1.

Spectrum sensing
The users in the wireless environment can be classified into three main groups, namely primary users, secondary users and selfish, malicious users. Primary users are those who gain ownership of the spectrum [7]. Secondary users desire to gain access in the absence of primary users [8]. Malicious users desire to own access of the spectrum by cheating the secondary users [9].
In the cognitive environment, the procedure of searching the spectrum holes by the secondary users is known as spectrum sensing. The cognitive radio not only looks for the free spectrum, but also checks for the arrival of primary users. On the homecoming of the primary users, cognitive users or the secondary users should quit the existing spectrum immediately and search for some other new spectrum hole.

Types
Various types of spectrum sensing schemes are available and they are shown in Figure 2. Some of them are energy detection method [10], cyclostationary method [11], matched filter method [12], etc. Feature detection and matched filter methods require prior knowledge about the licenced user for detection and they are time-consuming. Energy detection method does not require any former knowledge about the primary user and it is simpler and quicker when compared to the previously mentioned methods. Energy detector can be classified into two types: • Frequency domain-based energy detector • Time domain-based energy detector Energy detection method is not suited for places where the SNR is very low. Hence, it is a trade-off in choice of the proper spectrum sensing scheme.   The decision hypothesis is as follows:

Time domain
y (n) = s H 0 = only the presence of noise y (n) = x (n) + s H 1 = presence of both primary user signal and noise (3) where n is the noise, y(n) is the received signal and x(n) is the transmitted signal.

Threshold
Keeping the probability of false alarm fixed the threshold value is set according to the equation: where N = number of samples and Q −1 = complementary error function.
• Cooperative spectrum sensing: Group of cognitive radios, shares the spectrum sensing information. To achieve spectrum sharing and to overcome the multipath propagation effects and hidden node problems cooperative spectrum sensing scheme is utilised. The cognitive users employ less sensitive detectors, thereby reducing the cost of hardware and complexity. It is divided into two types namely • Centralised spectrum sensing • Distributed spectrum sensing Centralised spectrum sensing: In this method, the central unit collects the sensing information from the cognitive users located at various places of the radio environment, analyses the received information and transmits the final decision about the existence or nonexistence of the PU to the cognitive users. Two rules are followed in deciding PU. One is AND rule and the other is OR rule.
• AND rule: All the SU's declare that the PU is present • OR rule: If anyone SU status is high then the PU is considered present Distributed spectrum sensing: Each node senses the PU, and a decision is made based on the earlier scenarios. Complexity is greatly reduced as there is no need of fusion center (FC). But at the same time, it increases the burden to the CR.

