Method for defense against primary user emulation attacks in cognitive radio networks using advanced encryption

Abstract

A method for defense against primary user emulation attacks in cognitive radio networks includes the steps of generating an advanced encryption standard (AES)-encrypted reference signal with a transmitter for transmitting to at least one receiver. The method also includes the steps of allowing a shared secret between the transmitter and the at least one receiver and regenerating the reference signal at the at least one receiver and using the regenerated reference signal to achieve accurate identification of authorized primary users as well as malicious users.

Claims

1. A method for defense against primary user emulation attacks in cognitive radio networks comprising the steps of: generating an advanced encryption standard (AES)-encrypted reference signal with a transmitter for transmitting to at least one receiver; allowing a shared secret between the transmitter and the at least one receiver; regenerating the reference signal at the at least one receiver and using the regenerated reference signal to achieve accurate identification of authorized primary users as well as malicious users; analyzing an auto-correlation of the received reference signal by the at least one receiver; detecting by the at least one receiver whether the primary user is present or not by comparing a cross-correlation between the received reference signal and a received signal to a predetermined threshold; and concluding that the primary user is present if the cross-correlation is greater than the predetermined threshold and concluding that the primary user is not present if the cross-correlation is less than the predetermined threshold.

2. A method as set forth in claim 1 wherein said step of generating comprises using an AES encrypted reference sequence as synchronization bytes of each digital television (DTV) data frame.

3. A method as set forth in claim 1 including the step of detecting the presence of a malicious user based on the auto-correlation analysis whether the primary user is present or not.

4. A method as set forth in claim 1 including the step of operating the authorized secondary users over white spaces of a digital TV (DTV) band.

5. A method as set forth in claim 1 including the step of generating a pseudo-random (PN) sequence using a Linear Feedback Shift Register (LFSR).

6. A method as set forth in claim 5 wherein said step of generating includes using a secure integration vector (IV) with the LFSR.

7. A method as set forth in claim 6 including the step of encrypting the PN sequence with an AES process.

8. A method as set forth in claim 7 including the step of using a maximum length sequence from the IV as an input to the AES process.

9. A method for defense against primary user emulation attacks in cognitive radio networks comprising the steps of: providing a transmitter for transmitting to at least one receiver; generating an advanced encryption standard (AES)-encrypted reference signal with the transmitter; allowing a shared secret between the transmitter and the at least one receiver; regenerating the reference signal at the at least one receiver and using the regenerated reference signal to achieve accurate identification of authorized primary users as well as malicious users; analyzing an auto-correlation of the received reference signal by the at least one receiver; detecting by the at least one receiver whether the primary user is present or not by comparing a cross-correlation between the received reference signal and a received signal to a predetermined threshold; concluding that the primary user is present if the cross-correlation is greater than the predetermined threshold and concluding that the primary user is not present if the cross-correlation is less than the predetermined threshold; and detecting the presence of a malicious user based on the auto-correlation analysis whether the primary user is present or not.

10. A method as set forth in claim 9 wherein said step of generating comprises using an AES encrypted reference sequence as synchronization bytes of each DTV data frame.

11. A method as set forth in claim 9 including the step of operating the authorized secondary users over white spaces of a digital TV (DTV) band.

12. A method as set forth in claim 9 including the step of generating a pseudo-random (PN) sequence using a Linear Feedback Shift Register (LFSR).

13. A method as set forth in claim 12 wherein said step of generating includes using a secure integration vector (IV) with the LFSR.

14. A method as set forth in claim 13 including the step of encrypting the PN sequence with an AES process.

15. A method as set forth in claim 14 including the step of using a maximum length sequence from the IV as an input to the AES process.

