Вы находитесь на странице: 1из 11

See discussions, stats, and author profiles for this publication at: https://www.researchgate.


Network layer attacks and countermeasures in cognitive radio networks: A


Article  in  Journal of Information Security and Applications · February 2018

DOI: 10.1016/j.jisa.2017.11.010


18 1,534

4 authors:

Mounia Bouabdellah Naima Kaabouch

Ecole Nationale Supérieure d'Informatique et d'Analyse des Systèmes University of North Dakota


Faissal El Bouanani Hussain Ben-azza

Mohammed V University of Rabat ensam-Meknès. UMI Meknès


Some of the authors of this publication are also working on these related projects:

Genetic algorithms for Linear Block codes View project

OFDM, MIMO, 4G, 5G, coding View project

All content following this page was uploaded by Mounia Bouabdellah on 07 December 2017.

The user has requested enhancement of the downloaded file.

Journal of Information Security and Applications 38 (2018) 40–49

Contents lists available at ScienceDirect

Journal of Information Security and Applications

journal homepage: www.elsevier.com/locate/jisa

Network layer attacks and countermeasures in cognitive radio

networks: A survey
Mounia Bouabdellah a,b,∗, Naima Kaabouch b, Faissal El Bouanani a, Hussain Ben-Azza c
ENSIAS, Mohammed V University, Rabat, Morocco
Department of Electrical Engineering, University of North Dakota, Grand Forks ND, USA
ENSAM, Moulay Ismail University, Meknes, Morocco

a r t i c l e i n f o a b s t r a c t

Article history: Spectrum scarcity is the principal motivation behind the development of cognitive radio. This technology
introduces new functionalities at the physical, medium access control, and network layers of the TCP/IP
Keywords: protocol stack. These functionalities can be subject to new security threats. Most of the existing works
Cognitive radio in cognitive radio focused on the security issues in both the physical and medium access control layers.
Security However, threats related to the network layer have not been studied despite its importance in establish-
Network layer ing communication between different users in cognitive radio networks. In this paper, we classify and
give an overview of attacks that target the network layer functionalities of cognitive radio networks. We
discuss the existing detection techniques and countermeasures and highlight the main security challenges
for such networks.
© 2017 Elsevier Ltd. All rights reserved.

1. Introduction channel jamming, and spectrum sensing data falsification attacks.

However, attacks targeting the network layer have received insuf-
Cognitive radio (CR) is a promising technology that aims to ficient attention [26,27]. Moreover, these papers discuss only the
solve the problem of spectrum scarcity. This technology allows an attacks that are similar to those in traditional wireless networks
opportunistic use of the spectrum where unlicensed users called and they focus only on the attacks targeting the routing function.
secondary users, SUs, can transmit in licensed bands without caus- Furthermore, the discussed attacks do not take into consideration
ing harmful interference to licensed users called primary users, the specifications of the cognitive radio network.
PUs [1–3]. Communication between nodes in cognitive radio net- The network layer in CRN allows establishing a communication
works (CRN) uses the TCP/IP protocol stack with additional func- between remote nodes. The nodes participating in the data packet
tions in the physical and medium access control (MAC) layers. forwarding from source to destination are required to release the
Fig. 1 shows the CR layers that have been modified to allow a used channel as soon as a PU activity is detected on that channel.
dynamic access to the radio spectrum. The CR physical layer new Thus, these new specifications give the opportunity to new secu-
functionalities include spectrum sensing and data transmission [3]. rity threats.
The MAC layer new functionalities are spectrum sensing, spectrum This article provides a comprehensive survey of attacks target-
decision, spectrum sharing, and spectrum mobility [4]. The func- ing the network layer in CRN. The classification of these attacks
tionalities of the network layer are similar to traditional wireless is performed based on the network layer functionalities. Some of
networks the only difference is that the routing function is affected these attacks can be launched only in CRN and others are similar
by the spectrum availability [5]. to those that target the traditional wireless networks. This article
A number of papers related to security in CRN have been pub- explains how these attacks can be perpetrated in CRN by exploit-
lished [6–27]. For instance, the authors of [6–15] described the ing the characteristics of such networks. To the best of our knowl-
physical-layer attacks in CRN, including primary user emulation, edge, this is the first work that focuses on the attacks targeting the
objective function, overlapping secondary user, and jamming at- network layer in CRN.
tacks. The authors of [16–25] gave an overview of attacks target- The remainder of this paper is organized as follows. In section
ing the MAC layer such as the control channel saturation, control II, we provide an overview of the network layer functionalities in
CRN. In section III, we classify attacks targeting the CR network
layer based on its different functionalities. In section IV, we de-

Corresponding author.
scribe the detection techniques and countermeasures to mitigate
E-mail address: mounia_bouabdellah@um5.ac.ma (M. Bouabdellah).

2214-2126/© 2017 Elsevier Ltd. All rights reserved.
M. Bouabdellah et al. / Journal of Information Security and Applications 38 (2018) 40–49 41

Fig. 1. Functions of physical, MAC, and network layers in CRN.

these attacks. In section V, we compare the attacks in terms of im-

pacts; we also provide a comparison of the existing detection tech-
niques and countermeasures to counter each attack. In section VI,
we describe the challenges to secure the network layer functional-
ities. Finally, we end with a brief conclusion.

