Secure Cooperative Spectrum Sensing and Allocation in Distributed Cognitive Radio Networks

Abstract

Cognitive radio networks (CRNs) are an emerging wireless communications technique for resolving the significant spectrum scarcity problem. Despite their promising characteristics, CRNs also introduce new security threats, especially the internal attacks during the spectrum sensing and allocation process, which can degrade the efficiency of spectrum sensing and allocation. To address this issue, this paper proposes a distributed secure cooperative spectrum sensing strategy (DSCS) based on a dynamic reputation model to defend against attacks and provide reliable spectrum sensing. Moreover, the reputation values are used as weights in a novel distributed cheat-proof spectrum allocation strategy (DCSA) based on the Vickrey-Clarke-Groves (VCG) mechanism. Both theoretical analysis and simulation results indicate that the proposed DSCS and DCSA strategies can provide an effective countermeasure against the internal spectrum sensing data falsification (SSDF) attacks through enabling secondary users to obtain more accurate cooperative sensing results in adversarial environments.

1. Introduction

Cognitive radio networks (CRNs) are promising wireless communications systems that can resolve the spectrum scarcity problem arising from the escalating demand of wireless radio frequency and spectrum underutilization by license holders [1]. The architecture of CRNs is depicted in Figure 1, which consists of base stations and cognitive terminals. The base stations (i.e., primary users) constitute a primary network using the licensed spectrum and the cognitive terminals (i.e., secondary users) form a secondary network that makes use of the licensed spectrum when it is not occupied by the primary users [2]. To avoid the potential interference with the primary users, secondary users firstly sense whether the spectrum of interest is being used by the primary users. If the spectrum is unoccupied, the secondary users apply certain spectrum allocation scheme to decide which of them may access the available spectrum [3].

Figure 1

An architecture of cognitive radio networks.

CRN can improve the efficiency of spectrum usage, but it also introduces new security threats including internal attacks during the spectrum sensing and allocation process, which can degrade the effectiveness of spectrum sensing and allocation dramatically. For example, an adversary may launch data or information falsification attacks during spectrum sensing and allocation process, where the adversary corrupts a subset of secondary users as illustrated in Figure 2 to report falsified data or information, aiming to affect the final group decision [2].

Figure 2

Cognitive radio networks with adversaries.

Cooperation in spectrum sensing and allocation can be achieved in two models: centralized or distributed. The former uses a common receiver (i.e., fusion center) to collect sensing results from all SUs and to make final spectrum sensing and allocation decisions [1, 4]. In contrast, a distributed approach allows SUs to share individual sensing results with their neighbors and to make their own sensing and allocation decisions [3, 5]. Despite the many benefits cooperative spectrum sensing and allocation process entitles, it is vulnerable to many potential attacks. A distributed scheme is even more vulnerable to such attacks due to its distributed and cooperative natures.

A number of papers [4–9] propose various methods to improve the security in spectrum sensing and allocation. These solutions are usually based on a centralized infrastructure, where a central authority plays an essential role in coordinating the attack defending. However, the centralized schemes will incur heavy communication overheads, and the malicious nodes can compromise the central authority to paralyze the entire system. Different distributed sensing schemes have also been proposed [10–14], using game theory [10], incentive design [11], consensus algorithm [3, 12], outlier detection, computation verification [14], and so forth. Most of the existing works ignore the internal attacks launched by an inside attacker that has the legal identity. To overcome the above-mentioned problems, in this paper, we firstly design a distributed secure sensing strategy based on a dynamic reputation model.

The strategy establishes a distributed reputation database for nodes as a basis for the channel search sequence in spectrum sensing. Next, we design a novel Vickrey-Clarke-Groves (VCG) mechanism [3, 15] based on the reputation generated from exchanged sensing results and propose a novel cheat-proof spectrum resource allocation strategy to restrict the impact of the malicious behaviours. As an important mechanism design, the VCG mechanism studies how to design mechanisms to incent the players (i.e., users or nodes) to provide truthful information about their preferences over different outcomes [3, 15]. A VCG mechanism is a dominant strategy mechanism, which can achieve ex-post incentive compatibility (truth-telling is a dominant strategy for every player in the game) [3, 15].

This paper makes the following main contributions. (1)

The reputation model and Vickrey-Clarke-Groves (VCG) mechanism are introduced into the cooperative sensing and spectrum allocation strategies. This combination can better reflect the real world nature of communication networks and defend against spectrum sensing data falsification (SSDF) attacks from internal malicious nodes.

(2)

A distributed algorithm is designed to help secondary users compute the sensing result and allocate the spectrum. Secondary users iteratively update their local values to arrive at consensus, without help from any central authority.

(3)

Simulation results demonstrate that the proposed strategies can provide an effective countermeasure against the internal SSDF attacks without relying on a central authority or a common control channel and are therefore applicable in distributed CRNs.

In the rest of the paper, Section 2 reviews related work. Section 3 introduces the network and adversary models. Section 4 presents the distributed secure cooperative sensing strategy. Section 5 presents the VCG based distributed cheat-proof spectrum allocation strategy. Section 6 presents the simulation results and performance analysis. Section 7 concludes the paper.

2. Related Work

2.1. Distributed Spectrum Sensing

Distributed spectrum sensing in CRNs has been widely studied, using game theory [10], incentive design [11], consensus algorithm [3, 12], outlier detection, computation verification [14], and so forth. For instance, Mukherjee [10] discussed cooperative sensing problem in distributed CRNs with the game-theoretic models. Mukherjee considered the utility function for secondary users as improved sensing accuracy and examined the impact of various sensing parameters. Li et al. [11] first identified a new selfishness model named entropy selfishness in distributed CRNs. They further proposed YouSense, a one-time pad based incentive design in which sensing reports were encrypted before sharing, to prevent the entropy selfish users from learning the sensing reports. And yet, the honest user can recover this plaintext by spectrum sensing. Li et al. [3, 12] proposed a distributed and scalable cooperative spectrum sensing scheme based on recent advances in consensus algorithms. In the proposed scheme, the secondary users can maintain coordination based on only local information exchange without a centralized common receiver and the proposed scheme used the consensus of secondary users to make the final decision. Zhang et al. [2, 13] designed a fully distributed security scheme ReDiSen to counter attacks in cooperative sensing. ReDiSen applied the reputation generated from exchanged sensing results as an aid to restrict the impact of the malicious behaviours. Yan et al. [14] proposed a robust distributed outlier detection scheme with adaptive local threshold to counter covert adaptive attacks by exploiting the state convergence property. In addition, they also presented a hash-based computation verification scheme to effectively defend against colluding attackers.

