Securing Cognitive Radio Networks: O. Le On, J. Hern Andez-Serrano and M. Soriano

INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS
Int. J. Commun. Syst. 2010; 23:633652

Published online 10 February 2010 in Wiley InterScience (www.interscience.wiley.com). DOI: 10.1002/dac.1102
Securing cognitive radio networks

O. Leon1, , , J. Hernandez-Serrano1 and M. Soriano1,2
1 Department
2 Centre
of Telematics, Universitat Politècnica de Catalunya, Barcelona, Spain

Tecnològic de Telecomunicacions de Catalunya (CTTC), Barcelona, Spain
SUMMARY
Cognitive radio is a promising technology aiming to improve the utilization of the radio electromagnetic
spectrum. A cognitive radio device uses general purpose computer processors that run radio applications
software to perform signal processing. The use of this software enables the device to sense and understand
its environment and actively change its mode of operation based on its observations. Unfortunately, this
solution entails new security challenges. Our objective in this paper is to analyze the security issues of
the main recent developments and architectures of cognitive radio networks. We present vulnerabilities
inherent to those systems, identify novel types of abuse, classify attacks, and analyze their impact on
the operation of cognitive radio-based systems. Moreover, we discuss and propose security solutions to
mitigate such threats. Copyright q 2010 John Wiley & Sons, Ltd.
Received 17 August 2009; Revised 6 November 2009; Accepted 26 November 2009
KEY WORDS:
cognitive radio; cognitive radio network; security
1. INTRODUCTION
With the rapid increase of wireless applications, spectrum is becoming a scarce resource as all
frequencies below 3 GHz have been allocated to specific users. Regulatory agencies like the Federal
Communications Commission (FCC) allocate spectrum for particular types of services that are
then licensed to bidders for a fee. Those allocations and licenses are static in nature, and this
fact has led to considerable inefficiency in spectrum utilization and has produced an unnecessary
shortage of spectrum. Actual measurements show that most of the allocated spectrum is vastly
under utilized at any specific location and time.
A conventional, hardware-based wireless device can access only one area of the radio spectrum,
but an intelligent cognitive radio (CR) device can sense and identify white spacesor vacant
areasin the spectrum that can be used for communications. CR enables smart reconfigurable
transceivers to make optimal use of spectrum by seeking out uncrowded bands and tuning into
Correspondence
to: O. Leon, C4-307, Escola Politècnica Superior de Castelldefels, Esteve Terradas 7, 08860
Castelldefels, Spain.
E-mail: olga@entel.upc.edu
Copyright q
2010 John Wiley & Sons, Ltd.
O. LEON,
J. HERNANDEZ-SERRANO
AND M. SORIANO
634
them with software that can adapt to a wide range of different frequencies and modulation schemes.
In other words, CRs have been proposed as a way to reuse this under utilized spectrum and their
flexibility is seen as a possible solution to the overcrowding of some spectrum space. This fact gives
opportunity to unlicensed devices to be secondary users of the spectrum and use the frequency
bands only if the official or primary user of the spectrum is not using them. Unfortunately, there
are also new unique opportunities presented to the malicious attackers; cognitive radio networks
(CRNs) introduce an entire new suite of threats that are not easily mitigated.
The physical and link layers of CRNs are very different from those of conventional wireless
networks. The particular attributes of CRNs, such as cooperative spectrum sensing, incumbent- and
self-coexistence mechanisms, raise new security implications. Nevertheless, this topic has received
far less attention than other areas of CR.
This paper identifies vulnerabilities and potential attacks to this kind of networks covering from
the physical to the transport layer. Attacks to CRNs include those common to other wireless and
ad hoc networks and new ones specifically targeted to these networks. The former have been
broadly studied in the literature and, therefore, we have mainly focused on the latter. Moreover,
the paper presents an analysis of some crucial security issues that are important to consider in the
design of a strong security model to the success and wide deployment of CRNs.
The rest of the paper is organized as follows. Section 2 provides a brief overview of CR devices
and CRNs. Section 3 presents and analyzes known and novel attacks to different types of CRNs.
Next, in Section 4 we discuss and propose solutions to mitigate these threats. Finally, we present
the conclusions of the work.
2. AN OVERVIEW OF COGNITIVE RADIO

