Trust Establishment in Chaotic Cognitive Environment to Improve Attack Detection Accuracy Under Primary User Emulation

Abstract

In this paper, we propose a novel algorithm for primary user emulation attack detection and removal in cognitive radio networks, which are driven by chaotic tag-based sequencing for communication. Our proposed approach demonstrates the use of the look-up table-based challenge sequences which are monitored by the cognitive base station and act as the first line of defense against any primary user emulation attacker. This ensures that almost all of the attackers are suppressed, and for the remaining attackers if any, we use a tag-based chaotic communication system, wherein each of the requests from secondary users is sent like a chaotic noise sequence on the channel, and the receiving entity decodes this sequence in order to get the signal communicated by an authorized transmitter. If there is any communication by an attacker, then it is detected immediately, as none of the receiving entities can decode the signals sent by these unwanted attacker nodes. This ensures that our system guarantees greater than 99% detection and identification of attackers in primary user emulation attacks.

1 Introduction

Cognitive radios are prone to many types of attacks; these can be primary user emulation, selfish channel negotiation, control channel negotiation and many more. These networks are prone to such kind of attacks because they have the inherent entities of primary users, secondary users and channel sensing. Once the network is under attack, the basic properties of cognitive radio network are deteriorated, and the network behaves erratically.

In primary user emulation attack, the attacker emulates the functionality of a primary user and blocks the spectrum so that all the genuine secondary users are denied service (Haghighat and Sadough 2012), because the primary property of a cognitive radio is that it assigns a channel to one secondary user and keeps it assigned until the communication of the secondary user is completed or until the primary user returns back. This ensures high quality of service to the primary users, and the channel bandwidth is assigned to other secondary users once the current primary communication is completed. Owing to this property, the network communication is optimized, and the channel utilization is evenly managed.

Primary user emulation attackers tend to be present in all cognitive radio environments. These can be present in the form of software-defined radios or virtual trans-receivers in cognitively capable devices. These attackers monitor the network traffic and perform primary user emulation attack when the network usage is maximum. The impact of this is huge, and communications, mainly high priority communications, get disrupted due to it.

In our proposed approach, we introduce a trust-based mechanism for detecting and locating the source of primary user emulation attacks. Once the attacker nodes are identified, they are blocked and removed from the network communication process. Genuine secondary nodes have an individual and unique trusted look-up table-based request-challenge mechanism. The main strength of the algorithm is in the fact that each genuine secondary node is pre-configured and has some unique parts when compared with other genuine secondary nodes.

Primary user emulation attackers have a less to no chance of getting through this trust-based system, but in case they do, then we have applied a second layer of attack detection, in which a chaotic communication system is implemented. This chaotic communication system encodes a test sequence from the genuine transmitters; this test sequence appears as noise on the channel; thus, it cannot be detected by any primary emulation attacker node. The testing receivers detect this signal, and if it is received within a proper BER range, then the node is marked to be safe. Otherwise, the node is marked to be unsafe or attacker node and is removed from the network.

This two-layered approach helps us to detect and remove primary user emulation attackers from the network in a very effective and optimized way. Our results demonstrate that the primary user emulation attackers are detected and removed at a rate of  99%, and the network communication is restored with minimum delay. This property allows us to use the two-layered approach in practical real-time scenarios, without compromising the quality of service (QoS) of the network for primary and secondary nodes. Most of the work on mitigating primary user emulation attack has been done over past few years by the research community. We summarize a few selected contributions referred by us in Table 1.

Table 1 Review of the literature on primary user emulation attack

2 System Model: Two-Layered Approach for Attack Detection and Removal

Our research is to detect and locate the nodes which take part in primary user emulation attack. The proposed two-layered approach can be depicted using Fig. 1. In the figure, we can observe that the genuine nodes have two layers of security embedded into them: the first layer deals with a trust-based look-up table (LUT) which stores key value or key expression pairs, while the second layer is a chaotic communication layer which ensures a second-level check on primary user emulation nodes.