2.2. Spectrum Allocation

There are a number of works focused on spectrum allocation [16–21] in CRNs. For example, Xie et al. [16] formulated the energy-efficient resource allocation problem in heterogeneous CRNs with femtocells as a Stackelberg game and a gradient based iteration algorithm is proposed to obtain the Stackelberg equilibrium solution to the energy-efficient resource allocation problem. Jiang et al. [17] proposed a novel channel allocation scheme for the QoE-driven multimedia transmission over the CRNs. Moreover, a new analytical Markov model combining the ON/OFF model of PCs and the service queuing model is derived to evaluate the system performance. Xie et al. [18] studied the problem of resource allocation in CRNs supporting heterogeneous services with imperfect channel sensing. To reduce the computation complexity in the formulation with the imperfect channel information, Xie et al. formulated the problem of resource allocation as a mixed integer programming problem and proposed an aggressive discrete stochastic approximate algorithm based joint power and channel allocation. Tan and Le [19] first presented an optimal brute-force search algorithm to resolve the spectrum resource allocation problem for CRNs. And then, Tan and Le further proposed two channel assignment algorithms to resolve the high complexity of the optimal search. Wang et al. [20] proposed a mechanism to resolve the complex mixed integer programming program faced in the resource allocation process in CRNs. The proposed mechanism developed a fast barrier-based method which can achieve the optimal solution with an almost linear complexity and also proposed a method which can achieve nearly optimal solution with a constant complexity. Tachwali et al. [21] developed a new resource allocation optimization framework for single-cell multiuser multicarrier CRNs in the presence of multiple primary networks. The framework aims to minimize the spectral footprint of the CRN through the bandwidth-power product metric. The protection of PU from harmful interference is incorporated in the framework through PU activity index.

2.3. Joint Design of Spectrum Sensing and Spectrum Allocation

The joint design of spectrum sensing and spectrum allocation in CRNs has attracted much attention from both industry and academia. El-Sherif and Liu [22] proposed a novel joint design of the spectrum sensing and channel access mechanisms based on the observation that the value of the test statistics could be used as a confidence measure for the test outcome. Therefore, this value can be used to define different channel access probabilities for secondary users. Zhang et al. [3] designed a distributed scheme to incentivize participation of nodes in cooperative sensing, by connecting sensing and spectrum allocation, and offering incentive from the latter to the former. In the proposed scheme, reputation is used as a pricing factor to incentivize cooperative sensing and a reputation-based pricing method is proposed to offer strong incentive for secondary users to pursue a lower price in the spectrum allocation process.

Existing spectrum sensing and allocation methods and security mechanisms are usually based on a centralized infrastructure, where a central authority plays an essential role in coordinating the defense against attacks and thus brings heavy communication overheads and the issue that central authority may be compromised by attackers. Moreover, few works took into account the joint design of spectrum sensing and spectrum allocation, but they only considered individual spectrum sensing or allocation. In particular, they did not consider the internal attacks launched by an inside attacker that has the legal identity. Consequently, it is still an open problem and a challenging task to design secure and distributed spectrum sensing and allocation schemes in CRNs to resist the internal attacks. The main notations and symbols used in this paper are summarized in Notations and Symbols.

3. Network and Adversary Models

3.1. Network Model

We consider a distributed CRN consisting of a primary user network and a secondary user network [3, 13]. There are N secondary users and K orthogonal frequency channels. Let $Ω_{N} = \{1,2, \dots, N\}$ and $Ω_{K} = \{1,2, \dots, K\}$ denote the sets of secondary users and channels, respectively. We suppose that each secondary user is equipped with a cognitive radio and they utilize omnidirectional antennas to communicate with each other. Meanwhile, secondary users are located within the transmission range of the primary users and can individually sense the environment to detect the existence of the primary users [3, 13]. In the cooperative sensing process, we use the energy sensing method for a secondary user to detect primary users' presence. We also assume that an adversary can compromise a subset of honest secondary users. A secondary user may provide incorrect information (including attacking malicious users and honest users that sense channels incorrectly due to severe fading or system failure) or correct information (including honest users that sense channels correctly and nonattacking malicious users). An honest user has no a priori information on which of its neighbors are malicious. If the final sensing results indicate that the primary users are not transmitting on certain channels, the secondary users use the spectrum allocation scheme to allocate spectrum and transmit on these channels.

3.2. Adversary Model

In distributed CRNs, the secondary user network is vulnerable to both external and internal attacks. External attacks can be effectively solved by using the traditional cryptography theory and authentication method. The internal attacks are launched by an inside legal and certificated user, which makes the traditional encryption and authentication techniques no longer effective. In the internal attacks, the attackers may or may not participate in the cooperative sensing process and may report falsified values when participating.

We assume that, in spectrum sensing, malicious secondary users strategically report falsified sensing results, aiming at incurring interference between the primary users and legitimate secondary users. In spectrum allocation, malicious secondary users may launch collusion attacks or bad mouthing attacks to report falsified reputation values, aiming to keep the legitimate secondary users away from using the spectrum resource.

4. Distributed Secure Cooperative Sensing Strategy (DSCS)

Distributed cooperative sensing strategy implements spectrum sensing through the distributed secondary users in a wide area. In distributed cooperative sensing, each secondary user obtains a local measurement in a time interval T. After a sensing session, a series of value update sessions are executed by the secondary users. All secondary users exchange their local spectrum sensing results with their neighbors within its communication range and update their own values based on the received values.

Since distributed cooperative sensing can enhance sensing accuracy, while reducing the need for sensitive and expensive sensing technology, it is proposed to enhance the sensing performance [3, 13]. However, it is vulnerable to the internal attacks threats. The internal adversary may control some nodes to report false sensing results to degrade the final sensing decision, which will make the performance of cooperative sensing degrade significantly.