This section represents a general review of the CR and CRNs to achieve a better understanding of
their security concerns.
2.1. Cognitive radio
The term Cognitive Radio was first officially presented by Mitola and Maguire in 1999 [1].
Their original description has received several interpretations and consequently the term Cognitive
Radio has become overloaded and with many potential meanings [24]. From our point of view,
Mahmouds definition [4] is the most accurate as it clearly reflects the cognitive meaning which
is related to thinking, reasoning, and remembering. Therefore, from now on we will refer to
Cognitive Radio as follows:
Cognitive radio is a smart radio that has the ability to sense the external environment, learn from
the history, and make intelligent decisions to adjust its transmission parameters according to the
current state of the environment.
It is important to remark that a CR is not what in the literature is called adaptative radio. A
CR can not only adapt to the best spectrum settings but also store past data, learn, and positively
evolve. Indeed, adaption is a subset of CR characteristics, and an adaptative radio is not necessarily
cognitive at all [5].
The adjective cognitive is defined in the Merriam-Webster as of, relating to, being, or involving conscious
intellectual activity (as thinking, reasoning, or remembering).
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
SECURING COGNITIVE RADIO NETWORKS
635
Figure 1. A typical 802.22 cognitive radio device.
The CR definition hints at the two main accepted characteristics nowadays [6]: (1) cognitive
capability, which refers to sense the information from its radio environment and identify the best
and more appropriate spectrum and operating parameters and (2) reconfigurability that enables the
radio components to be dynamically programmed according to cognitive decisions.
Both characteristics are clearly shown in Figure 1, which conceptually represents a CR device
with its basic modules. The cognitive capability characteristic is related to the cognitive module in
the figure. The reconfigurability characteristic is leaded by the cognitive module and executed by
the reconfigurator. Typically, as it is the case of 802.22 networks, two radio modules are needed for
receiving external data and maintaining communications. In short, the modules in Figure 1 are a
radio for spectrum sensing, a radio for data exchange, the cognitive module, and the reconfigurator
module that adjusts radio parameters according to the cognitive module decisions.
Autonomic networks is another branch of research that has introduced the cognitive abilities
focusing not only on the radio part but also the whole network infrastructure. The framework in
autonomic networks is structured around the different steps of the reconfiguration activity: sense,
analyze, and respond [7]. Note how similar it is with CRN principles, but just applying them for
a more general scenario.
2.2. Cognitive radio networks
Mitola introduced in [8] the term Cognitive Network describing it as a network of CRs. Moreover,
the term Cognitive Radio Network has appeared and refers to the same concept. From now on we
will use Cognitive Radio Network, as it emphasizes the presence of radio links, and we define it
as follows:
Cognitive radio network is a network made up of CRs by extending the radio link features to
network layer function and above. By means of CRs cooperation, the network is able to sense
its environment, learn from the history, and accordingly decide the best spectrum settings.
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
636
O. LEON,
AND M. SORIANO
Figure 2. Cognitive radio network.
It is necessary to emphasize the system-level scope of cognitive networks, where all cognition
functions are performed to improve the end-to-end performance of the whole system. From this
point of view we can see a CRN as a brain made up of cooperative CRs that are the neurons
(see Figure 2).
Upon the proposal of the FCC of allowing unlicensed devices to operate in licensed bands in
white spaces, i.e. portions of licensed TV bands not in use, research in CRNs has mainly focused
on designing mechanisms to allow users associated to these networks to make use of white spaces
without harmful interference to licensed users. Consider the network model shown in Figure 3; a
primary network is an existing network infrastructure operating with license in a given spectrum
band, such as current cellular or TV broadcast networks, and offering its services to incumbents or
primary users. Within this context, a CRN operates in both licensed and unlicensed bands. When
using the licensed band, the CRN may coexist with existing primary networks, and thus it is seen
as a secondary network, which is only allowed to use spectrum in an opportunistic manner and
without causing interference to primary networks.
The selection of a given channel for the operation of the CRN is based on sensing measurements
performed by the CRN members in two possible manners: (1) centralized, e.g. in the base station
of an infrastructure mode network and (2) cooperative, as it would the case in ad hoc networks.
The information related to the new frequencies must be then propagated through the CRN by
means of either an in-band channel or out-of-band channel. One of the most studied solutions is
the use of a cognitive pilot channel (CPC) [9]. This channel is ideally predefined and used between
all the CRN members and different CRNs thus allowing to more efficiently sharing the available
frequencies and avoiding the scanning of the entire spectrum to identify vacant bands.
Many approaches have been proposed in the literature, such as the IEEE 802.22 [10],
DIMSUMnet [11], KNOWS [12], CORVUS [13], or DSAP [14]. Among them, it is worth
mentioning the IEEE 802.22, which defines a point-multipoint air-interface, composed by a
base station and several consumer premise equipments (CPEs). The base station is responsible
for collecting spectrum sensing information provided by the several CPEs and controlling the
medium access. According to this information, it determines which channels can be used without
interfering to incumbents, and allocates the available bandwidth among the CPEs associated to
it. Communication between the base station and the CPEs is performed in-band, i.e. through the
same channel used to transmit and receive at time intervals specified by the base station.
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
637
Figure 3. CRN model.
It is important to remark that many CRNs may overlap trying to make use of the same spectrum
left by a primary network. This behavior is often referred as self-coexistence. Because of this,
there is a need for mechanisms to enable coexistence among existing CRNs. 802.22 defines a
coexistence beacon protocol (CBP) at the Media Access Control (MAC) layer that address several
coexistence needs in a coherent manner [15].
3. ATTACKS TO COGNITIVE RADIO NETWORKS

Security is necessary in CRNs because the data channel is easily accessed by an attacker. In the
context of CRNs, we define attacks as actions that achieve at least one of the following goals:
Unacceptable interference to licensed primary users: Because of the attack, the communication channel of primary/licensed users of a frequency band is diminished or just becomes
unusable (denial-of-service (DoS) attack).
Missed opportunities for secondary users: An attacker could prevent secondary users from
using available spectrum bands thus, once again, reducing channel performance or just denying
service to secondary users.
Access to private data: An attacker could try to access data in an unauthorized way. As a
consequence data must be secured by means of cryptographic primitives.
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
O. LEON,
AND M. SORIANO
638
Table I. Attacks to CRNs (new specific ones in bold).

physical
link
network
jamming
PUEA [18]
OFA [20]
CCDA [22]
spoofing/sybil [16, 17]

packet injection
selfish [17]
selective forwarding [17]
false feedback [17, 23]
worm/sink -hole [17]
transport
Jellyfish [19]
Lion [21]
Modification of data: An attacker could try to modify the data exchanged between several
entities to its own advantage. Thus, integrity of data must be assured.
Injection of false data: Injection of false data could make the CRN to perform in an unpredictable way or just following the attacker guidelines. Therefore, authentication of information
sources should be guaranteed.
As the last three attack goals have been broadly studied by the cryptographic community, we
will focus on the first two ones that are much related to the CRN nature. However, in Table I we
provide a summary of the attacks to CRNs clearly identifying the new specific ones with respect
to common attacks to wireless networks. The attacks have been classified according to the targeted
layer in the Open System Interconnection (OSI) stack.
Next we describe the new specific attacks to CRNs: PUEA (primary user emulation attacks),
OFA (objective function attacks), CCDA (common control data attacks), false feedback, and Lion
attack.
3.1. Primary user emulation attacks
The well-known jamming attack involves the radiation of radio signals that intentionally disrupt
communications in the attacked network. If the generated interferences are big enough, they can
substantially decrease the communications performance or even stop them at all implementing a
DoS attack. Detection of jamming is even more difficult in CRN as the interferences can be created
by pseudo primary users and thus the attack source can be hardly detected. Moreover, as the
jamming attack is targeted to the victim frequencies, in CRNs it will probably force a frequency
handoff incurring considerable delay.
CRs or secondary users are allowed to operate in licensed bands on a non-interference basis, and
therefore, it is needed to continuously sense the medium in order to detect the presence of primary
users. Because of this, one of the keys in the success of CRNs is the development of effective
spectrum sensing mechanisms. It is also necessary, however, to have the ability of distinguishing
secondary users associated with other CRNs from incumbents: if a primary signal is detected in
a given frequency, secondary users must switch to one of the vacant bands (a process known as
spectrum handoff). On the other hand, if another secondary user is already operating in such band,
self-coexistence mechanisms are needed to fairly share the spectrum.
This fact poses a security hole in the system, as an attacker could pretend to be an incumbent
by transmitting a signal with similar characteristics to a primary signal, thus preventing secondary
users from using vacate bands. This attack, coined in [24] as PUEA, is quite realistic, given the
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
639
flexibility offered by CRs in terms of transmission parameters. This possibility reinforces the need
for sensing mechanisms to effectively recognize primary signals.
There exist many approaches for spectrum sensing [25]. The most common are energy detection
based because of their simplicity, in which the signal is detected by comparing the output of the
detector with a threshold. Because of this, the detection mechanism is highly sensitive to changing
noise levels, easily leading to false positives. Moreover, it presents other drawbacks, such as its
incapacity of discriminating between signals, interference and noise, and the fact that it does not
work for detecting spread spectrum, direct sequence, or frequency hopping signals. In the case of
CRNs with energy-based spectrum sensing, an attacker just needs to transmit any kind of signal
when no primary transmissions are taking place to appear as an incumbent for secondary users.
Other mechanisms, such as matched filter, cyclostationary feature detection, or waveformbased sensing, are more efficient, but in contrast require some previous knowledge of the signal.
Hence, they would imply CRs storing information about signal patterns of all types of primary
transmissions. These schemes may complicate a PUEA but not avoid it, since an attacker can still
transmit a signal with the same spectral characteristics as a legitimate primary signal. By way of
illustration, the attacker could easily transmit a TV signal by using a TV Ultra High Frequency
(UHF) transmitter or just replay a real TV signal.
Having some knowledge of the CRN can help to perform a more specific PUEA. For example in
IEEE 802.22 networks, the attacker could take advantage of the synchronization of secondary users
required during sensing periods. In 802.22, the base station is responsible for establishing quiet
periods of time in which transmissions are not allowed to perform spectrum sensing and detect
primary signals. Any transmission detected during that period may be considered as a primary
signal (if the sensing mechanism is not good enough). Thus, a malicious user could just transmit
during sensing periods to perform the DoS attack as shown in Figure 4.
Another example (see Figure 5) is an attacker that performs new PUEAs whenever the CRN
switches from one channel to another (frequency handoff) thus degrading the data throughput of
the CRN or completely leading to a DoS. It is assumed that the attacker will find the next CRN
Figure 4. Asynchronous transmission.

Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
640
O. LEON,
AND M. SORIANO
Figure 5. DoS by mean of consecutive PUEAs.
operation channel in a limited time determined by:

Sensing the media till finding the new channel of operation. The attacker could discard some
very improbable or just forbidden (in use by primary signals) channels to minimize the channel
search time. Moreover, the attacker can estimate the more probable new CRN channel based
on its local sensing.
The attacker obtains the next hop by eavesdropping the common control data of the CRN
(CCDA). As explained below, in Section 3.3, securing such data is challenging.
The impact of the PUEA depends on several factors, such as the location of the attacker and
the sensibility of CRs in their measurements. Selecting an optimal position to perform the attack
will cause many secondary users concluding that a given band is occupied and looking for another
unoccupied portion of the spectrum. On the other hand, if an energy-based method is used to
detect primary users, the threshold value will also play an important role: the lower the threshold
is, the easier to perform a PUEA.
According to the target of the attack, we classify PUEAs into malicious or selfish attacks. The
objective of malicious attacks is to prevent secondary users from detecting vacate bands and use
them (DoS), whereas selfish attacks aim at maximizing the attacker spectrum usage.
3.2. Objective function attacks
Within a CRN, incumbents control several radio parameters to enhance the network performance.
The parameters choice is often done by means of an artificial intelligence (AI) algorithm, such as
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
(a)
641
(b)
Figure 6. Objective functions: (a) objective function and (b) hacked objective function after OFA.
genetic, hill-climbing, or random walks [26]. Such algorithms make slight modifications of several
input factors to find their optimal values that maximize an objective or goal function. In the context
of CR, input factors can be frequency, bandwidth, power, modulation type, coding rate, channel
access protocol, encryption type, authentication type, message integrity code, and frame size [20].
Within one of the simplest approaches we can define a weight-based objective function with
only two goals: high rate and security. As an example we can define a weight-based objective
function in which the different requirements of each service will determine the weight assigned to
each goal. On the one hand, in multimedia transmissions high rate would have the highest weight;
but on the other hand, data transactions will require more security. With such goals we can denote
a weight function as in expression (1), with R the link rate, S the predefined level of security, and
i the weight parameter i.
f (R, S) = R R + S S
(1)
For secure data transactions, objective function weights could be set, e.g. to R = 0.2 and S =
0.8. Under typical scenario conditions, the CR will vary its radio parameters to find the maximum
of the objective function that it is obviously achieved when both values get their maximum possible
values. Figure 6(a) represents f (R, S), R [0, 10], S [0, 10], R = 0.2, and S = 0.8.
The security level S is defined as a user/policy input but on the contrary the link rate R is more
related to the channel conditions. Thus by affecting the channel, an attacker can manipulate the
link rate by jamming the channel. Now imagine that an attacker is able to hack a security level
s1 but not anything greater than that. In order to disallow S>s1 , the attacker can jam the channel
whenever the security level Ss1 . The adversary only needs to get the objective function to be as
in expression (2).
f (R, S) = R R + S S< R r1 + S s1
S>s1
(2)
That is to say that the attacker must jam the channel to maintain a transmission rate as in
expression (3).
S
0R<r1 +
(s1 S) S>s1
(3)
R
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
O. LEON,
AND M. SORIANO
642
Let us suppose that because of the attack, the representation of the objective function is the one
in Figure 6(b). Now, the AI algorithm will adjust the radio parameters until it finds the values that
maximize the objective function. However, far from getting the best results, because of the misled
objective function, the CR device sets a security level of s1 , which can be hacked by the attacker.
It is necessary to remark that the OFA performance is much related to the amount of on-line
learning of the CRN. The on-line learning refers to an on-line optimization of the search space.
On the other hand, radios that perform off-line learning observe the environment just once, and
then search an optimal configuration off-line (e.g. just following a predefined radio policy); as the
configuration of such radios are independent of their observations, off-line learning is not affected
by OFAs. However, radio devices using only off-line learning do not theoretically require a learning
engine and thus cannot be considered as CRs. So, every CRN is exposed to OFA attacks.
3.3. Common control data attack
In some approaches, a dedicated channel is used to exchange sensing information: (a) between the
base station and the secondary users if the CRN is centralized (i.e. DIMSUMnet) and (b) among
secondary users if it is distributed (such KNOWS or CORVUS). A malicious user could jam
this channel, disrupting all transmissions and preventing elements within the CRN from sharing
information about spectrum usage [22]. The lack of knowledge about available bands keeps the
CRN from operating (DoS attack). Moreover, eavesdropping on the control data provides the
attacker with all the required information to detect which new channel the CRN is switching to.
The need of securing the common control data is hence patently obvious. 802.22 Working Group
is aware of this threat and has proposed mechanisms to protect such information [27].
We consider that the impact of this attack is more relevant in centralized CRNs as an attacker
can focus on jamming the control channel within the base station vicinity (single point of failure)
and thus easily affecting the whole network.
3.4. False feedback
Within a cooperative framework where secondary users exchange sensing information, false feedback from one or a group of malicious users could lead the CRN to take improper actions [23]. For
example, the CRN could conclude that a given frequency band is occupied by a primary user when
actually it is not the case or, the other way round, it could consider it as a vacant band when being
used by a primary network. In the former case, the attacker prevents the CRN from using an available band. In the latter, if the CRN decides to use that band to operate, transmissions of secondary
users could harmfully interfere primary signals. In our opinion, this risk is especially relevant for
fully distributed CRNs because false feedback could be propagated, thus affecting a large portion
of the network. Such an effect is often referred as a virus due to its undesired distribution, but
opposite to the traditional virus, it applies to the link layer instead of the application one.
On the other hand, as mentioned in Section 2.2, in centralized networks like 802.22 the station
collects sensing measurements from all CRs to determine which are the frequency bands occupied.
Although the IEEE 802.22 standard establishes that the final decision on the availability of a
channel must be performed at the base station, it does not specify how it must be made. Generally
speaking, in this situation a malicious user could be easily detected, as the information provided
by the latter may be incongruous. However, there are still several cases in which a false report
from a single user can have a negative effect on the CRN operation: considering the large coverage
area of a 802.22 network (it may extend to 100 km), it is very likely that two secondary users take
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
643
completely different measurements if they are situated, for instance, one near the base station and
the other on the boundaries of the coverage area. In such kind of scenarios, it will be considerably
harder to detect whether a given report is reliable or not.
3.5. Lion attack
We defined the Lion attack in [21] as a jamming targeted to reduce the throughput of Transmission
Control Protocol (TCP) by forcing frequency handoffs.
The handoff process involves sensing the medium looking for vacant channels and choosing
the best one according to some criteria, thus incurring high latencies until the transmission is
resumed. A malicious user trying to disrupt a TCP connection of a secondary user can perform a
PUEA to force a handoff in the CRN. As the transport layer is not aware of the disconnection, it
keeps sending data segments which are queued at lower layers but not transmitted and thus TCP
segments can be delayed or even lost. As the TCP sender is allowed to transmit new data upon
reception of acknowledgments, loss or delay of segments can lead to a period of inactivity of the
former.
It is well known that TCP triggers a retransmission timer (RTO) for each outstanding segment,
which determines the time the sender waits for the corresponding acknowledgment before considering the segment has been lost. If the retransmission timer expires for a given segment, the TCP
sender retransmits it and reduces the congestion window, since it is considered as a signal of
congestion. The value assigned to the retransmission timer depends on the estimation of the round
trip time (RTT) performed by the TCP sender and therefore, if the handoff period is large enough,
it will lead to the expiration of many timers and the degradation of the throughput. The longer the
handoff duration, the more drastic the reduction of its throughput.
Moreover, the attacker can perform an intelligent Lion attack if he/she manages to perform a
handoff whenever the TCP sender is trying to retransmit a given segment. In general, the RTO is
a variable that depends on the RTT estimation, TCP implementations define a minimum value for
the RTO. In [28] the recommended value is 1 s and real implementations use typical values ranging
from 100 to 200 ms. In any case, the minimum RTO is much higher than the RTT samples taken for
a given connection within the CRN (on the order of microseconds or just a few milliseconds). As
a consequence, a fixed RTO value will be used for all segments and doubled for each unsuccessful
retransmission. Thus, an attacker can take advantage of this information and force handoffs at the
specific instants of time in which the TCP sender is retransmitting data, leading to the starvation
of the TCP sender (see Figure 7). To our understanding, this fact clearly suggests the need for
cross-layer mechanisms to make transport protocols aware of network conditions (see Section 4.4).
3.6. Scope of the attacks
Table II presents a classification of the attacks following the CIA (Confidentiality, Integrity and
Availability) model. That is to say that the attacks are classified depending on whether their target
is compromising the confidentiality of stored/delivered data, altering the integrity of such data,
and/or disrupting the availability of the victim communications.
The table clearly denotes that the common goal for the new presented specific attacks to CRNs
is to negatively affecting the availability of communications: PUEA by forcing frequency handoffs
and thus temporally stopping communications; OFA by e.g. deceiving the learning algorithm of
the CRs into not using optimal transmission parameters; CCDA by using the eavesdropped data
to pursue and attack the victim network; false feedback attack because of missed, probably better,
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
644
O. LEON,
AND M. SORIANO
Figure 7. Intelligent Lion attack based on prediction of retransmission timers.