Fig. 1

System model

A sample LUT stored in two of the nodes is shown in Table 2. The same LUT for each of the nodes is present with the router/home node/base station node.

Table 2 LUT stored at any two of the nodes

The process of trust-based attack removal is depicted in Fig. 2.

Fig. 2

Trust-based attack removal

The procedure for identifying the attacker node can be illustrated as follows:

1. 1.

   The secondary user (SU) node sends a communication request to the router or base station or home node (R).

2. 2.

   The router (R) identifies the node number of SU from the request and responds with a random challenge (C).

3. 3.

   The SU gets this challenge and may respond in the following two ways:

   1. (a)

      If the SU is genuine, then it will check the LUT and solve the challenge (C) to get the solved value (Sv) and then send Sv back to the router.

   2. (b)

      If the SU is an attacker, then it will respond with a random solution (Sr) to the router.

4. 4.

   The router will solve the challenge (C) locally by the LUT of the requesting SU node and keep the correction solution (Sc) ready for comparison.

5. 5.

   If the SU is genuine, then Sv will match Sc, and the communication will proceed.

6. 6.

   If SU is an attacker, then Sr will not match Sc, and the node will be identified as an attacker node. The router will block all communications from this node, and the attacker will be removed from the cognitive radio environment.

This algorithm can be defeated only under two scenarios:

1. 1.

   If the attacker knows about the trusted LUT of the node (which is always kept private).

2. 2.

   If the attacker responds with the correct challenge answer (random distribution).

From the above 2 cases, it is found from our simulations that case 1 is invalid, as the attacker is usually ad hoc and will never have the private LUT information. But, the second case can happen. In our simulations, we found that in 1 out of 1,000,000 times, the attacker can correctly answer the challenge and get access to the communication system. While this issue can be resolved by increasing the complexity of the LUT key values or key expression pairs, but it also adds exponentially to the complexity of the overall system, which adds a delay in subsequent communications.

To tackle this condition, we have designed a second attack detection layer which is a combination of chaotic communication, tag-based system and a BER analyzer. The second layer scans for pre-decided patterns which are stored at the non-attacking secondary user nodes and continuously monitors the channel. These patterns are unique for different secondary users, and they are known to the network router in advance.

In the second layer, the secondary user will send out its test signal pattern; this test signal is encrypted using a 3-level Lorenz’s chaotic attractor encoder for security. The Lorenz’s chaotic attractor is represented by the following three equations (Kuo et al 2009):

$$\begin{aligned} \frac{{{\text{d}}x}}{{{\text{d}}t}} & = \sigma \left( {y - x} \right) \\ \frac{{{\text{d}}y}}{{{\text{d}}t}} & = x\left( {\rho - z} \right) - y \\ \frac{{{\text{d}}z}}{{{\text{d}}t}} & = xy - \beta z \\ \end{aligned}$$

here σ, ρ and β are the nonzero constants, and x, y and z are the dynamic states. The encoded test signal pattern behaves like a random noise sequence, is unique and does not interfere with other secondary user patterns as they are orthogonal and have different values for the chaotic constants used in the encryption and decryption process. The non-attacking secondary user transmits a chaotic sequence and is decoded by the receiver/router. As the receiver/router already knows the encryption constants, the sequence is decoded properly, with almost no to minimum errors so that the BER on the receiver side is either 0 or a minimal value. But, if an attacking node transmits any random sequence to gain access over the channel, then improper decoding of the sequence will take place at the receiver/router, and the BER value between the unknown received signal and the known transmitted signal will be very high. In this way, the attacker would be identified. In our simulation process, we have kept the BER threshold at 0.7, which ensures that even if the channel has multiple non-attacking users, then too there are minimal false positives detected by the system. Our proposed results show an accuracy of more than 99% in detection of the primary user emulation attackers and thus are very effective in ad hoc and non-ad hoc cognitive networking environment. A combination of these two layers ensures a detection rate of about 99% which is suited for real-time applications. The delay analysis shows that the system can detect the attacker node in at most two communication sequences, which take less than 1 ms of communication delay per node. Our overall system is very lightweight as there are no complicated, compute-intensive calculations in the system, which will overload the system with preprocessing operations.