16. A method for defense against primary user emulation attacks in cognitive radio networks comprising the steps of: providing a transmitter and at least one receiver; generating an advanced encryption standard (AES)-encrypted reference signal by a primary user using an AES encrypted reference sequence as synchronization bytes of each DTV data frame with the transmitter and generating a pseudo-random (PN) sequence using a secure integration vector (IV) with a Linear Feedback Shift Register (LFSR); operating authorized secondary users over white spaces of a digital TV (DTV) band; allowing a shared secret between the transmitter and the at least one receiver; regenerating the reference signal at the at least one receiver with the shared secret; analyzing an auto-correlation of the received reference signal by the at least one receiver; detecting by the at least one receiver whether the primary user is present or not by comparing a cross-correlation between the received reference signal and a received signal to a predetermined threshold; concluding that the primary user is present if the cross-correlation is greater than the predetermined threshold and concluding that the primary user is not present if the cross-correlation is less than the predetermined threshold; and detecting the presence of a malicious user based on the auto-correlation analysis whether the primary user is present or not.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) FIG. 1 is a diagrammatic view of an 8-VSB signal frame structure for use with a method, according to the present invention, for defense against primary user emulation attacks in cognitive radio networks.

(2) FIG. 2 is a diagrammatic view of a block diagram for generation of a reference signal for the method, according to the present invention, for defense against primary user emulation attacks in cognitive radio networks.

(3) FIG. 3 is a view of a graph illustrating normalized cross-correlation between the reference signal and noisy versions of a malicious user's signal where the cross-correlation values are in the order of 10.sup.4, which is close to 0, for the method, according to the present invention, for defense against primary user emulation attacks in cognitive radio networks.

(4) FIG. 4 is a view of a graph illustrating normalized cross-correlation between the reference signal and noisy versions of a primary user's signal where .sup.2.sub.s=1 for the method, according to the present invention, for defense against primary user emulation attacks in cognitive radio networks.

(5) FIG. 5 is a view of a graph illustrating optimal thresholds for malicious user detection for =10.sup.3, where P.sub.0=0.25, for the method, according to the present invention, for defense against primary user emulation attacks in cognitive radio networks.

(6) FIGS. 6(a) and 6(b) are diagrammatic views of a false alarm rate P.sub.f and miss detection probability P.sub.m for primary user detection, respectively, of the method, according to the present invention, for defense against primary user emulation attacks in cognitive radio networks.

(7) FIGS. 7(a) and 7(b) are diagrammatic views of an overall false alarm rate and overall miss detection probability for malicious user detection, respectively, of the method, according to the present invention, for defense against primary user emulation attacks in cognitive radio networks.

(8) FIGS. 8(a) and 8(b) is a diagrammatic view of one embodiment of a system for use with a method, according to the present invention, for defense against primary user emulation attacks in cognitive radio networks.

DESCRIPTION OF THE PREFERRED EMBODIMENT(S)

(9) Referring to the drawings and in particular FIGS. 8(a) and 8(b), one embodiment of a system 10 for use with a method, according to the present invention, for defense against primary user emulation attacks in cognitive radio networks, is shown. As illustrated in FIGS. 8(a) and 8(b), the method of the present invention can work in two modes: (1) with an AES-assisted secondary user (SU) coordinator (FIG. 8(a)); or (2) without an AES-assisted secondary user (SU) coordinator (FIG. 8(b)). In one embodiment, the system 10 includes a transmitter such as a digital TV (DTV) transmitter and one or more receivers 14. In both of cases, an AES-based sync bits generator 16 (generally shown in FIG. 2) is included at the DTV transmitter 12, which is also known as the licensed primary user. The generated sync bits play two roles: (i) being used for synchronization between the DTV transmitter 12 and the receivers 14, including both DTV receivers (such as the ordinary DTV set) and secondary user receivers (such as software defined radio (SDR) based communication devices); and (ii) being used as the secure reference signal for primary user identification as well as malicious user detection. It should be appreciated that the AES-based sync bits generator 16 is an advanced encryption standard (AES) chip, which is commercially available and relatively inexpensive.

(10) In Mode (1) of FIG. 8(a), where there is an AES-assisted SU coordinator, then the AES-based sync bits generator is added to the receiver 14 of the coordinator. Using this AES-based sync bits generator 16, the coordinator can regenerate the same secure sync bits, also known as the secure reference signal, generated at the DTV transmitter 12. These secure sync bits are then used to perform synchronization between the AES-assisted DTV transmitter 12 and the receiver 14 of the AES-assisted secondary user (SU) coordinator. The SU coordinator can perform spectral sensing, detect idle spectral spaces, also called white spaces, in the primary user's communications, and assign these whites spaces to the secondary users around it. With the secure reference signal, the AES-assisted secondary user (SU) coordinator can also detect the existence of the malicious user accurately. It should be appreciated that, when an SU coordinator is around, only the SU coordinator needs to perform spectral sensing and primary user/malicious user detection, hence can reduce the burden of each individual SU 15, which is generally a multi-band software defined radio. It should also be appreciated that, at the same time, the SU coordinator can help to avoid the traffic collisions between the SUs.