2. Network layer functionalities of cognitive radio systems

Communication between CRN nodes is established by executing

the functions provided by the network layer. These functions in-
clude host addressing, IP datagram fragmentation, and routing of
data packets from a source node to a destination node by using
multi-hop routing protocols [26].
Host addressing is the first executed network layer function
that assigns a unique logical address to CRN nodes. The common
protocol used to perform the host addressing is the internet pro-
tocol (IP) which consists of two versions: the IPv4 and the IPv6
[27]. The proliferation of mobile devices introduced an exhaustion
Fig. 2. Example of a CR routing protocol with spectrum decision.
of IPv4 addresses which are of 32 bits. The IPv6 was proposed to
solve this limitation of IPv4 by using 128-bit address [28]. In ad-
dition, IPv6 provides additional features such as stateless address Fig. 2 shows an example of a CR routing protocol with spec-
auto-configuration [28], which allows nodes to automatically gen- trum decision. Each CR node has a set of available channels and
erate an IPv6 address by using the neighbor discovery protocol uses one of these channels. For instance, the available channels
[28]. of node A are (2, 3, 7) and the channel being used is 3. When
The IP datagram fragmentation function allows a packet that the source node S wants to send data packets to the destination
exceeds the maximum transmission unit to be divided into small node D it starts the process of path determination by broadcast-
fragments and sent through different transmission media [29]. ing a route request (RREQ) packet. The source node S inserts its
Once the intended destination node receives all fragments, it starts spectrum-related information in RREQ packets. When the inter-
the reassembly process. The fragmentation in IPv6 is performed by mediate nodes A and B forward the RREQ packets, they also in-
a sub-layer located between the network and MAC layers [30]. clude their own spectrum-related information. Once the destina-
The routing function uses three processes: path determination, tion node D receives the RREQ packets it decides on the channel to
data packet forwarding, and route maintenance [31]. The first pro- be used for data transfer on the selected path and inserts the infor-
cess determines a route from source to destination according to mation about the chosen channel in the route reply (RREP) packet.
some specific metrics such as end-to-end delay and throughput. This packet is sent back to the source node through nodes B and
The second process allows data packets forwarding from source to A. Once these intermediates SUs receive the RREP, they assign the
destination through a selected path while the third process moni- channel to themselves based on the information contained in the
tors the status of the established route. RREP. Once the route from source node S to destination node D is
The main difference between the routing protocols in tradi- established the data packets forwarding begin using the selected
tional wireless networks and those in CRN is that the CR-based path and the chosen channel in this path.
routing protocols must take into consideration the spectrum avail- In CRN, communicating with a switching node is complicated,
ability, the channel used by each SU, and the activity of PUs to se- since this node switches channels frequently to support multiple
lect the best route toward a specific destination. According to [6], flows on different channels. Thus, sending packets to a switching
CR routing protocols can be classified into three classes: routing node can fail if this node is listening to another channel. To address
with spectrum decision, routing with joint spectrum decision and this issue some CR routing protocols use leave/join messages to in-
PU awareness, and routing with joint spectrum decision and re- form switching nodes’ about the working channels. Before switch-
configurability. In the first category, the spectrum and path selec- ing to a new channel, a switching node broadcasts a leave mes-
tion are performed jointly. The second class consists of selecting sage on the current channel. After switching to a new channel, this
the route that avoids the regions known to have high PU activity. node broadcasts a join message on the new channel. When an SU
The third class of CR routing protocols has the ability to recover receives a leave message from a switching node, it does not send
from changes in the spectrum caused by PU activity. packets to this node before receiving the join message from it [23].
42 M. Bouabdellah et al. / Journal of Information Security and Applications 38 (2018) 40–49

Fig. 3. Classification of attacks targeting the network layer in cognitive radio.

3. Attacks targeting the network layer in cognitive radio an attacker can take advantage of some specifications of CRN to
networks compromise these networks.

Attacks targeting the network layer in CRN are numerous. As 3.1.1. Path determination attacks
shown in Fig. 3, these attacks can be classified into three categories When a source node needs to send a data packet to a specific
depending on which function they are targeting: routing function, destination it has to check if a route to the desired destination ex-
host addressing, and IP datagram fragmentation. ists in its routing table. If no route is found, then the source has to
Regarding the host addressing function, an attacker can either launch a path discovery process in order to find an optimum route
spoof the identity of another secondary user or create a new iden- toward the destination. During this process, specific metrics and
tity. This type of attack is called sybil attack. In regard to attacks specifications are used. In addition of metrics used by traditional
in IP fragmentation function, an attacker can take advantage of this wireless networks, CR routing protocols use new metrics such as
function to launch several attacks that can cause a denial of service spectrum availability and route stability. An attacker can take ad-
to many SUs. These attacks are ping for death, tear drop, tiny frag- vantage of these new metrics to increase its probability to be part
ment, and overlapping fragment. of the route toward a specific destination.
Regarding the routing function, attacks can be carried out dur-
ing the process of path determination, packets forwarding, or route Wormhole attack. In a wormhole attack, the malicious node
maintenance. During the process of path determination, a mali- records the route request (RREQ) packet at one point in the net-
cious node does not respect the specifications of the routing proto- work and sends it to another colluding attacker at another point
cols. Examples of these attacks include wormhole, sinkhole, hello in the network [32]. The objective of this attack is to make the
flood, network endo-parasite, and low-cost ripple effect attacks. In RREQ packet forwarded by the attackers reach the destination first.
attacks targeting data packets forwarding, the malicious node can The destination node, therefore, processes this first received RREQ
increase the delay of the data transfer, drop, or modify the content packet and ignores all the next received packets from other routes.
of packets. During the process of route maintenance, an attacker In order to perform the wormhole attack and make the RREQ
can launch either a replay or control message fabrication attacks. packet arrives faster to the destination, the malicious nodes use
several techniques such as an out-of-band hidden channel (e.g., a
3.1. Attacks targeting the routing function wired link) or high powered transmission [33].
Fig. 4 shows an example of wormhole attack that can affect a
Most CR routing protocols are designed without taking CR routing protocol. The source node S starts a route discovery by
into consideration the security issues. Ensuring data forwarding broadcasting a route request packet (RREQ) on all available chan-
through secure routes composed of trusted relays is an important nels. The CR nodes A1 and A2 are two colluding attackers. Once the
challenge to deal with in CRN. The first step to designing secure attacker A1 receives this packet, it transmits it to A2 through the
routing protocols is to understand how attacks can be launched wormhole link. The attacker A2 rebroadcasts the received packet
during each process of the routing function. Some of these attacks RREQ to its neighbor P which transmits it to the destination D.
are particular to CRN such as network endo-parasite, low-cost rip- The packet RREQ reaches the destination first because it is sent
ple effect, and routing toward primary user attacks. Other attacks through a high-speed channel. Once the RREQ packet reaches the
already exist in traditional wireless networks such as wormhole, destination a route reply (RREP) packet is generated and sent to
sinkhole, hello flood, selective forwarding, control message fabri- the source node through the attackers. Subsequently, all the next
cation, and replay attacks. These security threats are presented in exchanged data packets between the source and destination go
this section and discussed in the context of CRN by explaining how through the attackers.
M. Bouabdellah et al. / Journal of Information Security and Applications 38 (2018) 40–49 43

Fig. 4. Example of wormhole attack.