To check the system performance, we performed tests with a different number of attacker nodes and under varying channel conditions such as the AWGN, Rayleigh, Rician and Nakagami.

3 Results and Analysis

In our experiments, we used the following setup as shown in Table 3. 

Table 4 shows the performance regarding delay and accuracy of attacker node detection for our system. The two-layered approach performs very well under various channel conditions; the detection rate is fairly impressive with the system detecting about 99% of the attacks, with a delay of fewer than 1 ms for each of the AWGN, Rayleigh, Rician and Nakagami  channels as shown in Table 4. We used the MATLAB platform to perform all our tests.

Table 3 Parameters and values used in simulation

Table 4 Detection rate and delay under various channels and attackers

The overall system performance can be depicted by the graphs shown in Fig. 3. Figure 3a shows plot of the detection rate versus the number of nodes in AWGN, Rayleigh, Rician and Nakagami channels. Figure 3b shows the plot of delay in detection versus the number of nodes in AWGN, Rayleigh, Rician  and Nakagami channels, respectively.

Fig. 3

a Detection rate (%) v/s number of nodes. b Delay in detection v/s number of nodes

The delay performance of the system starts increasing linearly as the number of nodes is increased, but it saturates around 0.85–0.95 ms. The delay for detection is almost independent of the wireless channel, however, there is a marginal change in detection rate because chaotic communication will result in a change in BER whenever there is a change in wireless channel. Detection rate accuracy is found to be in the 99.9% level due to the two-layered communication system, but the system performance under AWGN channel is slightly better than Rayleigh. However, the performance of the system in Rician channel falls behind when compared to AWGN channel performance. This is because signal gets distorted in the Rician channel to a level higher than in the AWGN channel. However, the detection rate under LUT and chaotic communication is in the 99% range bracket which is much higher than the conventional primary emulation attack detection techniques. The newest and most accurate firefly-based technique (Ghanem et al. 2016) gives a detection accuracy of 95%, while physical network coding-based techniques (Xie and Wang 2013) give a maximum accuracy of 90–95% depending on the number of attackers used for simulating the networks. The proposed system’s accuracy is about 99% under different channel scenarios and under varying node numbers outperforming the methods proposed in Ghanem et al. (2016) and Xie and Wang (2013).

Moreover, in our proposed method we have not used any traditional spectrum sensing methods and thus wish to state the advantages of our proposed method over traditional spectrum sensing methods. Table 5 below shows the advantages and disadvantages of traditional spectrum sensing methods, and then, we have listed the advantages of our proposed method in Table 6.

Table 5 Spectrum sensing techniques (advantages/disadvantages)

Table 6 Proposed method’s advantages and disadvantages

4 Conclusion

This research work has demonstrated a very successful detection rate while maintaining a low delay rate for attack detection. More number of attack detection algorithms can  be implemented with the proposed two-layered approach. The system architecture is such that almost all of the network primary emulators are detected and removed from the network to ensure a healthy cognitive radio network environment. The overall detection rate of the primary user emulation attack is about 99% under different wirelss channels and varying attacker nodes. In the end, we conclude that as the delay of detection is very less, the proposed method can be used in real-time cognitive radio environment.

5 Future Work

To augment further this research work, we can add more attacks to the system for example, Byzantine attack and check the performance of the two-layer model. We can also add attack-removal strategies for various other attacks because our implementation can detect the attackers in a very short span of time. In future we will work towards the FPGA and IoT level implementation of the proposed approach to test the performance in real time scenario.