(11) In Mode (2) of FIG. 8(b), when there is no SU coordinator, then AES-based sync bits generator 16 is added to the receiver 14 of each SU. Each SU then regenerates the same secure sync bits, also known as the secure reference signal, generated at the DTV transmitter 12. These secure sync bits are then used to perform synchronization between the AES-assisted DTV transmitter 12 and the receiver 14 of the AES-assisted secondary users (SUs). With the secure reference signal, the AES-assisted secondary users (SUs) can also perform spectral sensing, and detect the presence or absence of the primary user accurately. It should be appreciated that, at the same time, the AES-assisted secondary users (SUs) can also use the secure reference signal to detect the malicious user accurately.

(12) The receiver 14 of the AES-assisted secondary user or secondary user coordinator includes a correlation detector. The correlation detector evaluates the cross-correlation between a received signal r and a regenerated reference signal s for the primary user detection, and the auto-correlation of the received signal r for the malicious user detection.

(13) In the system 10, an eight-level vestigial sideband (8-VSB) modulation is used for transmitting digital signals after they are partitioned into frames by the transmitter 12. The frame structure of the 8-VSB signal is illustrated in FIG. 1. Each frame has two data fields, and each data field has 313 data segments. The first data segment of each data field is used for frame synchronization and channel estimation at the receiver 14. The remaining 624 segments are used for data transmission. Each data segment contains 832 symbols, including 4 symbols used for segment synchronization. The segment synchronization bits are identical for all data segments. In one embodiment, the segment duration is 77.3 s, hence the overall time duration for one frame is 48.4 ms. It should be appreciated that frame structure of the 8-VSB signal is known in the art and is unchanged in this application.

(14) The system 10 is used for robust and reliable primary and secondary system operations in cognitive radio networks. In the system 10, the primary user generates a pseudo-random (PN) AES-encrypted reference signal that is used as the segment synchronization bits. The synchronization bits in the field synchronization segments remain unchanged for the channel estimation purposes. At the receiving end, the reference signal is regenerated for the detection of the primary user and malicious user. It should be appreciated that synchronization is still guaranteed in the method since the reference bits are also used for synchronization purposes.

(15) In the system 10, the transmitter 12 obtains the reference signal through two steps: first, generating a pseudo-random (PN) sequence, then encrypting the sequence with an AES process provided by the AES-based sync bits generator 16. More specifically, as illustrated in FIG. 2, the PN sequence is first generated using Linear Feedback Shift Register (LFSR) 18 with a secure initialization vector (IV) 20. Maximum-length LFSR sequences can be achieved by tapping the LFSRs according to primitive polynomials. The maximum sequence length that can be achieved with a primitive polynomial of degree m is 2.sup.m1. Without loss of generality, a maximum-length sequence is assumed throughout this application.

(16) Once the maximum-length sequence is generated, it is used as an input to an AES process 22, as illustrated in FIG. 2. In one embodiment, a 256-bit secret key 24 is used for the AES encryption so that the maximum possible security is achieved.

(17) If the PN sequence is denoted by x, then the output of the AES process 22 is used as the reference signal s, which can be expressed as:
s=E(k,x)(1)

(18) Here k is the key 24, and E(.,.) denotes the AES encryption operation. The transmitter 12 then places the reference signal s in the synchronization bits of the DTV data segments.

(19) The receiver 14 of the AES-assisted secondary user or secondary user coordinator regenerates the encrypted reference signal by the receiver 14 therein with the secret key and IV 20 that are shared between the transmitter 12 and receiver 14. It should be appreciated that the secret key 24 is available at the receiver 14 and the PN sequence can be regenerated. In the receiver 14, the correlation detector is employed, where for the primary user detection, the receiver 14 evaluates the cross-correlation between the received signal r and the regenerated reference signal s, and for malicious user detection, the receiver 14 further evaluates the auto-correlation of the received signal r. The cross-correlation of two random variables x and y is defined as:
R.sub.xy=<x,y>=E{xy*}(2)

(20) Under PUEAs, the received signal can be modeled as:
r=s+m+n,(3)

(21) where s is the reference signal, m is the malicious signal, n is the noise, and and are binary indicators for the presence of the primary user and malicious user, respectively. More specifically, =0 or 1 means the primary user is absent or present, respectively; and =0 or 1 means the malicious user is absent or present, respectively.