Fig. 6. The malicious node M sends a hello message to node S to make it believe
that it is S’s neighbor even if they are far from each other. The data packets sent
from S toward M are lost.

tack against the channel assignment in multi-radio multi-channel

wireless mesh networks. The main objective of this attack is to in-
crease the interference at heavily loaded high priority channels. An
attacker launches the NEPA by assigning its interface a higher pri-
ority channel.
Fig. 5. Example of sinkhole attack.
As explained in section II, if an SU intends to switch to another
channel it does it by informing its neighbors about its new channel Sinkhole attack. According to [34], the objective of a sink- through leave/join messages [23]. In NEPA, an attacker can switch
hole attacker is to be part of a route toward a specific destination. to a new channel without informing its neighbors.
In this attack, the malicious node exhibits itself as the best node to
forward packets to their intended destinations. For instance, an at- Low-cost ripple effect attack. Low-cost ripple effect attack
tacker alters the information contained in route request packet to (LORA) was first introduced by Yuan et al. [37] against the multi-
make nodes believe that the compromised node is the best path to radio multi-channel wireless mesh networks. In this attack, the
their destinations. malicious node notifies its neighbors that it has switched to an-
As explained in section II, SUs include their spectrum-related other channel, while in reality the channel has not been changed.
information in the RREQ packets. To reply, the destination node In CR routing protocols, an attacker can send a fake leave/join
uses this information to select the best route by considering the message to make its neighbors believe that it has switched to a
channel switching along this route [32]. A sinkhole attacker can in- new channel. The attackers’ neighbors start sending the packets
clude wrong spectrum information in the RREQ packet which can using the new channel which leads to the loss of these packets.
mislead the destination node and make it select a route that con-
tains the malicious node. Fig. 5 shows an example of sinkhole at-
tack in CRN. The Malicious node M inserts in the RREQ packet the 3.1.2. Data packet forwarding attacks
information (2, 7, 9) as its available channels. The destination node Once an attacker succeeds in being part of the route toward
D selects the path that contains node M and B for data transfer a destination, it can disrupt the process of data packet forward-
believing that in this route the nodes can use channel 2 for data ing by selectively dropping the packets or increasing the delay of
transfer which can minimize the channel switching delay. data packet transfer. There are two types of attacks in this cate-
gory, routing toward primary user attack (RPUA) and selective for- Hello flood attack. Nodes in CRN are required to broadcast warding attack.
a hello message in order to notify their neighbors about their ex-
istence [35] and exchange channel information with them. Nodes Routing toward primary user attack. The routing protocols
receiving the hello packet believe that they are the sender‘s neigh- in CRN have to take into consideration the availability of the link
bors and get the information about the channel to use to commu- which depends on the availability of the channels used by the SU.
nicate with each other. Some CR routing protocols avoid the regions known to have high
The hello flood attack can be performed by broadcasting a hello PU activity. However, the attacker in RPUA forwards intentionally
packet with enough power to convince other SUs that the ma- the received packets to the SU that is close to the PU which can
licious node is their neighbor. Therefore, nodes forward all their increase the delay of packet transmission [37]. Fig. 7 shows an ex-
packets toward the attacker which causes the loss of these packets. ample of RPUA, area A is the primary user’s footprint where the
Fig. 6 shows an example of this attack where the malicious node PU is active. When the source node Ns wants to send packets to
M in area B sends a hello packet to node S to mislead it and make the destination node Nd it sends them to node Nm which is a ma-
it think that they belong to the same area A. The hello packet also licious node. The node Nm sends the received packets to node N1
contains the information about the available channels of node M. instead of sending it to node N2 . This behavior performed by NM
Thus, the node S starts sending packets to node M using channel 2 has two consequences. The first one is that the interference to the
believing that it is one hop neighbor. Consequently, all the packets PU in the route Ns ➔ Nm ➔N1 ➔ Nd is supposed to be higher than
sent by node S toward node M are lost. the route Ns ➔ Nm ➔ N2 ➔ Nd . The second one is that the node N1
has a high probability of releasing the used channel frequently as Network endo-parasite attack. Network endo-parasite attack it is close to the primary user’s footprint which can cause a high
(NEPA) was first introduced by Naveed and Kanhere [36] as an at- transmission delay.
44 M. Bouabdellah et al. / Journal of Information Security and Applications 38 (2018) 40–49

formed during this process of route maintenance are control mes-

sages fabrication and replay attacks. Control messages fabrication attack. In CR routing protocols,

nodes broadcast control messages in order to inform about their
presence and also about the availability of the channel used for
data transfer in the route. A source node considers a route toward
a destination as broken either when no hello packet is received
within a specific time period or when it receives a hello or RRER
messages indicating the unavailability of the channel used in this
route. In this attack, the malicious node forges fake control mes-
sages, hello and RRER, to mislead the source node and make it be-
lieve that the route toward the destination is no more reachable. Replay attack. Unlike the control messages fabrication, a

replay attack consists of using some old control packets i.e. hello
and RRER that have been already received at a specific time [42].
As explained before, some CR routing protocols use route error
(RRER) packets to indicate that a route toward a specific desti-
nation is unreachable. Once a malicious node receives this packet
for the first time it stores it and then replays it again in the net-
work. As shown in Fig. 9, the malicious node M sends an old RRER
packet that has been received and stored at a specific time. Once
the source node S receives this packet it believes that the route
Fig. 7. Example of RPUA. toward the destination node D is no longer active. Selective forwarding attack. Before performing a selective 3.2. Attacks on host addressing function
forwarding attack, the attacker becomes part of data flow path
using one of the previously explained path determination attacks. The host addressing function assigns a unique IP address to
The malicious node in this type of attacks does not forward all the each node in the network. This address is used to identify the
received packets to their intended destinations [38]. In this attack, network users as well as monitor their behaviors. However, some
the malicious node selects some received packets, drops them, and nodes can behave maliciously by forging or spoofing an identity
forwards the remaining packets in order to avoid being suspected which allows them to perform harmful attacks without being iden-
[39]. The selective forwarding attack can occur in two forms. In tified [42].
the first one, the attacker drops the packets coming from a specific In CRN, SUs need to cooperate in order to complete some tasks
node which causes a denial of service (DoS) attack to this node. In such as path determination to a specific destination, trust estab-
the second one, the attacker drops packets coming from arbitrary lishment through collecting other nodes’ recommendation, or co-
nodes. This form of selective forwarding attack is called neglect operative spectrum sensing. The sybil attacker can launch some
and greed [40]. Fig. 8.a shows an example of selective forwarding attacks such as spectrum sensing data falsification attack (SSDF)
attack where the malicious node M drops selectively some packets without being tracked.
sent by the source S and forward the remaining packets to their
destination D. Fig. 8.b presents another type of this attack where
the malicious node M targets the node A, drops all its packets, and 3.3. IP datagram fragmentation attacks
forwards the packets of the other nodes i.e. B and C.
As explained in section II, the IP datagram fragmentation func-
tion allows the transmission of IP datagrams trough different types
3.1.3. Route maintenance attacks of networks by breaking them into small fragments. These frag-
During the process of route maintenance, nodes keep tracking ments are reassembled at the destination in order to obtain the
whether a route is active or not. Once the lifetime of a specific original IP datagram.
route is over without observing any traffic activity, the route is de- As any wireless network, CRN can be subject to denial of service
activated from the routing table. Unlike traditional wireless net- (DoS) by taking advantage of the IP datagram fragmentation func-
works, the connectivity of the path toward a destination in CRN tion [44]. An attacker can cause a denial of service to the network
relies also on the availability of the channel used for data transfer by launching either ping of death or teardrop attacks. Moreover, an
on that path. The route maintenance is performed by exchanging attacker can use IP datagram function to bypass the filtering rules
a number of control messages. Two types of control messages are defined by some nodes. This can be achieved by launching either
used: hello and route error (RRER) messages. The hello messages tiny fragment or overlapping fragment attacks.
are broadcasted periodically by each node in order to inform about In CRN, SUs can cooperatively perform the spectrum sensing
its presence and also the availability of its channel. The RRER indi- in order to decide on the availability of the channels [43]. First,
cates when a destination is unreachable. In CRN, a destination can each SU performs a local spectrum sensing and obtains its individ-
be unreachable when the channel used to communicate with it is ual sensing output. Then, a data fusion center is used to combine
no more available because of the PU activity. the sensing outputs from multiple SUs and achieve a more reliable
A malicious node can take advantage of these control messages sensing output. The attacks against the IP datagram fragmentation
and launch some attacks in order to disrupt the way the routing function can be of harmful effects in CRN as an attacker can cause
protocol is supposed to operate [41]. The attacks that can be per- a denial of service by targeting a data fusion center.
M. Bouabdellah et al. / Journal of Information Security and Applications 38 (2018) 40–49 45