Reputation systems are widely used to cope with liars holding false positive/negative opinions [23]. The concept of reputation has been widely used in economics, ecology, anthropology, and other social sciences. A rich body of literature has been devoted to the investigation of different reputation systems for computer networks [24–26]. Recently, derived from the Dempster-Shafer theory [27] and with the ability to explicitly represent and manage a node's uncertainty, subjective logic and uncertainty based reputation mechanism has emerged as an attractive tool for handling trust relationships and has attracted much attention in distributed CRNs.

In this section, we propose DSCS, a reputation-based sensing strategy that is a distributed cooperative strategy using subject logic based reputation mechanism to defend against internal malicious secondary users' attacks.

Subjective logic [28, 29] represents a specific belief calculus that uses a belief metric called opinion to express subjective reputation. Since it is necessary to develop mechanisms to detect and manage malicious users in distributed CRNs, subjective logic with the ability to explicitly represent and manage a user's uncertainty has emerged as an attractive tool for handling trust relationships in distributed CRNs.

In subjective logic each opinion is denoted by a 4-tuple $ω_{x : y} = (b_{x : y}, d_{x : y}, u_{x : y}, a_{x : y})$ , where $b_{x : y}$ , $d_{x : y}$ , and $u_{x : y}$ designate node x's belief, disbelief, and uncertainty towards y, respectively. The base rate $a_{x : y}$ designates x's willingness to believe y which determines how uncertainty is viewed as belief when the reputation is used. The uncertainty reflects the confidence in node x's knowledge of y; an uncertainty of 1.0 represents that a node has no basis for any conclusion. They satisfy the following conditions:

\begin{matrix} b_{x : y} + d_{x : y} + u_{x : y} = 1.0, \\ b_{x : y}, d_{x : y}, u_{x : y}, a_{x : y} \in [0.0,1.0] . \end{matrix}

(1)

When an opinion is used in a decision, it is projected onto the belief/disbelief axis through its expectation, $E (ω_{x : y})$ , which is used to identify malicious nodes and can be computed as

\begin{matrix} E (ω_{x : y}) = b_{x : y} + a_{x : y} u_{x : y} . \end{matrix}

(2)

However, for the case that the belief, disbelief, uncertainty, and base rate change over time, the secondary users' reputation evaluation and the trust relationship between the secondary users also changes over time. Therefore, the reputation evaluation and the trust relationship at present time depends not only on the values of the underlying parameters but also on the decayed values of the previous trust.

Let $ϖ_{n, x : y}^{d i r e c t} (b_{n}, d_{n}, u_{n}, a_{n})$ be the direct opinion of user x to user y at time $t_{n}$ , which is stored in x's local reputation table and can be computed at x as follows:

\begin{matrix} b_{n} ≜ \sum_{c \in C} b_{{(n, x : y)}_{c}} = \frac{1}{|C|} \sum_{c \in C} \frac{N_{{(n, x : y)}_{c}}^{s}}{N_{{(n, x : y)}_{c}}}, \\ d_{n} ≜ \sum_{c \in C} d_{{(n, x : y)}_{c}}^{} = \frac{1}{|C|} \sum_{c \in C} \frac{(1 - p_{c}^{u n c e r t a i n}) N_{{(n, x : y)}_{c}}^{f}}{N_{{(n, x : y)}_{c}}}, \\ u_{n} ≜ \sum_{c \in C} u_{{(n, x : y)}_{c}}^{} = \frac{1}{|C|} \sum_{c \in C} p_{c}^{u n c e r t a i n} \cdot \frac{N_{{(n, x : y)}_{c}}^{f}}{N_{{(n, x : y)}_{c}}}, \\ a_{n} = 0.5, \end{matrix}

(3)

where

N_{n, x : y}

(

N_{n, x : y} = N_{n, x : y}^{s} + N_{n, x : y}^{f}

) is the total number of the sensing results that x received from the user y.

N_{n, x : y}^{s}

is the number of the correct results and

N_{n, x : y}^{f}

is the number of the wrong results from y, respectively.

a_{n}

= 0.5 stands for the case that x's willingness to believe y is 50%.

p_{c}^{u n c e r t a i n}

denotes the degree of uncertainty whether y is trustworthy.

p_{c}^{u n c e r t a i n}

can be computed as

\begin{matrix} p_{c}^{u n c e r t a i n} = β_{c} \cdot p_{d} \cdot (1 - p_{f}), \\ p_{d} = 1 - p_{m}, \end{matrix}

(4)

where we assume that the channel is AWGN.

β_{c}

denotes the transition probability of the channel state from 1 to 0 after y has sent some sensing results.

p_{d}

is the detection probability of the secondary user,

p_{f}

is the false alarm rate, and

p_{m}

is the false negatives rate.

p_{f}

and

p_{d}

are defined as

\begin{matrix} p_{f} = \Pr \{Y > τ | H_{0}\} = 1 - Γ (\frac{L}{2}, \frac{τ}{2 σ_{0}^{2}}), \\ p_{d} = \Pr \{Y > τ | H_{1}\} = 1 - Γ (\frac{L}{2}, η \frac{σ_{0}^{2}}{σ_{1}^{2}}), \end{matrix}

(5)

where

H_{0}

is the zero hypothesis, indicating that the sensed channel is idle, while

H_{1}

is the alternative hypothesis, indicating that the channel is busy. Y is the output and τ denotes the threshold. The signal/noise ratio (SNR) is

(σ_{1}^{2} - σ_{0}^{2}) / σ_{0}^{2}

. L is the number of testing samples, η satisfies

Γ (L / 2, η) = 1 - p_{f}

, and

Γ (\cdot, \cdot)

denotes the incomplete Gamma function.

Considering the influence of time on opinion, the time-dependent value of a trust relationship from time $t_{i}$ , computed at the present time $t_{n}$ , is given by

\begin{matrix} b_{n} = b_{i} \times e^{- {({(b_{i})}^{- 1} Δ t)}^{2 k}}, \\ d_{n} = d_{i} \times e^{- {({(d_{i})}^{- 1} Δ t)}^{2 k}}, \\ u_{n} = 1 - b_{n} - d_{n}, \\ a_{n} = a_{i} \times e^{- {({(a_{i})}^{- 1} Δ t)}^{2 k}}, \\ Δ t = t_{n} - t_{i}, \end{matrix}

(6)

where k (

k \geq 1

) is the decay rate determining the rate of change over time of the opinion.