Table II. Scope of the new attacks in terms of the CIA model.
Confidentiality
Availability
Integrity
PUEA
OFA
CCDA
False feedback attack
Lion attack
opportunities; and the Lion attack as it degrades the performance of TCP connections. But besides
the attacks to availability, CCDA is also a threat to confidentiality as it provides to the attacker with
the current and future behavior of the victim network, and OFAs can also affect the confidentiality
and integrity by reducing the security level the attacked network (see the example in Section 3.2).
With respect to the type of CRN (from the point of view of spectrum allocation), we believe
that in general, hierarchical or non-distributed networks (i.e. with a fixed base station) will be
more easily affected by most of the attacks than distributed ones. For example, in a non-distributed
IEEE 802.22 network the base station collects sensing information transmitted by all secondary
users and establishes the time slot in which each one is allowed to transmit. The decision has a
global scope and radio parameters are shared by all the CRN participants. Thus, if the base station
receives many false measures related to a certain frequency band (due to a PUEA or false feedback
attack), it may consider it as not suitable for transmission, so no station will make use of it.
On the other hand, in a distributed network, secondary users exchange sensing information. In
this case, the number of users affected by a PUEA or false feedback attack will not only depend
on the protocol used to send/receive information to/from other nodes (sensing information shared
among all users or only among neighbors), but also on whether spectrum decisions are taken
locally or in a collective way. For example, if a CR only considers information sent by one-hop
nodes whose measures have not been affected by the attack, it may keep using that band while
other CRs may discard it.
Another factor that should be taken into account is the operation of the cognitive module used
to make decisions (i.e. to decide which the best spectrum chunk to transmit is). If an attacker
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
645
keeps emulating incumbent signals in a given band, CRs will learn that band is always unavailable
and may decide not to use it any more, so the attack will persist in time even if the attacker is
not performing any action. Criteria, such as the number of sensing measurements and the weight
assigned to each of them, will also influence in the scope of the attack in terms of time and number
of users affected. For instance, in an OFA the length of the attack heavily depends on the amount
of memory used in the learning process.
4. SECURING COGNITIVE RADIO