PUEA
On receiving the primary users signal, the cognitive radio compares it with a predefined threshold. If the incoming signal exceeds the primary threshold, user is assumed to be present else absent. In the absence of the primary user, the malicious user sent a fake signal almost matching with the primary user signal to the cognitive radio. The cognitive radio on receiving the fake signal compares it with the threshold. The fake signal exceeds the threshold, and hence the primary user makes a wrong interpretation that the primary user is present and does not make any attempt access the spectrum. The malicious user now utilises that free spectrum. This attack is known as primary user emulation attack (PUEA) [13], which is considered as the severe attack in the physical layer of the cognitive radio.
Various researchers have analysed the importance and impact of PUEA in cognitive radio environment, and they have come out with different solutions to overrule PUEA. Few of them are as follows. A review about primary user emulation attack has been made in [14][15][16][17].
A study about PUEA has been made in [18,19]. To ensure end-to-end security for portable devices over cognitive radio network, two authentication protocols have been proposed in [20]. Four dimensions continuous Markov chain model to combat PUEA has been proposed in [21]. PU, secondary user, selfish misbehaviour secondary user and misbehaviour secondary user are considered to combat PUEA. In [22], a trustworthy node is taken as reference and the position of PU and emulator was found to detect PUEA. Eigenvalue-based PUEA mitigating method has been discussed in [23]. Time-synched link signature scheme to mitigate PUEA has been proposed in [24]. In [25], temporal link signature scheme to establish link between transmitter and receiver has been proposed and with the aid of signature PUEA is mitigated. Any change in the transmitter location or emulator claiming as transmitter is identified.
Integrated cryptographic and link signature-based method to mitigate PUEA has been proposed in [26]. Suspicious level and trust level calculations are carried out to mitigate PUEA in cooperative spectrum sensing environment in [27]. Mitigating PUEA and worm hold attack through sequence number generation by the helper nodes has been proposed in [28]. Multiple helper nodes-based authentication method to combat PUEA in the TV band has been discussed in [29]. Optimum voting rule and sample-based scheme in cooperative spectrum sensing to mitigate PUEA has been proposed in [30]. Advanced encryption standard (AES)-based authentication method with 256-bit key size has been suggested in [31] to overcome PUEA. Digital constellation-based authentication scheme to mitigate PUEA has been proposed in [32]. Quadrature phase shift keying was considered. Based on the tag value, the phase of QPSK modulation is rotated. Helper node-based special authentication algorithm has been suggested in [33] to mitigate PUEA in mobile networks. Location, privacy-preserving framework, has been proposed in [34]. The framework consists of two parts namely privacy-preserving sensing report aggregation protocol and distributed dummy report injection protocol.
Authentication scheme based on the transmitter called localisation based defence (LocDef) to mitigate PUEA has been discussed in [35]. In [36], neural network and database managementbased scheme to mitigate PUE threat have been proposed. COOPON (called cooperative neighbouring cognitive radio nodes) technique to mitigate the selfish user attack in cooperative spectrum sensing environment has been proposed in [37,38]. Matched filter-based spectrum sensing together with the cryptographic signature-based method has been suggested in [39]. Extensible authentication protocol and carousel rotating protocol-based authentication scheme have been proposed in [40]. Location-based authentication protocol for IEEE 802.22 wireless regional area network (WRAN) has been implemented in [41]. Double key-based encryption scheme has been proposed in [42] to overcome the attacks. Two non-parametric algorithms namely cumulative sum and data clustering-based method have been discussed in [43] to mitigate PUEA in cognitive wireless sensor networks. A study about various types of attacks and their countermeasures in wireless sensor networks has been made in [44].
In [45], Fenton's approximation and Wald's sequential probability ratio test (WSPRT)-based scheme has been proposed to mitigate PUEA. Probability of missing was the main parameter considered to set the threshold value. Modified combinational identification algorithm has been discussed in [46] to mitigate the attacks in cooperative sensing. Cluster-based technique to overcome the rogue signal intrusion in cooperative spectrum sensing has been discussed in [47]. In [48], a novel method has been suggested to mitigate the threat in cooperative spectrum sensing. It includes two phases namely identifying phase and sensing phase. In the identifying phase, reliable SUs are found and the sensing results are collected in the second phase. In [49], a trustworthy cognitive radio network has been suggested to defend against malicious users. It is based on the trust value generated and distributed among the nodes. In [50], two algorithms are derived namely encryption algorithm and displacement algorithm from overcoming PUEA. Adaptive orthogonal matching pursuit algorithm (AOMP) has been proposed in [51] to mitigate PUEA. Energy detection, cylostationary and neural network-based scheme have been reported in [52] to cancel PUEA. AND/OR rule-based sensing method has been suggested in [53] to mitigate in PUEA in cooperative spectrum sensing. Improvements in the probability of error is obtained by the OR rule than the AND rule. Nash equilibrium-based differential game method has been suggested in [54] to mitigate PUEA. A new cooperative spectrum sensing in the presence of PUEA has been offered in [55]. Based on the channel information among PU, SU and attackers, weights are derived for optimal combining in the fusion center. A hybrid defence scheme against PUEA with motional secondary users was discussed in [56]. A new spectrum decision protocol to mitigate PUEA in dynamic access networks has been discussed in [57].

Other attacks
Some of the other attacks in the physical layer are denial of service (DOS) attack and replay attack. Any attack in the path between cognitive radio and primary user is known as DOS attack. The malicious user eavesdrop some primary user information and transmit to the cognitive radio at an irrelevant time. This confuses the cognitive radio in deciding the existence of the primary user. This attack is termed as replay attack.
A study about denial of service attack has been made in [58,59]. Radio frequency fingerprint-based technique has been suggested in [60] to combat DOS attack. Dynamic and smart spectrum sensing algorithm (DS3) has been generated in [61] to minimise the DOS attack. Around 90% of improvement in spectrum utilisation was obtained with the inclusion of DS3 algorithm. Channel eviction triggering scheme in the presence of Rayleigh fading channel has been proposed in [62] to mitigate DOS attack in cooperative spectrum sensing environment. This mechanism is aimed at reducing the misreports and increasing the trustworthy score. A study about replay attack in cognitive radio has been made in [18,[63][64][65]. A study about the malicious activities in ZigBee network has been made in [66].

Performance metrics
Performance metrics are used to analyse the system's behaviour and performance. They are used to confirm and validate the specified system performance requirements and to identify the performance issues in a given system.
The important performance metrics for cognitive radio are • Probability of detection ( P d ): Probability of detection is the time during which the primary user is detected.
• Probability of false alarm ( P f ): the erroneous detection of the primary user • Probability of missed detection: failing to detect the primary user. Probability of false alarm: A study about the performance metric has been made in [67][68][69].
• Receiver operating characteristics (ROC): It is the graph plotted between sensitivity and false positive rate. Here, it is plotted between probability of missed detection and probability of false alarm.
This chapter gives a brief idea about the working of frequency domain-based energy detection spectrum sensing scheme and provides a solution to mitigate PUEA through the authentication tag generated by the collaborator cognitive radio. The sample graphs are plotted between probability of detection and signal to noise ratio, P d versus P f .