Fig. 8. a: The malicious node M drops some packets of source node S. b: The malicious node M drops all packets of the selected node A.

sending TCP flags in two fragments. The first fragment is sent

with TCP flags that allow it to reach the destination without being
blocked as these flags are allowed to pass. The second fragment is
sent with different values of these TCP flags. This fragment is not
blocked because the tests are performed only on the first fragment.
Once the two fragments reach the intended destination, the first
fragment’s flags are overwritten with the ones contained in the
second fragment [46]. For instance, let’s assume that the packet fil-
ter allows only the connections to port 80, but the attacker wants
to connect to port 23. Although the packet filter is configured to
block the connections to port 23, the attacker might try to use the
Fig. 9. Example of a replay attack.
IP fragmentation overlapping to bypass the packet filter and finally
connect to this port.
3.3.1. Ping of death attack
This attack uses a ping system utility to create small fragments.
4. Detection techniques and countermeasures
When these fragments are reassembled at the destination they ex-
ceed the maximum allowed size of an IP datagram [30]. According
Several detection techniques and countermeasures have been
to RFC 791, the maximum size of an IP packet is 65,535 bytes. If
proposed in the literature in order to counter the attacks previ-
the reassembled packet exceeds this size then the destination node
ously described [25,30,31,33,36–40,43,46–71]. The solutions against
crashes or reboots.
the attacks targeting the host addressing and IP datagram func-
3.3.2. Teardrop attack tions have been proposed in the context of the traditional wireless
IP datagram fragmentation has to follow some rules during networks. To the best of our knowledge, solutions against these
the process of fragmenting datagrams. One of these rules is that attacks in the context of CRN have not been proposed except for
each fragment has to indicate its place or offset in the original some attack that can occur only in CRN such as routing toward
packet which can allow the fragmented packets to be successfully primary user attack (RPUA). Yet, most of the existing solutions can
reassembled at the destination. The attacker can take advantage be applied in CRN as these networks inherit some features of the
of this rule by sending fragments with overlapping offset fields, traditional wireless networks.
which can make the attacked node unable to reassemble these
fragments [29]. This attack can make the destination node crash 4.1. Detection techniques and countermeasures to defend against
or reboot. attacks targeting the routing function

3.3.3. Tiny fragment attack The routing function allows the establishment of routes be-
The objective of this attack is to circumvent the user-defined fil- tween remote SUs. These routes have to be maintained by the ex-
tering rules. In this attack, the first fragment is made small enough change of different control messages. An attacker can disrupt the
in order to force some TCP header fields in the second fragment. way the routing protocols operate by launching the attacks ex-
For instance, the first fragment contains only information such as plained previously.
the source and destination ports. The TCP flags are sent in the An attacker can serve as a relay in a route to a specific destina-
second fragment. This attack allows the malicious node to reach tion by performing wormhole, sinkhole, or hello flood attacks. The
the intended destination without being blocked because the relay detection techniques of the wormhole attack use specialized hard-
nodes verify only the first fragment and they do not test the rest ware to transmit packets at high power in a specific direction, to
of the fragments [45]. determine the location, or to perform time synchronization [48–
51,71]. These techniques aim at identifying the node’s neighbors
3.3.4. Overlapping fragment attack by measuring the strength of the received signal or determining
The objective of this attack is to gain access to the intended the location of a node. The countermeasure against this attack re-
destination by bypassing the firewalls. This can be achieved by lies on using neighbor authentication [52]. Regarding sinkhole at-
46 M. Bouabdellah et al. / Journal of Information Security and Applications 38 (2018) 40–49