Δ t

(

Δ t > 1

) is the interval between

t_{i}

and

t_{n}

. When

Δ t \to \infty

e^{- ((b_{i})^{- 1} Δ t)^{2 k}} \to 0

and hence

b_{n} \to 0

. This corroborates that the past opinion value has less influence on the present opinion evaluation as the time interval between them increases.

The dynamic final reputation considering the trust decay at the time $t_{n}$ can be given by

\begin{matrix} ϖ_{n, x : y}^{f i n a l} = η_{1} \times (b_{i}, d_{i}, u_{i}, a_{i}) + η_{2} \times (b_{n}, d_{n}, u_{n}, a_{n}), \end{matrix}

(7)

where

η_{1}

and

η_{2}

are the weight factors (

η_{1} + η_{2} = 1, (η_{1}, η_{2} \in [0,1])

) used to determine how much the reputation evaluation results at times

t_{i}

and

t_{n}

affect the dynamic final reputation. When

E (ϖ_{n, x : y}^{f i n a l})

is less than the threshold, the secondary user will start the recommendation reputation and final reputation evaluation [25, 26].

Based on the abovementioned dynamic reputation model and combining with the characteristics of CRN, a reputation-based distributed secure cooperative sensing strategy (DSCS) is proposed. In DSCS, a secondary user combines its sensing results with the results of cooperative group members to evaluate the true state of the channel to improve the accuracy of sensing. Moreover, DSCS can also punish the untrustworthy user to reduce the influence of the false information to the network. The details of the DSCS are described in Algorithm 1. It is worth noting that $D B_{X}^{l o c a l}$ is x's local reputation table. The size of the table is 1 Mb–10 Mb depending on the number of cycles in the simulation, so the memory overhead is not much considering the memory size of modern devices.

Algorithm 1: Distributed secure cooperative sensing strategy (DSCS).

Input: Wireless channel set C, detectable channel set $C_{X}$ ,

Output: Three most trustworthy secondary users (Trust₁, Trust₂, Trust₃) and an untrustworthy secondary user ( ${N o T r u s t}_{n}$ )

(1) Begin

(2) Setup the spectrum detection collaborative group (CGSD) for secondary user x;

(3) Initialize the parameters of the reputation model $(ϖ_{X : C G S D_{i}^{X}} = (b_{X : C G S D_{i}^{X}}, d_{X : C G S D_{i}^{X}}, u_{X : C G S D_{i}^{X}}, a_{X : C G S D_{i}^{X}}))$ , $η_{1}$ , $η_{2}$

(4) and the reputation threshold ( $E_{t h r e s h o l d}$ ), detection period of x( $T_{X}$ ) and data transmission sign (flag);

(5) If ( $t_{i} < t < t_{i} + T_{X}$ ) then

(6) Monitoring the common control channel (CCC);

(7) Else if receive $(R E S T_{o t h e r}^{s e n s i n g}) \in C G S D^{X}$ then

(8) Store the sensing result into the $D B_{X}^{l o c a l}$ ;

(9) Else

(10) Discard this message;

(11) End if

(12) If (( $t = t_{i} + T_{X}$ ) && flag) then

(13) Detect the detectable channel set $C_{X}$ ;

(14) Store the sensing result into the $D B_{X}^{l o c a l}$ ;

(15) End if

(16) If !(flag) then

(17) Compute the $E (ϖ_{X : C G S D_{i}^{X}})$ ;

(18) Sort( $E (ϖ_{X : C G S D_{i}^{X}})$ );

(19) Select three most trustworthy secondary users Trust₁, Trust₂, Trust₃;

(20) Select the secondary user whose reputation value is less than the $E_{t h r e s h o l d}$ ;

(21) Execute the channel search scheme (CSS): CSS(Trust₁, Trust₂, Trust₃);

(22) Punish( ${N o T r u s t}_{n}$ );

(23) End if

(24) End

5. Distributed Cheat-Proof Spectrum Allocation Strategy (DCSA)

After spectrum sensing, how to ensure the rationality and reliability of spectrum resource allocation is a new challenge for distributed CRNs. In this section, a novel cheat-proof spectrum allocation strategy based on Vickrey-Clarke-Groves (VCG) mechanism is proposed. With the mechanism, we formulate the utility function of system and malicious users and then analyze and proof the efficiency of the strategy through the utility function.

In DCSA, we denote the channel set that can be controlled as $C = {c_{1}, c_{2}, \dots, c_{m} | m > 1}$ and define the relevant bandwidth set as $B = {b_{1}, b_{2}, \dots, b_{m}}$ , where m represents the number of channels. We model the spectrum allocation processes as a VCG based auctions process and define the user's profit model, system's profit model, and VCG based distributed cheat-proof mechanism as follows.

5.1. User's Profit Model

Suppose user i has got the permission to access the channel c ( $c \in C$ ) and its throughput requirement is q, which is often private information known only to the user itself. Here, we adopt classical transmission model [30] as

\begin{matrix} q = lo g_{2} (1 + Q \cdot γ), \\ Q = \frac{1.5}{\ln (0.2 / B E R^{t a r})}, \end{matrix}

(8)

where Q is the transfer efficiency and γ is the signal-to-noise ratio of the receiver.

The profit of the user i, $u_{i} (q_{i}, c)$ , can be expressed as

\begin{matrix} u_{i} (q_{i}, c) = \{\begin{cases} V (q_{i}) - P (q_{i}, c), & purchase \\ 0, & do  not  purchase, \end{cases} \end{matrix}

(9)

where

V (q_{i})

is the profit function that the profits user i will gain when it gets the access permission.

V (q)

can be computed as

\begin{matrix} V (q) = a q^{2} + b q \\ s . t . q_{i} = 0, \\ V (0) = 0 \\ V^{'} (q_{i}) > 0, \\ V^{''} (q_{i}) < 0 \end{matrix}

(10)

in which a and b are the weight factors.

P (q_{i}, c)

is the cost of user i and can be computed as

\begin{matrix} P (q_{i}, c) = p_{c} q_{i}, \end{matrix}

(11)

where

p_{c}

is the cost of channel c.

p_{c}

is relevant to the reputation; the higher the reputation the lower the cost.

