cognitive icc
TRANSCRIPT
Secure Cooperative Sensing Techniques forCognitive Radio Systems
Praveen Kaligineedi, Majid Khabbazian and Vijay K. BhargavaDepartment of Electrical and Computer Engineering
University of British ColumbiaVancouver, BC
Email: {praveenk, majidk, vijayb}@ece.ubc.ca
Abstract— The most important task for a Cognitive Radio (CR)system is to identify the primary licensed users over a widerange of spectrum. Cooperation among spectrum sensing deviceshas been shown to offer various benefits including decreasein sensitivity requirements of the individual sensing devices.However, it has been shown in the literature that the performanceof cooperative sensing schemes can be severely degraded due topresence of malicious users sending false sensing data. In thispaper, we present techniques to identify such malicious usersand mitigate their harmful effect on the performance of thecooperative sensing system.
I. INTRODUCTION
Radio spectrum is one of the most scarce and valuableresource for wireless communications. Given this fact, new in-sights into the use of spectrum have challenged the traditionalapproaches to spectrum management. Actual measurementshave shown that most of the allocated spectrum is largelyunder-utilized and similar views about the under-utilizationof the allocated spectrum have been reported by Spectrum-Policy Task Force appointed by Federal CommunicationsCommission (FCC) [1]. Spectrum efficiency can be increasedsignificantly by giving opportunistic access of these frequencybands to a group of potential users for whom the band has notbeen licensed. Cognitive Radio (CR) [2] has been proposedas a way to improve spectrum efficiency by exploiting theunused spectrum in dynamically changing environments. TheCR design is, therefore, an innovative radio design philosophywhich involves smartly sensing the swaths of spectrum andthen determining the transmission characteristics (e.g., symbolrate, power, bandwidth, latency) of a group of potential usersbased on the primary users behavior.
The most important challenge for a cognitive radio systemis to identify the presence of primary users over wide rangeof spectrum. This process is very difficult as we need toidentify various primary users employing different modulationschemes, data rates and transmission powers in presence ofvariable propagation losses, interference generated by othersecondary users and thermal noise. This is especially true inthe case of broadcast TV channels, where the receivers arepassive, and as such it is not possible to detect the presenceof a nearby receiver. For example, if the channel between theprimary transmitter and the sensing device is under a deepfade, it is possible that the sensing device may not detect theprimary signal. As a result, the cognitive radio might transmit
signal in the corresponding primary user band causing interfer-ence to the nearby primary receiver. This is called the hiddenterminal problem. To overcome this problem, the sensitivityof the cognitive radio sensing device has to be at least 20-30dB more than that of the primary receiver. Moreover, thesensing process must be very quick in order to scan the entirewide-band without significant delay. Traditionally, there aretwo techniques which are used for spectrum sensing, viz.,energy detection and cyclostationary feature detection. Theenergy detector fails to detect the signal whose power is belowthe noise floor and hence, cannot achieve high sensitivity re-quirements of CR devices. The cyclostationary feature detectortakes advantage of the fact that most of the signals encounteredin wireless communications are cyclostationary whereas thenoise is stationary. However, not all signals exhibit same levelof cyclostationarity. The problem is even more complicateddue to presence of secondary user interference.
The burden on signal processing techniques can be allevi-ated to a large extent by using cooperative diversity betweencognitive radio spectrum sensors. Few cognitive radio spec-trum sensors under independent fades can help in reducingindividual sensitivity requirements and essentially help inovercoming the hidden terminal problem by countering theshadowing and multi-path effects. Several cooperative sensingschemes have been proposed in the literature [3], [4], [5].However, it was shown in [3] that presence of few malfunc-tioning sensing devices could adversely effect the performanceof cooperative sensing system. In this paper, we investigatetechniques to identify the sensors which provide false sensinginformation and nullify their effect on the cooperative spec-trum sensing system.
The rest of this paper is organized as follows. In SectionII, we define the system model. In Section III, we present theaverage combination scheme which is used to combine sensingdata from various sensing devices in this paper. In SectionIV, we propose techniques to identify and tackle malicioususers for the average combination scheme. Simulation resultsare presented in Section V. Finally, conclusions are drawn inSection VI.
II. SYSTEM MODEL
We consider a group of U cognitive users in the presenceof a primary transmitter. We assume a log-normal shadowing
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the ICC 2008 proceedings.