path to compute the belief value and detect the malicious node
based on this value. The authors of [60] proposed a routing mech-
anism where the interaction between the non-malicious SUs and
their one-hop neighbors is modeled as a stochastic game in order
to evaluate the trustworthiness of the neighbor nodes.
Once a route toward a destination is established it has to be
maintained by exchanging control messages. During this process,
an attacker can either replicate previously captured packets or in-
ject false route error messages. Generally, authentication is used to
counter these attacks [61,63,64]. The control message’s fabrication
Fig. 10. Trust establishment techniques [71].
attack can be prevented by using authenticated routing protocols
[62]. The replay attack can be detected by using a time-stamping
tack, many of the proposed detection techniques rely on building technique for packets [63]. In [63], the authors introduced a de-
trust among nodes [53,54]. The attacker can be detected by moni- tection and prevention system against the replay attack. This sys-
toring its behavior and updating its trust value or by checking the tem uses digital signature combined with bloom filters to decide
inconsistency of data. Fig. 10 shows the trust establishment tech- whether a packet is replayed or authentic.
niques which are classified into two categories, certificate-based The detection techniques for wormhole, sinkhole, and hello
and behavior-based techniques [71]. The former, consists of send- flood attacks can be applied in CRN as SUs can be equipped with
ing and managing certificates either independently or coopera- hardware that allows them identifying their neighbors and build-
tively. The later, consists of monitoring misbehaviors such as drop- ing trust by monitoring the behavior of each node in the network.
ping and modifying the packets (direct trust). Trust evaluation can This countermeasure against wormhole can be performed at any
be established through the reputation value sent by other nodes layer of TCP/IP protocol stack as the SUs can run the same proto-
in the network (indirect trust). The countermeasure against sink- col to carry out the authentication. However, the countermeasure
hole attack is based on using secure routing protocols [55,56]. The against sinkhole attacks that relies on using secure routing proto-
detection of hello flood attack can be performed by verifying the cols might not be applicable in CRN as these protocols do not take
strength of the received signal [35]. The countermeasures against into consideration the activity of PU and the availability of spec-
hello flood attack consist of checking the bi-directionality of each trum during the process of data forwarding. The proposed solu-
transmission link [56] or authenticating the neighbor nodes [38]. tions for routing toward the PU, low-cost ripple effect and network
The detection of NEPA and LORA include two tasks: the neigh- endo-parasite attacks, are related to the specifications of CRN and
bors monitoring and the voting mechanism of anti-parasite attacks can be applicable only in such networks.
[55]. A countermeasure of these attacks is proposed in [58] and
it consists of a channel assignment framework. Fig. 11 shows the 4.2. Detection techniques and countermeasures to defend against
components of this framework. An assigner assigns channels to attacks targeting the IP datagram fragmentation function
nodes, a verifier verifies the identical assignment with the assigner,
and a scanner scans its neighbors’ channels to check whether all IP datagram fragmentation is an important technique that al-
nodes have switched their channels. lows a packet to be forwarded to remote SUs through different
If the proposed countermeasures for the attacks that target the communication links. An attacker can either cause a denial of ser-
path determination process fail the attacker can become a relay vice (DoS) to nodes or bypass a firewall by attacking the IP data-
which allows it to launch several attacks during the process of gram fragmentation function. In order to detect and prevent DoS
packet forwarding. These attacks include selective forwarding and attacks, intrusion detection system (IDS) and intrusion prevention
routing toward primary user attack (RPUA). To detect the selec- system (IPS) are used. This system analyzes the incoming and out-
tive forwarding multi-hop acknowledgment can be used [39]. The going packets through a specific device [65]. Moreover, to prevent
countermeasure against this attack consists of using a multi-path the ping of death attack the intermediate nodes can block the
routing protocol [59]. Indeed, forwarding data through distinct fragmented ping [66]. In order to detect tiny fragment attack, re-
paths can allow avoiding a malicious node. In order to detect the lay nodes can enforce certain limits on fragments passing through
RPUA, the authors of [37] proposed a belief propagation technique. them in such a way that the first fragment is large enough to con-
This technique consists of collecting feedback of nodes in the same tain all the required header information [30,31].

Fig. 11. channel assignment framework [59].

M. Bouabdellah et al. / Journal of Information Security and Applications 38 (2018) 40–49 47

All these techniques can be applied in CRN as the IP datagram

Availability Integrity Confidentiality

Availability Integrity confidentiality
fragmentation function in CRN operates in the same way as tra-
ditional wireless networks and does not depend on the spectrum

Availability non-repudiation
availability or PU activity.

Availability Integrity

Availability Integrity
4.3. Detection techniques and countermeasures to defend against
attacks targeting the host addressing function

Attack impact






Host addressing function gives a unique identity for CR nodes.
An attacker can manipulate this function by perpetrating a sybil
attack in order to forge fake identities or steal the identities of
other users which allow it to attack other functionalities without

Attacker can modify or drop packets after being selected as

Attacker can modify or drop packets after being selected as

Attacker reaches the destination by bypassing the firewalls

Attacker reaches the destination by bypassing the firewalls

Attacker causes the loss of the packets since they are sent

Attacker causes the loss of the packets since they are sent
being recognized. To detect sybil attack the authors of [67] used

Attacker increases the delay of data packets transmission

Attacker makes the source node believes that the route

Attacker makes the source node believes that the route

the received signal strength in order to locate the transmitter’s lo-

Attacker makes the destination node crash or reboot

Attacker makes the destination node crash or reboot

cation. The countermeasure against this attack consists of verify-
ing the identity of each node [43,68]. In [43], two types of val-
idation techniques were proposed: direct validation and indirect

Attacker causes a denial of service (DoS)

validation. In the former, a node verifies directly the validity of

Attacker causes the loss of the packets

another node’s identity. In the latter, the validation is performed

and causes the interference to PU

toward the destination is broken

toward the destination is broken

based on the refutation or assertion of other validated nodes. The
use of trusted certificate authorities to certify a node’s identity is

Attacker cannot be identified

one of the proposed countermeasures to defend against sybil at-
tack [68]. But this solution can be difficult to implement as the

on the new channel

on the old channel
Attack consequence
certificate management presents a big problem to handle. To solve
this problem, the authors of [69], proposed a solution that relies
on identity-based cryptography.

a relay.

a relay.
These solutions have been developed in the context of tradi-
tional wireless networks but they can also be applied in CRN for
two reasons. The first one is that the host addressing function in
CRN works in the same way like traditional wireless networks. The

Attacker sends fragments with overlapped fragment offsets

Attacker broadcasts hello packet so all nodes think it is a
second reason is that the solutions relying on cryptography also

Attacker sends TCP flags in two fragments with different

Attacker sends the packets to a node who is close to PU

Attacker sends TCP headers in the second fragment [46]

Attacker sends false notification about the used channel
Attacker switches to a new channel without notifying
apply in CRN as SUs can run the same cryptographic protocols at
any layer of TCP/IP protocol stack.
Two attackers create a link between them [33]

Attacker sends false routing information [35]

Attacker sends false route error packets [42]

5. Comparison and discussion

Attacker replays old control packets [42]

Attacker sends small ICMP packets [30]

Attacker fabricate new identities [43]

Table 1 provides a summary of possible attacks that can tar- Attacker drops the packets [39–41]
get the functionalities of the network layer in cognitive radio net-
works. The third column gives a brief description of each attack
and the fourth column explains the consequences of each attack
that has been performed successfully by a malicious node. For in-
stance, the consequence of a successful wormhole attack is that
Attack description

neighbor [36]

the malicious node can either drop or modify the content of the

values [46]
nodes [37]

data packets. The fifth column gives the impact of the attack on
the network. The main objective of a malicious node is to attack [27,45]


the availability, integrity, non-repudiation, and confidentiality [72].