Collaborator node
To ensure proper spectrum sensing, cognitive radio does not carry out spectrum sensing of its own. Instead, it depends on the third party called collaborator node. It is assumed that the collaborator node is very close to the primary user. The purpose of choosing collaborator node is due to Federal Communication Commissions (FCC) decision 'no modifications must be done to the primary user signal'.
The sample graph is shown in Figure 4. The collaborator node senses the availability of the primary user and in the absence of the primary user conveys the message to the cognitive radio along with the authentication tag. To elude interference with the primary user, the collaborator node communicates with the cognitive radio only in the absence of the primary user. The key to decode the authentication tag is already known to the cognitive radio. The cognitive radio accepts the information only with authentication tag and discards other information. By this way, PUEA is mitigated.

Spectrum sensing
The collaborator node senses the availability of the primary user with the aid of energy detection method. The block diagram of frequency domain-based energy detection method is shown in Figure 5. The incoming signal is filtered and passed to fast Fourier transform block. The output of FFT block is fed to windowing function block. This is done so to reduce the irregularities and to reduce the side lobes. Various windows like Hanning window, Hamming window, Blackman window and Kaiser window could be utilised. Every window has its own advantage and disadvantage. By adjusting beta parameter of Kaiser window, side lobes can be reduced when compared to other windows; but at the same time, the width of main lobe is wider. By adjusting the size of the windows, better output could be obtained. Hence, proper choice of window becomes necessary. The output of windowing block is fed to magnitude square block. The average energy of the signal is then compared with the decision threshold [70][71][72][73].
If the incoming signal falls below the threshold, it is null hypothesis (H 0 ). Only noise is present in the channel and the primary user signal is absent. The spectrum is vacant and could be utilised by the cognitive radio. On the other hand, if the incoming signal exceeds the threshold the decision made is 'primary user present'. Table 1 summarises the simulation parameters of the graph plotted below. Figure 6 shows the sample result plotted between P d versus SNR. SNR is considered as x-axis and P d as y-axis. For the probability of detection of 0.9, the SNR is −14 dB. The negative scale indicates that the cognitive radio can pick up the primary user signal in a week SNR environment. Figure 7 shows the output of energy detector for different values of SNR with AWGN noise present in the channel. From the figure, it is clear that as the SNR increases error reduces. Probability of missed detection is lesser for SNR of −5 dB when compared to −20 dB. Lesser the SNR, more is the noise which makes it difficult to detect the presence of the primary user.

Authentication tag generation by the collaborator node
Once the sensing process is complete, the second step is to generate the authentication tag. The authentication tag is generated in three ways. First method is logic map algorithm-based sequence generation. Second method is by means of DNA-based cryptographic algorithm the sequence is generated. Third method is based on gold code. Utilising gold code generator gold codes are generated. In this, the initial seed value for the gold code is the sequences obtained from the first two methods. The final output from the gold code is treated as the authentication tag to mitigate PUEA.

Chaotic sequence
Chaotic sequences help to retrieve the data from intruder in many ways: a. It changes the transmitted signal into unwanted noise, and therefore it will provide great confusion to the intruder.
b. Code sequences will not repeat for each and every bit of information so it causes the malicious user to take long time to find the sequences.

Number of samples 300
Probability of false alarm 0.1

Window function Hanning
Channel AWGN FFT size 128 Table 1. Simulation parameters. c. Developing chaotic sequence is simple for both transmitter and receiver who knows the data and parameters used in that transmission, the exact regeneration of data is difficult for a receiver those who wrongly estimate the value. A slight deviation in estimation leads to increasing the error. This is because of sensitivity of chaotic system on their initial condition.

Logistic chaotic sequence
1-D logistic chaotic sequence is widely used in communication because of their fast computation process, and simple nature.
Logistic chaotic sequence can be generated by using an expression where r is called as control parameter and constant, it ranges from 3.57 < r < 4, x (1) = 0.99.
One of the main properties of this sequence is extreme sensitivity to initial condition and good correlation property. Figure 8 shows the signal to noise ratio versus primary user detection graph plotted with and without authentication tag. The overlapping of both the graphs shows that there is no significant change in the performance of the collaborator system when an authentication tag is inserted. The authentication tag and the spectrum-free information are transmitted to the cognitive radio. The probability of false alarm is fixed as 0.1 and the number of samples chosen is 300. Additive white Gaussian noise (AWGN) is considered as the channel noise.

DNA
DNA algorithm has been utilised in this work to generate the authentication tag because the storage and processing of data is very secure. One single DNA can be split into four basic units. They are Adenine (A), Thymine (T), Cytosine (C) and Guanine (G). So, it is also known as quaternary encoding. Binary values are assigned to these units for encoding purpose as follows: A-00, T-01, C-10 and G-11.