978-1-4244-2075-9/08/$25.00 ©2008 IEEE 3406
for the channel between primary transmitter and CR. Theshadowing components of the channels between primary userand various cognitive users are assumed to be independent ofeach other. The area of coverage of the cognitive radio systemis assumed to be small enough so that the variations in pathloss can be neglected. All of the sensing devices use energydetectors. We assume that the sensing devices can distinguishthe signal of a primary user from a secondary user’s signal.The sensing devices send their sensing data to an accesspoint through control channels. We assume perfect channelconditions for the control channels. Based on the detectionstatistics from the sensing devices and its own measurementsthe access point makes a decision regarding the presence ofthe primary user.
III. AVERAGE COMBINATION SCHEME
Let e[u; k] for u = 1, 2, ..., U represent the outputs of energydetectors at various nodes at time instant k. Let hypothesis H1
denote presence of a signal and hypothesis H0 denote absenceof the signal. Then, the outputs of the energy detectors indecibels (dB) are given by
e[u; k] =
10 log10
(∑Tk+T−1l=Tk
|h[u; l]s[l] + z[u; l]|2)
;H1
10 log10
(∑Tk+T−1l=Tk
|z[u; l]|2)
;H0
(1)where T denotes the length of the sensing interval. Tk rep-resents the time instant at which the kth sensing intervalstarts. h[u; l] represents the channel gain between the primarytransmitter and the uth cognitive user. We assume that thelog-normal shadowing component remains constant during thesensing interval. s[l] represents the primary user transmittedsignal and z[u; l] represents the zero mean additive whiteGaussian noise with variance σ2
z .The optimum detection scheme based on the energy detector
outputs is given by [6]
p(e[1, k], e[2, k], ..., e[U, k]/H1)p(H1)p(e[1, k], e[2, k], ..., e[U, k]/H0)p(H0)
H1
≷H0
eT (2)
The threshold eT can be determined using the cost functions incase of Bayesian formulation and required probability of falsealarm or probability of detection in case of Neyman-Pearsonformulation.
However, the optimum detection scheme could be quitecumbersome when individual signal-to-noise ratios (SNRs) arenot known. In this paper, we consider the detection schemebased on average combining due to its simplicity. In theaverage combination scheme, the mean of the energy receivedin dB by all the nodes is evaluated at the access point andpassed through a threshold detector.
The average combination based detection scheme is asfollows
(1/U)U∑
u=1
e[u; k]H1
≷H0
eT (3)
In this paper, we consider Neyman-Pearson formulation. Thethreshold eT is determined so that the probability of false
alarm is fixed at a certain value Pf . This threshold is obtainedempirically through Monte Carlo simulations. Note, that forhigh SNR, the e[u; k] are approximately Gaussian distributedat a given time instant k since the channel coefficient islognormal distributed.
IV. METHODS TO DETECT MALICIOUS USERS
Presence of malicious nodes can have significant effect onthe performance of the cooperative sensing system [3]. A nodemight be malicious due to device malfunctioning or due toselfish reasons. For example, a node might detect that there isno signal present. However, it might inform the access pointthat a signal is present, so that if the access point makesa wrong decision that there is a primary signal present, themalicious node can selfishly transmit its own signal on thefree channel.
We consider different kinds of malicious nodes. We firstconsider simple malicious nodes such as an ‘Always Yes’ nodeor an ‘Always No’ node. An ‘Always Yes’ node gives a valueabove the threshold (i.e., it declares that a primary user ispresent) all the time. An always ‘No’ node gives a value belowthe threshold (i.e., it declares that a primary user is absent)all the time. ‘Always Yes’ users increase the probability offalse alarm Pf and ‘Always No’ users decrease the probabilityof detection Pd. Also, there might be malicious nodes whichproduce extreme false values once in a while, significantlyaffecting the performance of the sensing system during thoseparticular sensing intervals, and give correct values rest of thetime. The malicious node detection schemes that we proposein this section can identify any malicious node whose energyvalue differs in distribution from the underlying distributionof the energy values of the legitimate nodes.
A. Pre-filtering of the Sensing Data
Pre-filtering of the sensing data is essential in identifyingand removing the malicious nodes which significantly affectthe final decision at the access point by giving extremefalse values. We apply an outlier detection method to detectsuch malicious nodes. An outlier is an observation whichis numerically distant from the rest of the data. There areseveral well studied methods to determine such outliers [7].We implement a simple method commonly used to identifyextreme outliers [7].