(22) 1. Detection of the Primary User:

(23) To detect the presence of the primary user, the receiver 14 evaluates the cross-correlation between the reference signal s and the received signal r, i.e.,

(24) $\begin{array}{cc}\begin{array}{c}{R}_{\mathrm{rs}}=.Math.r,s.Math.=.Math.s,s.Math.+.Math.m,s.Math.+.Math.n,s.Math.\\ ={}_s^2,\end{array}& \left(4\right)\end{array}$

(25) where .sup.2.sub.s is the primary user's signal power, and s, m, n are assumed to be independent of each other and are of zero mean. Depending on the value of a in equation (4), the receiver 14 decides whether the primary user is present or absent.

(26) Assuming that the signals are ergodic, then the ensemble average can be approximated by the time average. In one embodiment, the time average is used to estimate the cross-correlation. The estimated cross correlation {dot over (R)}.sub.rs is given by:

(27) $\begin{array}{cc}{\hat{R}}_{\mathrm{rs}}\stackrel{}{=}\underset{i=1}{\overset{N}{.Math.}}\frac{r_i.Math.s_i^{*}}{N}.& \left(5\right)\end{array}$

(28) Where N is the reference signal's length, s.sub.i and r.sub.i denote the ith symbol of the reference and received signal, respectively.

(29) To detect the primary user, the receiver 14 compares the cross-correlation between the reference signal s and the received signal r to a predefined threshold . This results in two cases:

(30) If the cross-correlation is greater than or equal to , that is:
R.sub.rs,(6)

(31) then the receiver 14 concludes that the primary user is present, i.e., =1.

(32) If the cross-correlation is less than , that is:
{dot over (R)}.sub.rs<,(7)

(33) Then the receiver 14 concludes that the primary user is absent, i.e., =0.

(34) The detection can be modeled as a binary hypothesis test with the following two hypotheses:
H.sub.0: the primary user is absent ({circumflex over (R)}.sub.rs<)
H.sub.1: the primary user is present ({circumflex over (R)}.sub.rs)

(35) As can be seen from equation (4), the cross-correlation between the reference signal s and the received signal r is equal to 0 or .sup.2.sub.s, in case when the primary user is absent or present, respectively. Following the minimum distance rule, =.sup.2.sub.s/2 is the threshold for primary user detection.

(36) 2. Detection of the Malicious User:

(37) For malicious user detection, the receiver 14 further evaluates the auto-correlation of the received signal r, i.e.,

(38) $\begin{array}{cc}\begin{array}{c}{R}_{\mathrm{rr}}=.Math.r,r.Math.={}^2.Math.s,s.Math.+{}^2.Math.m,m.Math.+.Math.n,n.Math.\\ ={}^2{}_s^2+{}^2{}_m^2+{}_n^2,\end{array}& \left(8\right)\end{array}$

(39) where .sup.2.sub.m and .sup.2.sub.n denote the malicious user's signal power and the noise power, respectively. Based on the value of from equation (4), can be determined accordingly through equation (8). The following cases result:

(40) $\begin{array}{cc}{R}_{\mathrm{rr}}=\{\begin{array}{cc}{}_s^2+{}_m^2+{}_n^2,& =1,=1\\ {}_s^2+{}_n^2,& =1,=0\\ {}_m^2+{}_n^2,& =0,=1\\ {}_n^2,& =0,=0\end{array}& \left(9\right)\end{array}$

(41) Assuming ergodic signals, the time average to estimate the auto-correlation is used as follows:

(42) $\begin{array}{cc}{\hat{R}}_{\mathrm{rr}}\stackrel{}{=}\underset{i=1}{\overset{N}{.Math.}}\frac{r_i.Math.r_i^{*}}{N}.& \left(10\right)\end{array}$