Algorithm
Step 1: Transform message bits into binary Step 2: Assign A, T, G and C to binary(a) Step 3: Get key value from server(b) Step 4: Take one's complement to step 2 and 3 Step 5: Do XOR operation between output from step 4(a' and b') Step 6: Transform bits from step 5 into DNA form Step 7: Transform DNA form into ASCII values Step 8: Transform into binary form(encrypted) Figure 9 shows the signal to noise ratio versus probability of detection graph plotted with and without authentication tag. The overlapping of both the graphs shows that there is no notable difference in the performance of the collaborator system when an authentication tag is added along with the primary user availability information.

Gold code
Pseudonoise (PN) is a signal similar to noise but generated with a definite pattern. In cryptography, PN sequences are widely to ensure data protection from intruders. The PN sequences are added with the message signal so that it appears as noise to the malicious users. Various types of PN sequences are available. Their auto-and cross-correlation properties decide the choice of PN sequences. Some PN sequences have good autocorrelation property but not cross-correlation property. Some have good cross-correlation property but not autocorrelation property. Gold code is chosen because of its good auto and cross-correlation property. Gold codes are obtained by mod-2 addition of shifted pairs of m-sequences with length m. The autocorrelation and cross-correlation function of gold code, 2 t − 1, is Autocorrelation function: Cross-correlation function:

Trilayered authentication
The proposed work is to integrate all the three algorithms and to generate a trilayered authentication tag to mitigate PUEA. Both the LFSRs required a seed value for their functioning. Hence, the initial seed value of one LFSR is the sequence generated utilising DNA algorithm and for the second LFSR it is a chaotic sequence. The outputs from the LFSRs are XORed, and the resulting gold code sequence is considered an authentication tag. It is as shown in Figure 10. Figure 11 shows the sample signal to noise ratio versus probability of detection graph plotted with and without authentication tag. From the figure, it can be depicted that there is no drastic change in the performance of the collaborator system when an authentication tag is add along with the primary user availability information.

Figure 11b
shows the graph plotted by increasing the size of the window function. Here, Hamming window of size 10 has been utilised. Figure 11c shows the plot of signal to noise ratio versus probability of detection graph plotted with and without authentication tag. Here, the FFT size of the energy detector has been raised from 64 to 128.

Figure 11d
shows the graph plotted with the probability of false alarm fixed as 0.01.

Hardware implementation
Universal software-defined radio peripheral (USRP) is a universally accepted test bed for cognitive radio. The USRP software-defined radio device is a tuneable transceiver. It is used as a prototype for wireless communication systems. It offers frequency ranges up to 6 GHz with up to 56 MHz of instantaneous bandwidth. It allows advanced wireless applications to be created with LabVIEW, enabling rapid prototyping.
The prototype of energy detection-based spectrum sensing scheme is developed using LabVIEW tool. LabVIEW is a modelling, simulation and real-time implementation tool which  The transmitter and the receiver blocks are developed using LabVIEW software. Figure 12 shows the block diagram of energy detector. Once the blocks are developed using LabVIEW software then the physical connections are made. Ethernet cable is used to connect USRP with the computer in which the blocks are developed.
Then, the signal is transmitted using USRP. Figure 13 shows the USRP front panel. Figure 14 shows the experimental setup using USPR. Out of two USRPs, one USRP is treated as transmitter and the other USRP is treated as receiver. Additive white Gaussian noise (AWGN) is considered as the noise in the channel.   Figure 15a shows the transmission of primary user signal at the transiting end and Figure 15b shows the detection of primary user signal at the receiving end. The received signal is now compared with the threshold value. The incoming signal exceeds the threshold value. The presence of primary user is detected and plotted. For an SNR of −5 dB, the probability of detection is 0.9.

Conclusion
To avoid wastage of bandwidth and to achieve dynamic spectrum access cognitive radio is the best solution. To achieve dynamic spectrum access, the most important function of cognitive radio is spectrum sensing.   In this chapter, • Energy detection-based spectrum sensing scheme has been discussed to detect the existence of the primary user by the collaborator node. This method has been chosen because of its simple nature.
• To combat PUEA, a collaborator node-based approach has been suggested. The cognitive radio requests the collaborator node to sense the free spectrum. The collaborator node senses the availability of the primary user.
• Once the availability of the free spectrum is confirmed, the message has been conveyed to the cognitive radio in a secure manner. Hence, a trilayered method has been suggested to generate the authentication tag. The message along with the tag is accepted by the CR and others are rejected. By this way, the PUEA attack has been overruled. Threat-free environment makes the cognitive radio to arrive at a proper conclusion about the presence of spectrum holes and utilise it.