We evaluate upper bound eu[k] and lower bound el[k] forvalues e[u; k] as follows
eu[k] = e3[k] + 3eiqr[k]el[k] = e1[k] − 3eiqr[k] (4)
where e1[k] and e3[k] represent the first and third quartile ofthe values e[u; k] and eiqr[k] = e3[k] − e1[k] represents theinterquartile range. If a particular value of e[u; k] does notlie in the interval [el[k], eu[k]], then it is considered as anoutlier and its value is ignored in making the final decision.This outlier detection technique avoids calculation of the meanand the standard deviation of the sensing data which mightbe affected by the presence of malicious nodes producing
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the ICC 2008 proceedings.
3407
extreme values. Let Sk ⊆ {1, 2, ..., U} represent the set ofusers whose energy values lie in the range [el[k], eu[k]]. Also,let the number of users in the set Sk be represented by US [k].
B. Trust Factors
We assign a trust factor λ[u; k] for each user u ∈{1, 2, ..., U} such that
U∑u=1
λ[u; k] = 1 (5)
The trust factor gives a measure of reliability of a particularuser. Trust factors are used as the weighing factors whilecalculating the mean of the energy values obtained fromvarious users. The final decision is made using the trust factorsas follows
U∑u=1
λ[u; k]e[u; k]H1
≷H0
eT (6)
The trust factor of a user is calculated based on the past andpresent sensing data sent by the user as well as the sensing datasent by other users. λ[u; k] = 0 for the set of users not lyingin Sk, as we do not consider their energy values in makingthe final decision. In the rest of this section, we will discussmethods to calculate the trust factors of the users.
1) Evaluation of Trust Factors: At the beginning, the trustfactor of 1/US [k] is assigned to all the users lying in Sk. Ateach sensing iteration k, based on the energy statistics e[u; k],an instant trust penalty d[u; k] is assigned to each user inU . These instant trust penalties are used to evaluate the trustfactors λ[u; k] and make the final decision.
The instant trust penalties are evaluated as follows
d[u; k] =|e[u; k] − µ[k]|
σ[k](7)
where µ[k] and σ[k] are the sample mean and variances ofthe energies e[u; k] of the users lying in the set Sk. Thesetrust penalties are then summed over certain time period L toobtain D[u; k].
D[u; k] =k∑
k′=k−L+1
d[u; k′] (8)
Observing values of D[u; k] would give a clear idea of whichsensing nodes are deviating from the underlying distributionof e[u; k]. Intuitively, one would expect that D[u; k] for amalicious node would be different from the rest.
There are different ways in which un-normalized trustfactors λ′[u; k] can be obtained from D[u; k]. One approachis to identify the mild outliers [7] among D[u; k] by definingupper and lower bounds on D[u; k] as follows
Du[k] = D3[k] + 1.5Diqr[k]Dl[k] = D1[k] − 1.5Diqr[k] (9)
where D1[k] and D3[k] represent the first and third quartile ofthe values D[u; k] and Diqr[k] = D3[k]−D1[k] represents theinterquartile range. We completely trust all the values which
lie between Du[k] and Dl[k] and assign equal trust factors toall of them. In this case, un-normalized trust factors λ′[u; k]are obtained as follows
λ′[u; k] ={
1 : D[u; k] ∈ [Dl[k], Du[k]], u ∈ Sk
0 : Otherwise(10)
Another possible approach is to assign trust factors such thatthey are exponentially decreasing according to their distancefrom the median mD[k] of the values D[u; k]. In this case,un-normalized trust factors λ′[u; k] are obtained as follows
λ′[u; k] ={
e−|mD[k]−D[u;k]| : u ∈ Sk
0 : Otherwise(11)
If the sensing data of one of the users (ut) can be completelytrusted, (for example, that of the access point assuming thatits sensing device is not malfunctioning), then one can useD[ut; k] instead of the median mD[k] in the above equationto obtain un-normalized trust factors. The normalized trustfactors are finally obtained from un-normalized trust factorsas follows
λ[u; k] =λ′[u; k]∑U
u′=1 λ′[u′; k](12)
Intuitively, the proposed schemes should be able to identifyall the malicious nodes which produce values that differ indistribution from rest of the values. Thus, an ‘Always Yes’and ‘Always No’ nodes must be easily identified using theseschemes. Smaller values of L could be used to identify nodeswhich behave maliciously over short periods of time and largervalues of L would help identify nodes which regularly sendfalse values over larger time periods. In complex scenarioscontaining different kinds of malicious users, multiple valuesof L could be used to identify the malicious nodes. In suchcases, we can evaluate trust factors using two or more differentvalues of L and then combine them to obtain a final trust factorfor each user. Also, pre-filtering the data as shown in SectionIV-A helps in nullifying the effect of malicious nodes whichproduce extreme false values once in a while and produce truevalues rest of the time.