In this section we discuss and propose countermeasures for the potential attacks to CRNs. Once
again, we not only specially focus on the specific attacks to CRNs due to their new physical/link
layer but also provide some general countermeasures for the rest of attacks.
4.1. Jamming countermeasures
Most of the attacks targeted to CRNs rely on jamming at specified frequencies. Security protocols can mitigate many of the attackers goals but cannot effectively deal with DoS or channel
degradation due to jamming. Therefore, a parallel system for finding the attack source is necessary. Intrusion detection systems (IDSs) are valuable tools for detecting such attackers. IDSs can
detect which nodes are suspicious or malicious, and provide this information to other protocols
of the node (e.g. routing, aggregation). The quest for good IDSs is a hot topic today and many
proposals have appeared in the literature. As CRNs are often decentralized wireless networks,
IDSs for MANETs are especially relevant here, but, from our point of view, other challenges must
be covered: detection of PUEAs, OFAs and malicious false feedback by members of the CRN.
In CRNs, feedback from the CR devices can enhance the efficiency of IDSs. The redundancy of
the network is used as an advantage because the feedback of many participants can lead to an easier
detection of the jamming source. As stated in [29], an architecture for better intrusion detection
for wireless ad hoc networks should be distributed and cooperative. To our understanding, the
same assertion applies to CRNs where cooperation is inherent to their nature. The best approach
is probably based on detection of abnormal operation through traffic analysis and cooperation. In
order to accomplish this task, the IDS must operate in every networking layer in a cross-layer
manner. Several IDS approaches [2931] fulfill such requirements but their particularization to
CRNs is still challenging.
4.2. PUEA countermeasures
Protecting CRNs from PUEA is indispensable and therefore devising robust techniques for verifying
the authenticity of primary signals becomes essential. The simplest way would be to embed
a signature in an incumbent signal or to use an authentication protocol between primary and
secondary users. However, these approaches do not conform to the requirement established by
the FCC [32], which states that no modification to the incumbent system should be required to
accommodate opportunistic use of the spectrum by secondary users. An alternative solution when
primary transmitters have a fixed location like TV broadcast systems is to estimate the location
of the signal source to check its identity. In this situation, having previous knowledge of the
location of all TV towers would allow to discriminate legitimate incumbents from malicious users
attempting to perform a PUEA. It must be noted, however, that an attacker could still transmit in
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
646
O. LEON,
AND M. SORIANO
the vicinity of a TV tower to get around this method. To deal with this specific PUEA, the authors
in [18] proposed to use signal energy level detection in addition to localization of transmitters.
This approach is based on the following assumptions: (1) primary transmitters are TV towers with
a fixed known location and strong transmission power (in the range of hundreds of kilowatts) and
(2) CRs are devices with limited transmission power (ranging from milliwatts to a few watts). As a
consequence, energy level detection can definitely be a robust criterion to validate the authenticity
of primary transmissions.
Nevertheless, this scheme relies on the existence of a set of nodes within the CRN named location
verifiers (LV), which are responsible for performing received signal strength (RSS) measurements.
In order to effectively determine the location of the transmitter, many RSS measurements from
different LVs are needed. This fact creates the need for secure exchange information among LVs to
avoid potential attacks, such as eavesdropping, insertion, modification, or replay attacks. Moreover,
it is also necessary to keep the location of LVs secret as an attacker aware of it could strategically
select its transmission position to circumvent the verification scheme. Thus, the authors propose
the use of cover LVs, which are those whose position is only known to the authority in charge
of the verification process, as a countermeasure to this attack. In our opinion, another drawback
of this proposal is that it does not work in network environments where primary users are mobile
and transmit with low power transmission, i.e. wireless microphones.
There exist alternative countermeasures like radio frequency fingerprinting (RFF), which has
been widely reported in the literature as a technique for transmitter identification [33, 34]. The
fingerprint of a radio device refers to the unique characteristics of the signal transmitted by a specific
device. Some fingerprinting techniques are based on the transient behavior exhibited by the signal
with respect to instantaneous frequency and amplitude when the device starts the transmission.
Even transmitters of the same type will show different characteristics during a transient period of
time due to factors, such as age or tolerance levels, which allow to uniquely identify every single
transmitter. However, the problem lies in estimating with accuracy the duration of the transient
period. On the other hand, some argue that it is not always possible to discriminate between
similar devices [35] due to the shortness of this period and propose techniques based on the
steady-state characteristics of signals. Nowadays, steady state signal analysis is feasible because
digital transmitters often introduce repetitive sequences like preambles to simplify receiver design.
We think that another research branch could be the use of fault-tolerance digital signature
schemes [36] applied to signals to identify authorized data sources; no matter they are primary
or secondary users. That is to say that the signal contains a digital signature that allows every
receiver to check whether the source is a legitimate user or not within a certain threshold. The
high presence of errors in wireless links justifies the use of these schemes instead of traditional
digital signature. Nevertheless, these solutions cannot be applied today for, at least, the primary
users, since the FCC, as mentioned before, clearly states in [32] that the presence of incoming
CRNs must not affect the current primary signals.
4.3. OFA countermeasures
OFAs are targeted to the on-line learning of the AI protocol used by CR devices. As explained
before, an OFA alters the behavior of the wireless media (by jamming at specific time and
frequencies) in respect to a policy-defined parameter (e.g. the security level), and thus modifies the
learning curve to the attackers advantage (e.g. achieving a low security level). In our opinion, no
learning algorithm based on observation of an exposed media should completely trust the collected
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
647
data. Consequently, the learning curve must be protected so that unacceptable levels of some
parameters are not achieved. We propose as a nave solution to define threshold values for every
updatable radio parameter and thus prevent communication when one parameter or a set of them
do not fulfill its predefined threshold. In any case this solution just converts the OFA in a DoS