Attacks on integrity consist of modifying the content of a packet or
sending fabricated packets. Attacks on availability consist of break-
Routing toward the primary user
Network endo-parasite (NEPA)

ing down the network which makes the nodes unable to commu-
Low-cost ripple effect (LORA)

Control messages fabrication

nicate with each other. In attacks on Non-repudiation, the attacker

denies having sent and received any message. The attacks on con-
Overlapping fragment
Selective forwarding

fidentiality consist of accessing illegally the confidential data. The

confidentiality is ensured by encrypting the original message using
Summary of the network layer attacks in CRN.

Tiny fragment
Ping of death

either symmetric or asymmetric encryption techniques. The data

Hello flood

can be accessed only by the node that owns the decryption key.


The wormhole and sinkhole attacks allow a malicious node to


be a part of the path toward a specific destination then this node

can carry out the attacks against the integrity by modifying the
IP datagram fragmentation

content of the packet going through it, by forging new control

Data packet forwarding
Network layer function

messages and broadcasting it in the network, or by replaying old

Path determination

Route maintenance

control messages that have been received and stored at a specific

Host addressing

time. This malicious node can also attack the availability of the
network by using selective forwarding to drop the data packets.
Hello flood can also be used to attack the availability of the net-
Table 1

work because the nodes receiving the hello flood messages believe
that they are the sender’s neighbors. Thus, the nodes send the data
48 M. Bouabdellah et al. / Journal of Information Security and Applications 38 (2018) 40–49

Table 2
Comparison of countermeasures.

Network layer functions Attacks Detection techniques Countermeasures

Path determination Wormhole Directional antenna [49], signal strength [70], Neighbor authentication (TrueLink) [52,65]
packet leashes [50], neighborhood connectivity
information [48]
Sinkhole Behavior monitoring [53,54] Secure routing protocols (SEAD, SAODV) [55,56]
Hello flood Signal strength [36,71] Check bi-directionality of a link [56]
Neighbor authentication [39]
Network endo parasite Neighbors monitoring and vote mechanism [56] Channel assignment framework [59]
Low-cost ripple effect Neighbors monitoring and vote mechanism [56] Channel assignment framework [59]
Data packets forwarding Selective forwarding Multi-hop acknowledgment [39] Multi-path routing [59]
Routing toward the primary user Belief propagation [38] Routing game [60]
Route maintenance Control messages fabrication Use authenticated routing protocols [61]
Replay Time stamping [66] Digital signature with bloom filter [63]
IP datagram fragmentation Ping of death Intrusion detection system (IDS) [66] Intrusion prevention system (IPS) [66]
Tiny fragment Block the fragmented ping [66]
Teardrop Limited fragment size [30,31]
Overlapping fragment
Host addressing Sybil Location using received signal strength [67] Identity validation [43,69,70]

packets toward the attacker believing that this malicious node is SUs [73]. Thus, authentication techniques that rely on cryptography
their neighbor which leads to the loss of these packets. The at- and bring changes to the primary user cannot be applied directly.
tacker can also launch the low-cost ripple effect or network endo- Using secure protocols such as secure efficient ad hoc distance
parasite attacks to make the nodes use specific channels which can vector routing protocol (SEAD) [54] and secure ad-hoc on-demand
cause the loss of these packets. Furthermore, an attacker can break distance vector (SAODV) [55] is important. But these protocols can-
down the network by continuously broadcasting fake control mes- not be applied in CRN as they do not consider the specifications
sages which make the source node believes that the route toward related to cognitive radio such as the spectrum availability. Indeed,
the destination is no more active. A sybil attacker can also attack CR routing protocols need to address all the key issues including
the availability of the network as this attacker can have multiple security and spectrum availability. Thus, in order to select a route,
identities and then launch some attacks such primary user emula- multiple metrics have to be used. For instance, we can use trust
tion without being tracked. A sybil node can also attack the non- and location-based metrics to perform a path selection. The trust
repudiation by attaching a fake identity to each message sent. The metric can be used to choose only the nodes that satisfy a specific
attacks on confidentiality can be achieved if a malicious node owns trust level. The location based metric can be used to choose nodes
the decryption key and succeeds in becoming a relay for data pack- that are far from the PU in order to avoid the channel switching.
ets forwarding toward a destination by using wormhole or sinkhole However, maximizing the trust by choosing the trusted nodes and
attack. avoiding the areas covered by a PU can be a difficult issue as some
Most of the existing detection and countermeasure techniques trusted nodes can be close to the PU. Thus, establishing a route us-
proposed for traditional wireless networks can be applied to CRN. ing multiple metrics may require a tradeoff between these metrics
Table 2 gives a summary of the detection and countermeasure [74].
techniques. In this table, the third column gives a description of To counter the selective forwarding attack, a multipath rout-
each detection technique where a node can monitor the behavior ing protocol can be used because sending messages through com-
or use a specific hardware, time stamping, nodes acknowledgment, pletely disjoint nodes can allow avoiding the routes that involve
or belief propagation to detect the attacker. The fourth column compromised nodes. Moreover, multipath routing protocols can be
gives a list of the existing countermeasures to deal with attacks. a useful solution to avoid coming across a PU activity that may re-
Most of these countermeasures are based on the cryptographic quire channel switching during the process of data packet forward-
primitives, but some attacks can be tackled by using a framework ing. However, multipath routing protocols refer to routing through
for channel assignment, checking the bi-directionality of a link, or paths that shared no common nodes except the source and the
using a multi-path routing. destination [59], selecting completely disjoint routes can be very

6. Challenges and future directions

7. Conclusion
Regarding the specific characteristics of CRN, some security
challenges can arise. For example, using cryptography can meet The number of mobile devices has exponentially increased over
some resource limitations such as bandwidth and power. Further- the last decade, which led to spectrum scarcity. CRN with soft-
more, the authentication of a PU is of paramount importance, ware defined radio provides more available spectrum channels to
but authentication techniques can have some limitations and con- CR users. However, this new technology also provides the opportu-
straints. One of the constraints is that authentication above the nity for malicious users to perpetrate new attacks by exploiting CR
physical layer cannot be performed because both the PU and SU functionalities. These attacks can be performed in different layers
need to run the same protocols on the same layer. For instance, of the TCP/IP protocol stack. This paper focused on attacks that tar-
to perform the authentication in the network layer, both PU and get different functions of the network layer, introduced the existing
SU need to use the same protocol which is either the IP or IPsec. attacks in traditional wireless networks, and studied their feasibil-
In CRN, the SU uses the IP protocol but the PU, a TV tower, does ity in CRN. Furthermore, it presented attacks that can occur only
not use the IP protocol. The second constraint is that the FCC re- in CRN based on their specifications such as spectrum availability
quires that no modification to the primary system should be per- and PU activity. For each attack, the existing mitigation techniques
formed to accommodate the opportunistic use of the spectrum by were presented.
M. Bouabdellah et al. / Journal of Information Security and Applications 38 (2018) 40–49 49