Hence, when $q_{i} > 0$ , the profit of the user i, $u_{i} (q_{i}, c)$ , can be computed as

\begin{matrix} u_{i} (q_{i}, c) = a q_{i}^{2} + (b - p_{c}) q_{i} . \end{matrix}

(12)

5.2. System's Profit Model

We consider distributed CRNs consisting of n ( $n = n_{1} + n_{2}, n_{1} \geq 1, n_{2} \geq 1$ ) users, where $n_{1}$ and $n_{2}$ represent the number of the primary users and secondary users, respectively. In the round of channel allocation, let $o = (c_{i, j} | i = 1,2, \dots, m; j = 1,2, \dots, n)$ denote the set of channel allocation, where $c_{i, j}$ indicates that the channel i is assigned to the user j. The system's best profit $π^{*}$ can be expressed as

\begin{matrix} π^{*} = \sum_{i = 1}^{n} u_{i} (q_{i}, o^{*}) = \max_{o_{k} \in O} \sum_{i = 1}^{n} u_{i} (q_{i}, o_{k}), \end{matrix}

(13)

in which $o^{*}$ is the best allocation results and can be computed as

\begin{matrix} o^{*} = a r g \max_{o_{k} \in O} \sum_{i = 1}^{n} u_{i} (q_{i}, o_{k}) . \end{matrix}

(14)

5.3. VCG Based Distributed Cheat-Proof Mechanism

In the distributed spectrum allocation process, some secondary users behave maliciously to maximize their own performance by providing the false resource demand. To offer stronger incentives for secondary users to honestly participate in the spectrum allocation process, we connect spectrum allocation to the reputation through a VCG based distributed cheat-proof mechanism.

Based on the abovementioned analysis in Sections 5.1 and 5.2, we first propose a distributed cheating-proof mechanism detailed description as follows.

In the proposed mechanism, the secondary user must pay taxes $T (q, o) > 0$ in addition to the cost of channel to gain the spectrum resource. The taxes for a user i denoted by $T_{i} (q_{i}, o^{*})$ can be expressed as

\begin{matrix} T_{i} (q_{i}, o^{*}) = \sum_{j \neq i} u_{j} (q_{j}, o_{- i}) - \sum_{j \neq i} u_{j} (q_{j}, o^{*}), \end{matrix}

(15)

in which $\sum_{j \neq i}^{} u_{j} (q_{j}, o_{i}^{*})$ is the total utility of all the other applicants when i participates in the mechanism. As opposed to $\sum_{j \neq i}^{} u_{j} (q_{j}, o_{i}^{*})$ , $\sum_{j \neq i}^{} u_{j} (q_{j}, o_{- i})$ is the total utility of all the other applicants when i withdraws from the mechanism. Then, the best utility of user i can be expressed as

\begin{matrix} u_{i}^{*} (q_{i}, o^{*}) = u_{i} (q_{i}, o^{*}) - [\sum_{j \neq i} u_{j} (q_{j}, o_{- i}) - \sum_{j \neq i} u_{j} (q_{j}, o^{*})] . \end{matrix}

(16)

A mechanism is the VCG mechanism if it can satisfy the following conditions [15, 31, 32]: (1)

The mechanism is incentive compatible.

(2)

The mechanism is individual rational.

Next, we will prove that the proposed distributed cheating-proof mechanism is a VCG mechanism.

Theorem 1 (the mechanism is incentive compatible (IC)).

A mechanism is incentive compatible (IC) if truth-telling is the best strategy for the users, which means that the users have no incentive to reveal false information.

Proof.

Suppose user i needs $q_{i}$ unit resource, but it applies for ${\hat{q}}_{i}$ and declares that $u_{i} ({\hat{q}}_{i}) > u_{i} (q_{i})$ , which gets the outcome $\hat{o}$ . According to the above description, user i needs to pay the taxes as

\begin{matrix} T_{i} (q_{i}, \hat{o}) = \sum_{j \neq i} u_{j} (q_{j}, o_{- i}) - \sum_{j \neq i} u_{j} (q_{j}, \hat{o}) . \end{matrix}

(17)

Hence, the final utility of user i is turned to

\begin{matrix} {\hat{u}}_{i} (q_{i}, \hat{o}) = u_{i} (q_{i}, \hat{o}) - [\sum_{j \neq i} u_{j} (q_{j}, o_{- i}) - \sum_{j \neq i} u_{j} (q_{j}, \hat{o})] = u_{i} (q_{i}, \hat{o}) + \sum_{j \neq i} u_{j} (q_{j}, \hat{o}) - \sum_{j \neq i} u_{j} (q_{j}, o_{- i}) = π (\hat{o}) - \sum_{j \neq i} u_{j} (q_{j}, o_{- i}) . \end{matrix}

(18)

For $π (\hat{o}) \leq π^{*}$ , we can get ${\hat{u}}_{i} (q_{i}, \hat{o}) \leq u_{i}^{*} (q_{i}, o^{*})$ , which incents user i to give true application resources and truth-telling is the best strategy for user i.

Theorem 2 (the mechanism is individual rational (IR)).

In an individual rational (IR) mechanism, rational users are expected to gain a higher utility from actively participating in the mechanism than from avoiding it.

Proof.

In the proposed mechanism, we consider the following two malicious behaviors: (1)

The user does not have the requirement, but it still applies for resources.

(2)

The user does not have enough to pay the cost and taxes for the resource, but it still applies for resources.

The utility of the user with these malicious behaviors, ${\hat{u}}_{i} ({\hat{q}}_{i}, \hat{o})$ , can be computed as

\begin{matrix} {\hat{u}}_{i} ({\hat{q}}_{i}, \hat{o}) = u_{i} ({\hat{q}}_{i}, \hat{o}) - T_{i} ({\hat{q}}_{i}, \hat{o}) . \end{matrix}

(19)

It is easy to show that in both cases the ${\hat{u}}_{i} ({\hat{q}}_{i}, \hat{o}) < 0$ when the incentive compatible is achieved. Therefore, for each user i, $u t i l i t y > 0$ and participation into the recommendation is an optimal choice, which means that the mechanism is individual rational.

In conclusion, according to the definition of VCG, the proposed mechanism is a VCG mechanism.