attack but it does not prevent it at all. Once again the need for a good IDS is patently obvious.
4.4. Mitigation of the Lion attack
As explained in Section 3.5, TCP throughput is specially degraded due to frequency handoffs
because the transport layer has no information about the physical/link layer and misinterprets
a disconnection as network congestion. Therefore, there is a need for cross-layer solutions to
deal with such problem. Several cross-layer solutions have been proposed in the literature [37] to
improve TCP performance in the context of wireless networks, especially ad hoc networks. These
proposals address typical problems of wireless links, such as losses, drastic changes in routes, or
temporal lost of connectivity, which can dramatically affect the performance of the TCP protocol,
due to the interaction with its congestion control mechanisms. By making TCP aware of what is
happening at lower levels and modifying its behavior to react according to network conditions, it
is possible to improve its performance. From our point of view, these techniques can be used as a
guideline to design new protocols suitable for CRNs, increasing efficiency and making them more
robust to cross-layer attacks. Among them, it is worth mentioning Freeze-TCP [38], a TCP variant
designed to improve TCP performance in mobile environments, where temporal disconnections
occur frequently due to signal fading or nodes movement. In Freeze-TCP, the receiver is responsible
for monitoring the signal strength to predict disconnections and advertising a zero window to the
sender before the disconnection takes place. Upon the reception of a zero window size, the sender
enters the ZWP (zero window probe) mode, in which it freezes its transmission parameters and
is not allowed to transmit any data segment (only window probes). By means of this mechanism,
it is possible to avoid potential losses and the congestion window is not drop to one segment
because no retransmissions are needed. When the connection is resumed, the receiver advertises a
non-zero window which allows the sender to continue its transmission.
A similar approach to Freeze-TCP could be used in CRNs to mitigate the effect of spectrum
handoffs, under the assumption that the receiver node can predict when a handoff will occur, i.e.
proactive handoff. However, assuming that all nodes associated with a given CRN share the same
information, the sender could also know that there is an incoming handoff. Considering this, there is
no point in waiting for a zero window advertisement to freeze the sender transmission parameters,
as the sender itself could do it. Moreover, another important issue not addressed by Freeze-TCP
is how connection features vary due to the handoff. A change in the transmission parameters,
such as frequency or coding, may involve a variation of the available bandwidth. Because of that,
keeping the same values for the TCP connection parameters may not be suitable. For example, a
sharp decrease of the bandwidth would lead to multiple losses if the sender does not reduce its
congestion window.
Because of this, the actual version of Freeze-TCP is not optimal for this environment, a possible
solution could be a new TCP variant based on it with two main differences: (1) as all CRN
memberships are aware of frequency handoff, every CR can freeze its own TCP parameters without
being warning by the receiver and (2) as every participant has information about the next band in
terms of available bandwidth, signal-to-noise relation, etc., it should modify its TCP connection
parameters accordingly.
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
648
O. LEON,
AND M. SORIANO
(a)
(b)
Figure 8. Handoff effect on TCP throughput, freezing, and non-freezing TCP parameters: (a) Lion attack
based on periodic PUEAs and (b) intelligent Lion attack.
Figures 8(a,b) show, respectively, the effects of the Lion attack on TCPs throughput when
handoffs are performed periodically and in an intelligent manner (matching the retransmission
attempts). Handoff duration is assumed to be 1.5 s, the maximum throughput achievable by the
TCP connection is 17 Mbps and the BER is 106 . As it can be seen, the performance of TCP
is heavily reduced when handoffs occur, even starving when the attacker performs the intelligent
Lion attack.
4.5. General countermeasures
One of the main characteristics of CRNs is the cooperation of the participants to find spectrum
opportunities. The information exchanged with such purpose often carries shared data and thus
unicast communications must be replaced with broadcast or multicast communications. Therefore,
there is a need of protecting that data just against outsiders of the group and not within the
group members, and this is what is called group security. Group security is, thus, targeted to
provide group privacy and group authentication: data is protected from outsiders and the only
sources of communication are the members of the group. As a result, it is merely based on the
use of a common shared secret called the session key or group key. This key allows every group
member to (1) send encrypted data; (2) decrypt received data, and (3) authenticate itself as a group
member as the knowledge of the session key guarantees that it belongs to the group. As only
the current group members ought to know the session key, such key must be updated every time
the membership of the group changes. Group key management (GKM) studies the generation and
updating of the keying material used for securing the group during its whole life [39]. We are
certain that the application of known GKM techniques to CRN will secure the exchanged critical
data while incurring a low impact to the network performance. In addition, the study of distributed
and autonomous GKM protocols [40] is necessary to cover all the CRN architectures.
Furthermore, we believe that it is necessary that the nodes run cryptographic operations based on
primitives, such as symmetric key encryption (SKE), hash functions, and public key cryptography
(PKC). Without these primitives, it would not be possible to provide essential security services
such as confidentiality of the communication channel, authentication of the peers involved in an
information exchange, and integrity of the messages, among others.
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
649
5. CONCLUSION
This paper deals with securing CRNs and therefore we have presented in it the potential attacks
against CRNs and their countermeasures. We have discussed the main research challenges that
vary depending on the network management and the type of attacker. With such an objective, we
have classified these networks into centralized, partially distributed, and fully distributed; and the
attacks according to whether the attacker is part of the CRN or not (insider or outsider).
While CRNs are built on the basis of existing technologies, the approaches to provide effective
security for these networks are not enough. Due to the particular characteristics of CRNs, new
attacks arise and some of the previous ones increase its complexity. Consequently, new security
proposals are needed to be effective against specific attacks, particularly in the physical and link
layers. In addition, there is still a need for a comprehensive mechanism to prevent or counteract
the attacks at all protocol layers. Throughout the paper, we have identified the threats to the
different layers and within each one also have subclassified the major topics, including jamming,