References [38] Karlof C, Wagner D. Secure routing in wireless sensor networks: attacks and
countermeasures. Ad Hoc Netw 2003;1(2):293–315.
[1] Kaabouch N, Hu W-C, editors. Handbook of research on software-defined and [39] Yu Bo, Xiao Bin. Detecting selective forwarding attacks in wireless sensor net-
cognitive radio technologies for dynamic spectrum management. IGI Global; works. In: Proceedings 20th IEEE international parallel & distributed process-
2015. ing symposium; 2006. p. 8.
[2] Manesh MR, Apu MS, Kaabouch N, Hu W-C. Performance evaluation of spec- [40] Sharma P, Saluja M, Saluja K. A review of selective forwarding attacks in wire-
trum sensing techniques for cognitive radio systems. In: 2016 IEEE 7th annual less sensor networks. Int J Adv 2012;2(3).
ubiquitous computing, electronics & mobile communication conference (UEM- [41] Nafaa M, Ghanemi S. Analysis of security attacks in AODV. Multimed Comput
CON); 2016. p. 1–7. Syst 2014:752–6.
[3] Čabrić D, Mishra S, Willkomm D. A cognitive radio approach for usage of vir- [42] Newsome J, Shi E, Song D, Perrig A. The sybil attack in sensor networks: anal-
tual unlicensed spectrum. 14th IST Mob.; 2005. ysis & defenses. In: Proc. 3rd; 2004.
[4] Sultana A, Fernando X, Zhao L. An overview of medium access control strate- [43] Elderini T, Kaabouch N, Reyes H. Channel quality estimation metrics in cogni-
gies for opportunistic spectrum access in cognitive radio networks. Peer– tive radio networks: a survey. IET Commun 2017.
to-Peer Netw 2016;10(5):1113–41. [44] Darwish M, Ouda A, Capretz L. Cloud-based DDoS attacks and defenses. Infor-
[5] Akyildiz I, Lee W, Chowdhury K. CRAHNs: cognitive radio ad hoc networks. AD mation society (i-Society); 2013.
Hoc Netw 2009;7(5):810–36. [45] Atlasis A. Attacking IPv6 implementation using fragmentation. BlackHat Eur.;
[6] Zou Y, Zhu J, Yang L, Liang Y. Securing physical-layer communications for cog- 2012.
nitive radio networks. IEEE Commun. 2015;53(9):48–54. [46] Pathan ASK, editor. Security ofself-organizing networks: MANET, WSN, WMN,
[7] Yu R, Zhang Y, Liu Y, Gjessing S, Guizani M. Securing cognitive radio networks VANET, CRC press; 2016.
against primary user emulation attacks. IEEE Netw 2016;30((Nov.)6):62–9. [47] Hu Y, Perrig A, Johnson D. Wormhole attacks in wireless networks. IEEE J Sel
[8] Zou Y, Zhu J, Wang X, Leung V. Improving physical-layer security in wireless Areas 2006;24(2):370–3801.
communications using diversity techniques. IEEE Netw 2015;29(1):42–8. [48] Hu L, Evans D. Using directional antennas to prevent wormhole attacks. NDSS;
[9] Shu Z, Qian Y, Ci S. On physical layer security for cognitive radio networks. 2004.
IEEE Netw 2013;27(3):28–33. [49] Hu Y, Perrig A, Johnson D. Packet leashes: a defense against wormhole attacks
[10] Zou Y, Wang X, Shen W. Physical-layer security with multiuser scheduling in in wireless networks. INFOCOM 2003. Twenty-; 2003.
cognitive radio networks. IEEE Trans 2013;61(12):5103–13. [50] Matam R, Tripathy S. WRSR: wormhole-resistant secure routing for wireless
[11] Wang H, Lightfoot L, Li T. On phy-layer security of cognitive radio: collabora- mesh networks. EURASIP J Wirel Commun 2013;2013(1):180.
tive sensing under malicious attacks. Inf Sci Syst 2010:1–6. [51] Eriksson J, Krishnamurthy S. Truelink: a practical countermeasure to the
[12] Borle K, Chen B, Du W. A physical layer authentication scheme for countering wormhole attack in wireless networks. Network protocols, 2006; 2006.
primary user emulation attack. Acoust Speech Signal 2013:2935–9. [52] Shafiei H, Khonsari A, Derakhshi H. Detection and mitigation of sinkhole at-
[13] Alahmadi A, Abdelhakim M, Ren Jian, Li Tongtong. Defense against primary tacks in wireless sensor networks. J Comput 2014;80(3):644–53.
user emulation attacks in cognitive radio networks using advanced encryption [53] Cervantes C, Poplade D, Nogueira M. Detection of sinkhole attacks for support-
standard. IEEE Trans Inf Forensics Secur 2014;9((May)5):772–81. ing secure routing on 6LoWPAN for Internet of Things. (IM), 2015 IFIP/IEEE …;
[14] Nguyen-Thanh N, Ciblat P, Pham A. Surveillance strategies against primary user 2015.
emulation attack in cognitive radio networks. IEEE Trans 2015;14(9):4981–93. [54] Hu Y, Johnson D, Perrig A. SEAD: secure efficient distance vector routing for
[15] Bian K, Park J. MAC-layer misbehaviors in multi-hop cognitive radio networks. mobile wireless ad hoc networks. Ad Hoc Netw 2003;1(1):175–92.
2006 US-Korea conf. sci.; 2006. [55] Lu S, Li L, Lam K, Jia L. SAODV: a MANET routing protocol that can withstand
[16] Zhang Y, Lazos L. Vulnerabilities of cognitive radio MAC protocols and coun- black hole attack. Comput Intell 2009;2:421–5.
termeasures. IEEE Netw 2013;27(3):40–451. [56] Giruka VC, Singhal M, Royalty J, Varanasi S. Security in wireless sensor net-
[17] Zhu L, Zhou H. Two types of attacks against cognitive radio network MAC pro- works. Wirel Commun Mob Comput 2008;8((Jan.)1):1–24.
tocols. Comput Sci Softw Eng 2008;4:1110–13. [57] Xia Y, Gong Z, Zhao B, Su J. A new security mechanism for dynamic channel
[18] Hu F, Dong D, Xiao Y. Attacks and countermeasures in multi-hop cognitive assignment in wireless mesh networks. Front Comput Sci 2009:587–92.
radio networks. Int J Secur 2009;4(4):263–71. [58] Kim M, Ning P. SeCA: a framework for secure channel assignment in wireless