The details of the DCSA are described in Algorithm 2. In DCSA, the application and allocation of channels are done in competing slots, which have two stages. At the first stage, the base station calculates the best allocation results and then allocates the channels based on the demands from primary users. Primary users can apply for consecutive slots to complete its transmission. At the second stage, base station allocates the remaining vacant channels to secondary users, who can only apply for one slot in order to avoid the interference with primary users. After the allocation, base station waits for the users to complete transmission and then reallocate channels in the next competing slot.

Algorithm 2: Distributed cheating-proof spectrum allocation strategy (DCSA).

Input: Channel set C, bandwidth set B, number of user n and iterations loop

Output: The resource allocation results, the total profit of the PU and SU secondary users $π_{P U}^{*}$ , $π_{S U}^{*}$

(1) Begin

(2) While (loop > 0)

(3) Receive (user's resource request);

(4) Compute the $o_{P U}^{*} = K M (q_{P U})$ according to the PUs' resource requirement $q_{P U}$ ;

(5) Allocate the channel to the PU according to the $o_{P U}^{*}$ ;

(6) Compute the total profit of the PU $π_{P U}^{*}$ according to the $o_{P U}^{*}$ ;

(7) if there have the idle channel then

(8) Compute the ${\hat{o}}_{S U}^{*} = K M (q_{S U})$ according to the SUs' resource requirement $q_{S U}$ ;

(9) Allocate the channel to the SU according to the ${\hat{o}}_{S U}^{*}$ ;

(10) Compute the total profit of the SU $π_{S U}^{*}$ according to the $o_{S U}^{*}$ ;

(11) End if

(12) loop–;

(13) End While

(14) End

6. Performance Evaluation

In this section, we implement our strategies and conduct extensive simulation experiments using MATLAB to verify the efficacy of the proposed strategies. We assume that the malicious nodes can launch SSDF attacks in the sensing and allocation process by reporting falsified values. They can also implement the Random Attack strategy or the Intermittent Attack strategy which means that the attacks are launched intermittently in a random way. For the Intermittent Attack strategy, we simulate the scenario where the malicious nodes attack with a 50% intensity. The intensity stands for the probability that the malicious node launches an attack during an interaction.

6.1. Performance of the DSCS

In this subsection, the performance of the proposed DSCS is compared to the distributed Random [33] and EDSO [34] schemes in terms of the sensing accuracy rate denoted by $A C C$ .

In our simulations, the number of secondary users is 5 (secondary user is denoted by x in the simulations) and the number of detectable channels of each secondary user is 4. The initial reputation of x toward y is $ω_{x : y} = (0.5,0.25,0.25,0.5)$ ; the threshold of the reputation expectation, $E_{t h r e s h o l d}$ , is 0.5. The parameters $η_{1}, η_{2}$ are 0.5 and 0.5, which are empirical values obtained from multiple experiments. The time slot is 1 s and the simulation results are the average values obtained from 1000 runs of simulation experiments.

First, we compare the $A C C$ of the three strategies without SSDF attacks (i.e., without dishonest recommendations). Suppose that there are 6 available channels and each secondary user can detect up to 4 channels. The $A C C$ can be computed as

\begin{matrix} A C C = \frac{N_{s u c c e s s}}{N_{s e l e c t}}, \end{matrix}

(20)

where

N_{s u c c e s s}

is the number of successful channel accesses and

N_{s e l e c t}

is the number of channel accesses.

We can observe in Figure 3 that all the three strategies can detect the channels from 1–4. But, since both the Random and EDSO strategies do not adopt the cooperative sensing scheme, they cannot detect channels 5 and 6. The proposed DSCS adopts the cooperative sensing scheme, which makes it possible to receive the sensing results recommended by the other cooperative users, so it can gain the status of channels 5 and 6 and use them to improve the channel utilization rate. Moreover, it is seen that the sensing accuracy performance of the DSCS is better than that of the Random and EDSO scheme. In the Random and EDSO scheme the channel status information is computed and obtained only from the local sensing results, while in DSCS the secondary users gather channel status information from the cooperative users and compute the final sensing results through combining the local sensing result with these cooperative sensing results.

Figure 3

Comparison of ACC without SSDF attacks.

Next, we compare the sensing accuracy performance of DSCS to that of the Random and EDSO scheme under the random SSDF and Intermittent SSDF attacks. The results are shown in Figures 4–6.

Figure 4

Comparison of ACC with SSDF attacks.

Figure 5

Comparison of ACC with random SSDF attacks.

Figure 6

Comparison of ACC with intermittent SSDF attacks.

In Figure 4, we analyze the $A C C$ performance of DSCS when malicious users exist. The results indicate that the sensing results are affected by the malicious users, and the $A C C$ of DSCS decreases from 0.6 to less than 0.4 as the number of malicious users increases from 20 to 30. In DSCS, the proposed reputation mechanism will identify the malicious users and then punish them by isolating them from the network. The punishment will decrease the number of cooperative users and the cooperative sensing information; as a result, the accuracy of the DSCS drops.

As shown in Figure 5, the $A C C$ of all the three strategies decreases when the number of the channels increases. Since the SSDF is randomly launched and cannot be detected effectively, the $A C C$ of the Random and EDSO scheme decreases at a percentage up to 70% and 73%, respectively. However, for the DSCS, because the cooperative users can provide additional sensing information combined with the local sensing information to compute the final sensing result, its $A C C$ only decreases by 35%.

In Figure 6, we compare the $A C C$ of all the three strategies when the Intermittent SSDF attacks are present. In the simulation, we consider the scenario where the malicious nodes attack with a 50% intensity. The results in Figure 6 are similar to those in Figure 5; the $A C C$ of Random and EDSO scheme decreases at a percentage up to 80% and 83% (in Figure 5, they are 70% and 73%), respectively. For the DSCS, its $A C C$ only decreases by 40% (in Figure 5, it is 35%), which is much lower than that of the Random and EDSO scheme.

6.2. Performance of the DCSA

In this subsection, the performance of the proposed DCSA is verified in terms of the spectrum allocation accuracy rate denoted by ACR. We consider that there are 10 primary users and 10 secondary users. We set $B E R^{t a r} = 1 0^{- 4}$ and $γ \in [5 d B, 20 d B]$ . The values of parameters a and b in (13) are −10, 40.