spoofing, routing, etc. Moreover, we have presented some security measures to protect its normal
behavior.
There are still many remaining security challenges for CRNs, especially considering the limitations required by the FCC [32], which states that no modification to the incumbent system should
be required to accommodate opportunistic use of the spectrum by secondary users. As explained
before in Section 4, the main ones are the following:
(a) Mechanisms for detecting and expelling malicious insiders. This requires the detection of
abnormal operation through traffic analysis and cooperation. The feedback from the CR
devices can enhance the efficiency of IDSs.
(b) Techniques for transmitter identification. Some possibilities are the use of signal authentication mechanisms or other robust techniques for allowing the verification of the authenticity
of primary signals. Otherwise, the use of non-forgeable characteristics of primary user signal
is required.
(c) Future work in privacy, trust, and reputation for CRNs including, among others, adoption
and support by the CRN MAC layer of already standardized security mechanisms and
design of new security protocols according to the different CRN architectures. For instance,
group security mechanisms become particularly relevant to guarantee data protection against
outsiders and authentication of the group sources.
(d) Use of cross-layer countermeasures for avoiding cross-layer attacks such as the ones targeted
to the transport layer from jamming (see Section 4.4). Cross-layer attacks need to be given
special attention in cognitive networks.
Besides those requirements, further work in securing CRNs should include:
(a) Adaptation of existing policy-based management mechanisms [41] to allow devices within
the CRN to be dynamically configured. Due to the high variability of network conditions, the
design of an efficient policy system for CRNs is specially challenging. The policies should
include CRN Admission Control, for instance, by using 802.1x and Identity Management.
(b) Integration of information from all the secondary users in the neighborhood to make a
correct decision regarding the use of the spectrum. Best decision should be found even with
the presence of a certain number of cheater nodes (due to sensor failure or compromised
nodes).
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
650
O. LEON,
AND M. SORIANO
As CRNs continue growing and become more common, further expectations of security will be
required. In particular, signal authentication and mechanisms to detect and expel malicious insiders
will overcome most of the specific attacks to CRN, but they are not trivial and require future in
depth research. We also expect that the current and future work will make CRN a more attractive
option in a variety of new scenarios.
REFERENCES
1. Mitola III J, Maguire Jr G. Cognitive radio: making software radios more personal. Personal Communications,
IEEE [see also IEEE Wireless Communications] 1999; 6(4):1318. DOI: 10.1109/98.788210.
2. Federal Communications Commission. Facilitating the provision of spectrum-based services to rural areas and
promoting opportunities for rural telephone companies to provide spectrum-based services. FCC 04-166. WT
Docket No. 02-381, September 2004.
3. National Telecommunications and Information Administration (NTIA). Comments to FCC 03-322 ET Docket No.
03-108, February 2005. Available from: http://www.ntia.doc.gov/ntiahome/fccfilings/2005/cogradio/ETDocket03108 02152005.htm.
4. Qusay H. Preface. Mahmoud (University of Guelph C (ed.)), COGNITIVE NETWORKS: Towards Self-Aware
Networks. Wiley: New York, 2007; 24.
5. Burbank J. Security in cognitive radio networks: the required evolution in approaches to wireless network
security. Third International Conference on Cognitive Radio Oriented Wireless Networks and Communications
(CrownCom), 2008; 17. DOI: 10.1109/CROWNCOM.2008.4562536.
6. Akyildiz IF, Lee WY, Vuran MC, Mohanty S. Next generation/dynamic spectrum access/cognitive radio
wireless networks: a survey. Computer Networks 2006; 50(13):21272159. DOI: http://dx.doi.org/10.1016/
j.comnet.2006.05.001.
7. Lacoste M, Saxena A, Jarboui T, Lucking U, Steinke B, Pulou J, Polakovic J, Buljore S. Towards autonomic
security in beyond 3g infrastructures. E2R II White Paper, December 2007. Available from: https://www.icte3.eu/project/white papers/e2r/10.E2RII AutonomicSecurity White Paper.pdf.
8. Mitola IJ. Cognitive radio: an integrated agent architecture for software defined radio. Ph.D. Thesis, Royal
Institute of Technology (KTH), Sweden, 2000.
9. Perez-Romero J, Sallent O, Agusti R, Giupponi L. A novel on-demand cognitive pilot channel enabling dynamic
spectrum allocation. Second IEEE International Symposium on New Frontiers in Dynamic Spectrum Access
Networks, DySPAN 2007, 2007; 4654. DOI: 10.1109/DYSPAN.2007.14.
10. Cordeiro C, Challapali K, Birru D, Shankar NS. IEEE 802.22: an introduction to the first wireless standard based
on cognitive radios. Journal of Communications 2006; 1(1):3847.
11. Buddhikot M, Kolodzy P, Miller S, Ryan K, Evans J. Dimsumnet: new directions in wireless networking
using coordinated dynamic spectrum. Sixth IEEE International Symposium on a World of Wireless Mobile and
Multimedia Networks (WoWMoM), 2005; 7885. DOI: 10.1109/WOWMOM.2005.36.
12. Yuan Y, Bahl P, Chandra R, Chou P, Ferrell J, Moscibroda T, Narlanka S, Wu Y. Knows: cognitive radio
networks over white spaces. Second IEEE International Symposium on New Frontiers in Dynamic Spectrum
Access Networks. DySPAN 2007, April 2007; 416427. DOI: 10.1109/DYSPAN.2007.61.
13. Mishra SM. CORVUS: A cognitive radio approach for usage of virtual unlicensed spectrum. Berleley MCMA
White Paper, 2004. Available from: http://bwrc.eecs.berkeley.edu/Research/MCMA/CR White paper final1.pdf.
14. Brik V, Rozner E, Banerjee S, Bahl P. Dsap: a protocol for coordinated spectrum access. First IEEE
International Symposium on New Frontiers in Dynamic Spectrum Access Networks (DySPAN), 2005; 611614.
DOI: 10.1109/DYSPAN.2005.1542680.
15. Stevenson C, Chouinard G, Lei Z, Hu W, Shellhammer S, Caldwell W. IEEE 802.22: the first cognitive
radio wireless regional area network standard. Communications Magazine, IEEE 2009; 47(1):130138. DOI:
10.1109/MCOM.2009.4752688.
16. Douceur JR. The sybil attack. IPTPS 01: Revised Papers from the First International Workshop on Peer-to-Peer
Systems. Springer: London, U.K., 2002; 251260.
17. Karlof C, Wagner D. Secure routing in wireless sensor networks: attacks and countermeasures. Ad Hoc Networks
2003; 1(23):293315. DOI: 10.1016/S1570-8705(03)00008-8. Sensor Network Protocols and Applications.
18. Chen R, Park JM, Reed J. Defense against primary user emulation attacks in cognitive radio networks. IEEE
Journal on Selected Areas in Communications 2008; 26(1):2537. DOI: 10.1109/JSAC.2008.080104.
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
651
19. Aad I, Hubaux JP, Knightly EW. Denial of service resilience in ad hoc networks. MobiCom 04: Proceedings of
the 10th Annual International Conference on Mobile Computing and Networking. ACM: New York, NY, U.S.A.,
2004; 202215. DOI: http://doi.acm.org/10.1145/1023720.1023741.
20. Clancy T, Goergen N. Security in cognitive radio networks: threats and mitigation. Third International
Conference on Cognitive Radio Oriented Wireless Networks and Communications (CrownCom), 2008; 18. DOI:
10.1109/CROWNCOM.2008.4562534.
21. Leon O, Hernandez-Serrano J, Soriano M. A new cross-layer attack to TCP in cognitive radio