[19] Zhang L, Ding G, Wu Q, Zou Y, Han Z. Byzantine attack and defense in cogni- mesh networks. Comput Commun 2011;34(4):567–76.
tive radio networks: a survey. Surv Tutor 2015;17(3):1342–63. [59] Sha K, Gehlot J, Greve R. Multipath routing techniques in wireless sensor net-
[20] Vempaty A, Tong L, Varshney P. Distributed inference with Byzantine data: works: a survey. Wirel Pers Commun 2013:1–23.
state-of-the-art review on data falsification attacks. IEEE Signal Process [60] Wang W, Kwasinski A, Han Z. A routing game in cognitive radio networks
2013;30(5):65–751. against routing-toward-primary-user attacks. Wirel Commun 2014:2510–15.
[21] Li J, Feng Z, Feng Z, Zhang P. A survey of security issues in cognitive radio [61] Zhen J, Srinivas S. Preventing replay attacks for secure routing in ad hoc net-
networks. China Commun 2015;12((Mar.)3):132–50. works. International conference on ad-hoc networks; 2003.
[22] Ma H, Zheng L, Ma X. Spectrum aware routing for multi-hop cognitive radio [62] Sanzgiri K, Dahill B, Levine BN, Shields C, Belding-Royer EM. Asecure routing
networks with a single transceiver. Cogn Radio Oriented Wirel 2008:1–6. protocol for ad hoc networks. In: 10th IEEE International Conference on Net-
[23] Baldini G, Sturman T, Biswas A. Security aspects in software defined ra- work Protocols. Proceedings; 2002. p. 78–87.
dio and cognitive radio networks: a survey and a way ahead. Surv Tutor [63] Feng Z, Ning J, Broustis I, Pelechrinis K. Coping with packet replay attacks in
2012;14(2):355–79. wireless networks. Sensor, mesh; 2011.
[24] Fihri W, Salahdine F, El Ghazi H. A survey on decentralized random access [64] Shamshirband S, Patel A, Anuar NB, Kiah MLM, Abraham A. Cooperative game
MAC protocols for cognitive radio networks. Advanced; 2016. theoretic approach using fuzzy Q-learning for detecting and preventing intru-
[25] Hlavacek D, Chang J. A layered approach to cognitive radio network security: sions in wireless sensor networks. Eng Appl Artif Intell 2014;32:228–41.
a survey. Comput Netw 2014;75:414–36. [65] Riahi Manesh M, Kaabouch N. Analysis of Attacks and Vulnerabilities
[26] Parvin S, Hussain F, Hussain O, Han S. Cognitive radio network security: a sur- of Automatic Dependent Surveillance-Broadcast. Inter J Crit Infra Protect
vey. J Netw 2012;35(6):1691–708. 2017;19:16–31.
[27] Wu P, Cui Y, Wu J, Liu J, Metz C. Transition from IPv4 to IPv6: a state-of-the-art [66] Harris B, Hunt R. TCP/IP security threats and attack methods. Comput Commun
survey. Commun Surv 2013;15(3):1407–24. 1999;22(10):885–97.
[28] Narten T, Simpson WA, Nordmark E, Soliman H. Neighbor discovery for IP ver- [67] Demirbas M, Song Y. An RSSI-based scheme for sybil attack detection in wire-
sion 6 (IPv6). less sensor networks. 2006 international symposium; 2006.
[29] Patel A, Mokbel M, Zhao S. Fragmentation attack on wireless network. Comput [68] Canetti R. Universally composable signature, certification, and authentication.
Sci Univ 2007. Computer security foundations workshop, 2004; 2004.
[30] Hummen R, Hiller J, Wirtz H, Henze M. 6LoWPAN fragmentation attacks and [69] Q. Zhang, P. Wang, D.S. Reeves, and P. Ning, “Defending against sybil attacks in
mitigation mechanisms. In: Proc. sixth; 2013. sensor networks,” in 25th IEEE international conference on distributed computing
[31] Salim S, Moh S. On-demand routing protocols for cognitive radio ad hoc net- systems workshops, pp. 185–191.
works. EURASIP J Wirel 2013;2013(1):102. [70] Pires WR, de Paula Figueiredo TH, Wong HC, Loureiro AAF. Malicious node de-
[32] Thalor J, Monika M. Wormhole attack detection and prevention technique in tection in wireless sensor networks. In: 18th International Parallel and Dis-
mobile ad hoc networks: a review. Int J Adv 2013;3(2). tributed Processing Symposium. Proceedings; 2004. p. 24–30.
[33] Khalil I, Bagchi S, Shroff N. LITEWORP: a lightweight countermeasure [71] Bouabdellah M, El Bouanani F, Ben-Azza H. A secure cooperative transmission
for the wormhole attack in multihop wireless networks. Dependable Syst model in VANET using attribute basedencryption. In: Advanced Communica-
2005:612–21. tion Systemsand Information Security (ACOSIS), International Conference on.
[34] El Mouaatamid O, Lahmer M. Internet of Things security: layered classification IEEE; 2016. p. 1–6.
of attacks and possible countermeasures. Electron J 2016(9). [72] Riahi Manesh M, Kaabouch N. Security Threats and Countermeasures of MAC
[35] Singh V, Ukey A, Jain S. Signal strength based hello flood attack detection and Layerin Cognitive Radio Networks. Ad HocNetworks 2017:85–102.
prevention in wireless sensor networks. Int J 2013;62(15). [73] Adelstein J. Facilitating opportunities for flexible, efficient, and reliable spec-
[36] Naveed A, Kanhere SS. NIS07-5: security vulnerabilities in channel assign- trum use employing spectrum agile radio technologies (ET Docket No. 03 108).
ment of multi-radio multi-channel wireless mesh networks. In: IEEE Globecom Washington, DC: USA FCC; 2003.
20 06; 20 06. p. 1–5. [74] Youssef M, Ibrahim M, Latif M, Chen L. Routing metrics of cognitive radio net-
[37] Yuan Z, Han Z, Sun Y, Li H. Routing-toward-primary-user attack and be- works: a survey. IEEE; 2014.
lief propagation-based defense in cognitive radio networks. IEEE Trans

View publication stats