C. Quantization
Since control channels have limited bandwidth, the energyvalues need to be quantized before they are sent to theaccess point. The optimal quantization schemes for distributeddetection have been extensively studied [6]. However, findingthe optimal threshold values is, in general, a non-linear opti-mization problem and is highly complex.
In this section, we consider suboptimal quantization ofthe energy values e[u; k]. Let b represent the number ofquantization bits. We approximate the energy value of eachuser e[u; k] under Hypothesis H1 with a Gaussian distributionwith mean and variance obtained numerically using Monte-Carlo simulations. We then implement the Lloyd-Max quan-tizer for this Gaussian distribution designed to minimize themean square error [8], [9]. At the access point, the mean ofthe quantized energy values {eq[u; k]}U
u=1 is compared to a
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the ICC 2008 proceedings.
3408
threshold, which is determined so that the probability of falsealarm is fixed at Pf .
For the case in which very few quantization bits are avail-able, we do not apply the pre-filtering to eliminate extremevalues, since the outlier detection scheme is not very effectivefor the data sets with low cardinality. The rest of the detectionprocedure remains the same as in case of un-quantized energyvalues. We take weighted average of the the quantized energyvalues and compare it to the threshold. The instant trustpenalties are evaluated as in (7), but using the quantized energyvalues. We study the effect of quantization over our maliciousnode detection schemes through simulations.
V. SIMULATION RESULTS
We consider a U = 50 user system. Mean received SNRof the cognitive radio users is -10dB. The mean and standarddeviation of lognormal shadowing component is 0dB and 4dBrespectively. In the energy detectors, length of the sensing timeinterval T is chosen to be 50. The time period L over whichinstant trust penalties are added to obtain D[u; k] is 50 forall the sensing systems presented in this section. In all themalicious node detection schemes used in the simulations, un-normalized trust factors λ′[u; k] are obtained by eliminatingthe mild outliers in D[u; k] and completely trusting the rest ofthe users in the set Sk as suggested in Section IV-B.
In Fig. 1, we consider a cooperative sensing system inwhich 10% of the users are ‘Always Yes’ users, each givinga value twice the threshold on a linear scale (i.e, a value 3dBhigher than the threshold in dB). We present the probabilityof detection Pd and probability of false alarm Pf for the casein which no malicious node detection scheme is used andfor the case in which the malicious node detection scheme isused. From Fig. 1, we can see that using the malicious nodedetection scheme, we can easily identify ‘Always Yes’ usersand bring the probability of false alarm of the system closeto that of a cooperative sensing system without a maliciousnode. At the same time, the probability of detection of thesystem remains close to that of a cooperative sensing systemwithout a malicious node. In most of our simulations, themalicious nodes were identified in less than 10 iterations.In Fig. 2, we consider a system in which 10% of the usersare ‘Always No’ users giving a value half the threshold on alinear scale. From Fig. 2, we can see that our malicious nodeidentification scheme successfully identifies the ‘Always No’nodes and nullifies their effect on the final decision. In Fig.3, we observe the probability of false alarm as we vary thepercentage of ‘Always Yes’ users in the system. The thresholdeT is fixed such that probability of false alarm is 0.01 whenno malicious node is present. From the figure, its easy to seethat the malicious node identification scheme works quite wellfor up to 20% malicious nodes, keeping the probability offalse alarm close to 0.01. Also, the effect on probability ofdetection, which is not presented in this paper, is marginal(less than 2%). In Fig. 4, we consider a system in which 10%of the users produce extreme false values (6dB higher thanthe threshold) once in 10 sensing intervals and study their
impact on the system performance. We also show the effectof our malicious node identification schemes on the system.The simulation results indicate that our scheme can detectand eliminate the effect of such malicious nodes. In Fig. 5,we consider quantized energy values. We fix threshold suchthat probability of false alarm is 0.01. We consider cases withquantization bits b = 1, 2, 3. We see that our detection schemestill successfully identifies “Always Yes” users in all cases forup to 20% malicious nodes.
It should be noted that the simulation results presented inthis section do not consider very complex malicious users. Ingeneral, the proposed malicious node detection schemes canidentify any malicious node whose distribution differs fromthe underlying distribution of the legitimate nodes.