networks. Second International Workshop on Cross Layer Design 2009. IWCLD 2009, 2009; 15. DOI:
10.1109/IWCLD.2009.5156526.
22. Zhang Y, Xu G, Geng X. Security threats in cognitive radio networks. 10th IEEE International Conference on High
Performance Computing and Communications. HPCC 2008, 2008; 10361041. DOI: 10.1109/HPCC.2008.21.
23. Mathur CN, Subbalakshmi KP. Security issues in cognitive radio networks. COGNITIVE NETWORKS: Towards
Self-Aware Networks. Wiley: New York, 2007; 284293.
24. Chen R, Park JM. Ensuring trustworthy spectrum sensing in cognitive radio networks. First IEEE
Workshop on Networking Technologies for Software Defined Radio Networks (SDR), 2006; 110119. DOI:
10.1109/SDR.2006.4286333.
25. Cabric D, Mishra S, Brodersen R. Implementation issues in spectrum sensing for cognitive radios. Conference
Record of the Thirty-Eighth Asilomar Conference on Signals, Systems and Computers, vol. 1, 2004; 772776.
DOI: 10.1109/ACSSC.2004.1399240.
26. Russell S, Norvig P. Artificial Intelligence: A Modern Approach (2nd edn). Prentice-Hall: Englewood Cliffs, NJ,
2002.
27. Mody A, Reddy R, Kiernan T. Recommended text for security in 802.22. 802.22 WG on WRANsdoc.:
IEEE 802.22-08/0174r18. Available at: https://mentor.ieee.org/802.22/dcn/08/22-08-0174-18-0000-recommendedtext-for-section-7-on-security-in-802-22.doc, May 2009.
28. Paxson V, Allman M. Computing TCPs retransmission timer. Network Working GroupRFC2988, November
2000.
29. Zhang Y, Lee W. Intrusion detection in wireless ad-hoc networks. MobiCom 00: Proceedings of the Sixth Annual
International Conference on Mobile Computing and Networking. ACM: New York, NY, U.S.A., 2000; 275283.
DOI: http://doi.acm.org/10.1145/345910.345958.
30. Mishra A, Nadkarni K, Patcha A. Intrusion detection in wireless ad hoc networks. Wireless Communications,
IEEE 2004; 11(1):4860. DOI: 10.1109/MWC.2004.1269717.
31. Bhuse V, Gupta A. Anomaly intrusion detection in wireless sensor networks. Journal of High Speed Networks
2006; 15(1):3351.
32. Federal Communications Commission. Facilitating opportunities for flexible, efficient, and reliable spectrum use
employing cognitive radio technologies. FCC 03-322. ET Docket No. 03-108, December 2003.
33. Ureten O, Serinken N. Wireless security through rf fingerprinting. Electrical and Computer Engineering, Canadian
Journal of Winter 2007; 32(1):2733. DOI: 10.1109/CJECE.2007.364330.
34. Toonstra J, Kinsner W. A radio transmitter fingerprinting system odo-1. Canadian Conference on Electrical and
Computer Engineering 1996; 1:6063. DOI: 10.1109/CCECE.1996.548038.
35. Kennedy I, Scanlon P, Buddhikot M. Passive steady state rf fingerprinting: a cognitive technique for scalable
deployment of co-channel femto cell underlays. Third IEEE Symposium on the New Frontiers in Dynamic
Spectrum Access Networks, 2008, DySPAN 2008, October 2008; 112. DOI: 10.1109/DYSPAN.2008.46.
36. Zhang C. Integrated approach for fault tolerance and digital signature in rsa. Computers and Digital Techniques,
IEE Proceedings 1999; 146(3):151159. DOI: 10.1049/ip-cdt:19990217.
37. Al Hanbali A, Altman E, Nain P. A survey of tcp over ad hoc networks. Communications Surveys and Tutorials,
IEEE Quarter 2005; 7(3):2236.
38. Goff T, Moronski J, Phatak D, Gupta V. Freeze-TCP: a true end-to-end TCP enhancement mechanism for mobile
environments. INFOCOM 2000. Nineteenth Annual Joint Conference of the IEEE Computer and Communications
Societies vol. 3, 2000; 15371545. DOI: 10.1109/INFCOM.2000.832552.
39. Wallner D, Harder E, Agee R. Key management for multicast: issues and architectures. National Security Agency,
Network Working GroupRFC 2627, June 1999.
40. Hernandez-Serrano J, Pegueroles J, Soriano M. Shared self-organized GKM protocol for MANETs. Journal of
Information Science and Engineering (JISE) 2008; 24:16291646.
41. Agrawal D, Lee KW, Lobo J. Policy-based management of networked computing systems. Communications
Magazine, IEEE 2005; 43(10):6975. DOI: 10.1109/MCOM.2005.1522127.
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac
652
O. LEON,
AND M. SORIANO
AUTHORS BIOGRAPHIES
Olga Leon was born in Lleida (Spain) in 1976. She is a PhD student at the Technical
University of Catalonia (UPC) in the Department of Telematics Engineering. She received
the MS degree in Electrical Engineering emphasising in Telecommunications in 2001
from the Technical University of Catalonia (UPC). In 2009 she joined the Information
Security Group (ISG) within the Telematics Services Research Group (SERTEL) in the
Department of Telematics Engineering of the UPC. She currently works as an assistant
professor at the Castelldefels School of Technology (EPSC) in the UPC. His research
interests include autonomous cognitive networks and TCP behavior against smart attacks.
Juan Hernandez was born in Salamanca (Spain) in 1979. He received the MS degree in
Electrical Engineering emphasising in Telecommunications in 2002, and the PhD degree
in 2008, both from the Technical University of Catalonia (UPC). In 2002 he joined
the Information Security Group (ISG) within the Telematics Services Research Group
(SERTEL) in the Department of Telematics Engineering of the UPC. He currently works
as assistant professor at the Castelldefels School of Technology (EPSC) in the UPC.
His research interests include security for large deployment of sensor networks and
autonomous cognitive networks. In the last six years he has participated in six national
and international R+D projects, both public (CICYT or European Commission) and
private funded. He is the co-author of one book chapter, three ISI-JCR papers and more
than fifteen conference papers related to network security.
Miguel Soriano was born in Barcelona (Spain) in 1967. He received the Telecommunication Engineering degree and the PhD from the Technical University of Catalonia
(UPC), Barcelona, Spain. In 1991, he joined the Cryptography and Network Security
Group in the Department of Applied Mathematics and Telematics. Now, he works with
the Information Security Workgroup within the Telematics Services Research Group
in the Department of Telematics Engineering of the UPC. Since 2007 he has been a
Professor at the UPC, where he teaches and coordinates undergraduate and graduate
courses in Data Transmission, Cryptography and Network Security and E-commerce,
and is an associated researcher at CTTC (Centre Tecnologic de Telecomunicacions
de Catalunya). His current research interests include information and network security
including information hiding for copyright protection. In the last 15 years he has participated in more than 30 national and international R+D projects, both public (CICYT,
DURSI, European Commission or CIRIT) and private funded, being the coordinator in 20 of them. He is the
co-author of 3 books, 2 patents, more than 20 ISI-JCR papers and more than 100 conference papers in the field
of information and network security. He is a Senior Member of IEEE since 2002. Moreover, he has been a
member of the program committee of many security conferences, and is the editor of the International Journal
of Information Security.
Copyright q
Int. J. Commun. Syst. 2010; 23:633652

DOI: 10.1002/dac

Securing Cognitive Radio Networks: O. Le On, J. Hern Andez-Serrano and M. Soriano

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Securing Cognitive Radio Networks: O. Le On, J. Hern Andez-Serrano and M. Soriano

Uploaded by

Copyright:

Available Formats

INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS

Int. J. Commun. Syst. 2010; 23:633652