In Figure 7, we set the deception rate $λ = 0.2$ and compare the ACR of the spectrum allocation process without DCSA under SSDF attacks to that with no SSDF attacks. The results in Figure 7 indicate that the ACR of both scenarios increases when the time increases. As expected, The ACR under no SSDF attacks is better than that under SSDF attacks, since the spectrum allocation will be affected by the SSDF attacks. Then, we investigate the impact of deception rates λ on the ACR. The simulation results are shown in Figure 8. It can be seen that the average ACR when $λ = 0.2$ is higher than that when $λ = 2$ . The simulation results demonstrate that the deception rate has a big impact on the ACR: the higher is the deception rate, the lower is the ACR.

Figure 7

Comparison of ACR with and without SSDF attacks.

Figure 8

Comparison of ACR with different deception rates.

The above analysis shows that it is necessary to build a SSDF-proof spectrum allocation strategy. In the following, we will compare the ACR performance of the strategy with DCSA to that of the strategy without DCSA.

As shown in Figures 9 and 10, under the SSDF attack, the ACR of both strategies (with or without DCSA) decreases when the time or the percentage of the malicious users increases, while the ACR of strategy with DCSA decreases slower than that without DCSA. In this simulation, the malicious users are assumed to be rational, so the proposed DCSA can effectively incentivize secondary users to honestly participate in the spectrum allocation process by reducing its reputation when it provides dishonest information. Since the reputation of a secondary user will be the reference for the next round of spectrum allocation and cooperative user selection, the reduction of reputation will keep the malicious users away from lying because they cannot get utility from lying. As a result, the ACR of the strategy with DCSA is better than that without DCSA.

Figure 9

ACR as a function of slot.

Figure 10

ACR as a function of the percentage of malicious users.

7. Conclusions

In this paper, we have investigated the challenging problems of secure spectrum sensing and spectrum allocation in CRNs and have proposed a distributed cooperative sensing strategy (DSCS) and a cheat-proof spectrum allocation strategy (DCSA). Based on the combination of the proposed dynamic reputation model and VCG mechanism, the DSCS and DCSA can effectively defend against the internal SSDF attacks. Moreover, the DSCS and DCSA do not rely on a central authority or a common control channel and are therefore applicable in distributed CRNs. Nevertheless, the proposed algorithm imposes some communications and computing overhead caused by nodes interactions which is not calculated in this work, as we focus on the security and effectiveness of the cooperative spectrum sensing and allocation scheme in CRNs. We intend to investigate and analyze the overhead issue in our future work. The elaborated simulation tests and performance analysis have verified that the DSCS and DCSA are secure and efficient. More specifically, in the presence of SSDF attacks, the sensing accuracy rate and the spectrum allocation accuracy rate of the proposed DSCS and DCSA are much better than those of the existing strategies.

Footnotes

Notations and Symbols

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments

This work is supported by National Natural Science Foundation of China (61202390, 61363068, 61472083, and 61402110), the Foundation of Fujian Province Educational Department of China (JA15121), Fujian Normal University Innovative Research Team (IRTL1207), and Fujian Provincial Key Laboratory of Network Security and Cryptology Research Fund (Fujian Normal University).

References

Akyildiz

I. F.

B. F.

Balakrishnan

Cooperative spectrum sensing in cognitive radio networks: a survey

Physical Communication 2011 4 1 40 62

10.1016/j.phycom.2010.12.003

2-s2.0-79951577034

Zhang

Security issues in cognitive radio networks

Cognitive Networks: Towards Self-Aware Networks 2014

John Wiley & Sons

271 291

Zhang

Safavi-Naini

Incentivize cooperative sensing in distributed cognitive radio networks with reputation-based pricing

Proceedings of the 33rd IEEE Conference on Computer Communications (IEEE INFOCOM ′14)

May 2014

Toronto, Canada

2490 2498

10.1109/infocom.2014.6848195

2-s2.0-84904428324

Chen

C.-Y.

Chou

Y.-H.

Chao

H.-C.

C.-H.

Secure centralized spectrum sensing for cognitive radio networks

Wireless Networks 2012 18 6 667 677

10.1007/s11276-012-0426-3

2-s2.0-84865336322

Chen

Park

J.-M. J.

Bian

Robustness against Byzantine failures in distributed spectrum sensing

Computer Communications 2012 35 17 2115 2124

10.1016/j.comcom.2012.07.014

2-s2.0-84866739594

Han

Chen

Wang

J.-X.

An enhanced D-S theory cooperative spectrum sensing algorithm against SSDF attack

Proceedings of the 75th Vehicular Technology Conference (VTC ′12)

June 2012

Yokohama, Japan

10.1109/vetecs.2012.6240040

2-s2.0-84865008189

Rawat

A. S.

Anand

Chen

Varshney

P. K.

Collaborative spectrum sensing in the presence of Byzantine attacks in cognitive radio networks

IEEE Transactions on Signal Processing 2011 59 2 774 786

10.1109/tsp.2010.2091277

2-s2.0-78651372721

Yadav

Nene

M. J.

RSS based detection and expulsion of malicious users from cooperative sensing in cognitive radios

Proceedings of the 3rd IEEE International Advance Computing Conference (IACC ′13)

February 2013

Ghaziabad, India

181 184

10.1109/iadcc.2013.6514217

2-s2.0-84879855011

Zhou

Shen

Chen

Xie

A cooperative spectrum sensing scheme based on the Bayesian reputation model in cognitive radio networks

Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC ′13)

April 2013

Shanghai, China

IEEE

614 619

10.1109/wcnc.2013.6554634

2-s2.0-84881592267

10.

Mukherjee

Diffusion of cooperative behavior in decentralized cognitive radio networks with selfish spectrum sensors

IEEE Journal on Selected Topics in Signal Processing 2013 7 2 175 183

10.1109/JSTSP.2013.2246136

2-s2.0-84893569644

11.

Zhu

Gao

Guan

Xing

YouSense: mitigating entropy selfishness in distributed collaborative spectrum sensing

Proceedings of the 32nd IEEE Conference on Computer Communications (INFOCOM ′13)

April 2013

Turin, Italy

2535 2543

10.1109/infcom.2013.6567060

2-s2.0-84883071415

12.