−1 −0.8 −0.6 −0.4 −0.2 0 0.2 0.4 0.6 0.8 10
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Threshold in dB
Pro
babi
lity
Pf, With No Malicious Node
Pf, With 10% ’Always Yes’ Nodes
Pf, With 10% ’Always Yes’ Nodes
Using Malicious Node DetectionP
d, With No Malicious Node
Pd, With 10% ’Always Yes’ Nodes
Pd, With 10% ’Always Yes’ Nodes
Using Malicious Node Detection
Fig. 1. Performance of malicious node detection scheme for a systemcontaining 10% ‘Always Yes’ nodes
−1 −0.8 −0.6 −0.4 −0.2 0 0.2 0.4 0.6 0.8 10
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Threshold in dB
Pro
babi
lity
Pf, With No Malicious Node
Pf, With 10% ’Always No’ Nodes
Pf, With 10% ’Always No’ Nodes
Using Malicious Node DetectionP
d, With No Malicious Node
Pd, With 10% ’Always No’ Nodes
Pd, With 10% ’Always No’ Nodes
Using Malicious Node Detection
Fig. 2. Performance of malicious node detection scheme for a systemcontaining 10% ‘Always No’ nodes
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the ICC 2008 proceedings.
3409
0 5 10 15 20 25 300
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Percentage of ‘Always Yes’ Users
Pro
babi
lity
of F
alse
Ala
rm P
f
Pf, Without Malicious
Node Detection
Pf, With Malicious
Node Detection
Fig. 3. Probability of false alarm Pf of the system vs. Percentage of ‘AlwaysYes’ nodes
−1 −0.8 −0.6 −0.4 −0.2 0 0.2 0.4 0.6 0.8 10
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Threshold in dB
Pro
babi
lity
Pf, With No Malicious Node
Pf, With 10% Malicious Nodes
Pf, With 10% Malicious Nodes
using Malicious Node Detection
Pd, With No Malicious Node
Pd, With 10% Malicious Nodes
Pd, With 10% Malicious Nodes
using Malicious Node Detection
Fig. 4. Performance of malicious node detection scheme for systemcontaining 10% malicious nodes which produce false extreme values oncein 10 sensing iterations
VI. CONCLUSION
In this paper, we have devised schemes to identify andnullify the effect of malicious nodes for the case where energydetectors are used by the sensing devices. We employeda simple and fast average combination scheme to simplifythe decision process at the access point. Using simulations,we verified that the proposed schemes can identify ‘AlwaysYes’ users, ‘Always No’ users and malicious nodes producingextreme values. We have also studied the performance of ourschemes when quantization is applied to energy values beforetransmission. In future work, we will develop malicious nodedetection algorithms for the case of sensing devices usingcyclostationary detectors and will consider more complexscenarios.
0 5 10 15 20 25 300
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Percentage of ‘Always Yes’ Users
Pro
babili
ty o
f F
als
e A
larm
Pf
b = 1 Without Malicious Node Detectionb = 1 With Malicious Node Detectionb = 2 Without Malicious Node Detectionb = 2 With Malicious Node Detectionb = 3 Without Malicious Node Detectionb = 3 With Malicious Node Detection
Fig. 5. Probability of false alarm Pf of the system vs. Percentage of ‘AlwaysYes’ nodes for quantized energy values with number of quantization bits b =1, 2, 3
REFERENCES
[1] Spectrum policy task force report. Technical Report 02-135, FederalCommunications Commission, Nov 2002.
[2] J. Mitola, “Software Radio Architecture,” John Wiley & Sons, 2000.[3] S. M. Mishra, A. Sahai and R. W. Brodersen, “Cooperative sensing among
cognitive radios,” IEEE International Conference on CommunicationsICC’06 , vol. 4, pp. 1658-1663, June 2006.
[4] A. Ghasemi and E. S. Sousa,“Collaborative Spectrum Sensing for Oppor-tunistic Access in Fading Environments,” IEEE Conference on DynamicSpectrum Access Networks (DYSPAN’05), pp. 131-136, Nov. 2005.
[5] G. Ganesan and Y. Li, “Cooperative spectrum sensing in cognitive radionetworks,” IEEE Conference on Dynamic Spectrum Access Networks(DYSPAN’05), pp. 137-143, Nov. 2005.
[6] P. K. Varshney, Distributed Detection and Data fusion New York:Springer-Verlag, 1996.
[7] V. Barnett and T. Lewis, “Outliers in Statistical Data,” Wiley Publisher,1994
[8] S. P. Lloyd, “Least squares quantization in PCM,” IEEE Trans. Inform.Theory, vol. IT-28, pp. 129-137, Mar. 1982.
[9] J. Max, “Quantizing for minimum distortion,” IRE Trans. Inform. Theory,vol. IT-6, pp. 7-12, Mar. 1960.
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the ICC 2008 proceedings.
3410