F. R.

Huang

A distributed consensus-based cooperative spectrum-sensing scheme in cognitive radios

IEEE Transactions on Vehicular Technology 2010 59 1 383 393

10.1109/tvt.2009.2031181

2-s2.0-76849089351

13.

Zhang

Safavi-Naini

ReDiSen: reputation-based secure cooperative sensing in distributed cognitive radio networks

Proceedings of the IEEE International Conference on Communications (ICC ′13)

June 2013

Budapest, Hungary

IEEE

2601 2605

10.1109/icc.2013.6654927

2-s2.0-84891361827

14.

Yan

Jiang

Lou

Hou

Y. T.

Vulnerability and protection for distributed consensus-based spectrum sensing in cognitive radio networks

Proceedings of the 31st Annual IEEE International Conference on Computer Communications (INFOCOM ′12)

March 2012

Orlando, Fla, USA

900 908

10.1109/INFCOM.2012.6195839

15.

Deng

Zhang

R. Q.

Song

L. Y.

Han

Jiao

B. L.

Truthful mechanisms for secure communication in wireless cooperative system

IEEE Transactions on Wireless Communications 2013 12 9 4236 4245

10.1109/twc.2013.080113.120260

2-s2.0-84884841690

16.

Xie

F. R.

Energy-efficient resource allocation for heterogeneous cognitive radio networks with femtocells

IEEE Transactions on Wireless Communications 2012 11 11 3910 3920

10.1109/twc.2012.092112.111510

2-s2.0-84870560136

17.

Jiang

Wang

Vasilakos

A. V.

QoE-driven channel allocation schemes for multimedia transmission of priority-based secondary users over cognitive radio networks

IEEE Journal on Selected Areas in Communications 2012 30 7 1215 1224

10.1109/JSAC.2012.120807

2-s2.0-84864540763

18.

Xie

F. R.

Dynamic resource allocation for heterogeneous services in cognitive radio networks with imperfect channel sensing

IEEE Transactions on Vehicular Technology 2012 61 2 770 780

10.1109/tvt.2011.2181966

2-s2.0-84857272645

19.

Tan

L. T.

L. B.

Channel assignment with access contention resolution for cognitive radio networks

IEEE Transactions on Vehicular Technology 2012 61 6 2808 2823

10.1109/tvt.2012.2196532

2-s2.0-84863905256

20.

Wang

Zhou

Z.-H.

Wang

Resource allocation for heterogeneous cognitive radio networks with imperfect spectrum sensing

IEEE Journal on Selected Areas in Communications 2013 31 3 464 475

10.1109/JSAC.2013.130312

2-s2.0-84874588974

21.

Tachwali

B. F.

Akyildiz

I. F.

Agusti

Multiuser resource allocation optimization using bandwidth-power product in cognitive radio networks

IEEE Journal on Selected Areas in Communications 2013 31 3 451 463

10.1109/JSAC.2013.130311

2-s2.0-84874624240

22.

El-Sherif

A. A.

Liu

K. J. R.

Joint design of spectrum sensing and channel access in cognitive radio networks

IEEE Transactions on Wireless Communications 2011 10 6 1743 1753

10.1109/TWC.2011.032411.100131

2-s2.0-79959573449

23.

Buchegger

Le Boudec

J.-Y.

Self-policing mobile ad hoc networks by reputation systems

IEEE Communications Magazine 2005 43 7 101 107

10.1109/MCOM.2005.1470831

2-s2.0-24744432675

24.

Mundinger

Le Boudec

J.-Y.

Analysis of a reputation system for Mobile Ad-Hoc Networks with liars

Performance Evaluation 2008 65 3-4 212 226

10.1016/j.peva.2007.05.004

2-s2.0-38749146509

25.

Lin

J. f.

Yang

PA-SHWMP: a privacy-aware secure hybrid wireless mesh protocol for IEEE 802.11s wireless mesh networks

EURASIP Journal on Wireless Communications and Networking 2012 2012 1, article 69 16

10.1186/1687-1499-2012-69

26.

Lin

J. F.

Nagar

A role based privacy-aware secure routing protocol for wireless mesh networks

Wireless Personal Communications 2014 75 3 1611 1633

10.1007/s11277-013-1171-3

2-s2.0-84899464496

27.

Shafer

A Mathematical Theory of Evidence 1976

Nanjing, China

Princeton

28.

Islam

M. S.

Hamid

M. A.

Hong

C. S.

SHWMP: a secure hybrid wireless mesh protocol for IEEE 802.11s wireless mesh networks

Transactions on Computational Science VI 2009 5730

Berlin, Germany

Springer

95 114 Lecture Notes in Computer Science

10.1007/978-3-642-10649-1_6

29.

Ren

Lou

Zhang

PEACE: a novel privacy-enhanced yet accountable security framework for metropolitan wireless mesh networks

IEEE Transactions on Parallel and Distributed Systems 2010 21 2 203 215

10.1109/tpds.2009.59

2-s2.0-75449091361

30.

Goldsmith

A. J.

Chua

S. G.

Variable-rate variable-power MQAM for fading channels

IEEE Transactions on Communications 1997 45 10 1218 1230

10.1109/26.634685

2-s2.0-0031257246

31.

Mohammed

Otrok

Wang

Debbabi

Bhattacharya

Mechanism design-based secure leader election model for intrusion detection in MANET

IEEE Transactions on Dependable and Secure Computing 2011 8 1 89 103

10.1109/TDSC.2009.22

2-s2.0-78649356481

32.

Wei

Zhou

Kang

Collins

Nixon

A strategy-proof trust mechanism for pervasive computing environments

Proceedings of the IEEE 6th International Conference on Mobile Adhoc and Sensor Systems (MASS ′09)

October 2009

Macau, China

728 733

10.1109/mobhoc.2009.5336929

2-s2.0-74249102189

33.

Luo

Roy

Analysis of search schemes in cognitive radio

Proceedings of the 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON ′07)

June 2007

San Diego, Calif, USA

IEEE

647 654

10.1109/sahcn.2007.4292877

2-s2.0-48049121785

34.

Kim

Shin

K. G.

Efficient discovery of spectrum opportunities with MAC-layer sensing in cognitive radio networks

IEEE Transactions on Mobile Computing 2008 7 5 533 545

10.1109/TMC.2007.70751

2-s2.0-41449106517