(43) The detection problem can be modeled using four hypotheses, denoted by H.sub., where , {0, 1}:
H.sub.00: the MU is absent given that =0
H.sub.01: the MU is present given that =0
H.sub.10: the MU is absent given that =1
H.sub.11: the MU is present given that =1

(44) In one embodiment, an estimated value of is denoted as {circumflex over ()}. The is estimated after {circumflex over ()} is obtained. To do this, the receiver 14 compares the auto-correlation of the received signal to two predefined thresholds .sub.0 and .sub.1 based on the previously detected {circumflex over ()}. More specifically, the receiver 14 compares the auto-correlation of the received signal r to .sub.0 when {circumflex over ()}=0, and to .sub.1 when {circumflex over ()}=1. That is:

(45) $\begin{array}{cc}\{\begin{array}{cc}{\hat{H}}_{00}:{\hat{R}}_{\mathrm{rr}}<{}_0,& \mathrm{given}\mathrm{that}\hat{}=0,\left(=0\right)\\ {\hat{H}}_{01}:{\hat{R}}_{\mathrm{rr}}{}_0,& \mathrm{given}\mathrm{that}\hat{}=0,\left(=1\right)\\ {\hat{H}}_{10}:{\hat{R}}_{\mathrm{rr}}<{}_1,& \mathrm{given}\mathrm{that}\hat{}=1,\left(=0\right)\\ {\hat{H}}_{11}:{\hat{R}}_{\mathrm{rr}}{}_1,& \mathrm{given}\mathrm{that}\hat{}=1,\left(=1\right)\end{array}& \left(11\right)\end{array}$

(46) The performance of the detection process for the primary user and malicious user is evaluated through false alarm rates and the miss detection probabilities to be described.

(47) Analytical Evaluation for Primary User Detection

(48) The performance of the system 10 is analyzed for primary user detection, under H.sub.0 and H.sub.1, through evaluation of the false alarm rate and the miss detection probability.

(49) It is assumed that the detection of the primary user has a false alarm rate P.sub.f and a miss detection probability P.sub.m, respectively. The false alarm rate P.sub.f is the conditional probability that the primary user is considered to be present, when it is actually absent, i.e.
P.sub.f=Pr(H.sub.1|H.sub.0)(12)

(50) The miss detection probability P.sub.m is the conditional probability that the primary user is considered to be absent, when it is present, i.e.,
P.sub.m=Pr(H.sub.0|H.sub.1)(13)

(51) As can be seen from equation (5), {circumflex over (R)}.sub.rz is the averaged summation of N random variables. Since N is large, then based on the central limit theorem, {circumflex over (R)}.sub.rs can be modeled as a Gaussian random variable. More specifically, under H.sub.0, {circumflex over (R)}.sub.rsN(.sub.0, .sub.0.sup.2) and under H.sub.1, where {circumflex over (R)}.sub.rs{circumflex over ()}N(.sub.1, .sub.1.sup.2), where .sub.0, .sub.0, and .sub.1, .sub.1, can be derived as follows.

(52) Under H.sub.0, the received signal is represented as r.sub.im.sub.i+n.sub.i, where m.sub.i is the ith malicious symbol, and n.sub.iN(0, .sub.n.sup.2). Then, the mean .sub.0 can be obtained as:

(53) $\begin{array}{cc}\begin{array}{c}{}_0=\frac{1}{N}\mathrm{��}\left\{\underset{i=1}{\overset{N}{.Math.}}\left(m_i+n_i\right)s_i^{*}\right\}\\ =0.\end{array}& \left(14\right)\end{array}$

(54) The variance .sup.2.sub.0 can be obtained as:

(55) $\begin{array}{cc}\begin{array}{c}{}_0^2=\mathrm{��}\left\{{.Math.{\hat{R}}_{\mathrm{rs}}.Math.}^2\right\}-{.Math.{}_0.Math.}^2\\ =\frac{1}{N}\left[{}^2{}_s^2{}_m^2+{}_s^2{}_n^2\right)].\end{array}& \left(15\right)\end{array}$

(56) Similarly, under H.sub.1, the received signal is represented as r.sub.i=s.sub.i+m.sub.i+n.sub.i, and the mean .sub.1 can be obtained as follows:

(57) $\begin{array}{cc}\begin{array}{c}{}_1=\frac{1}{N}\mathrm{��}\left\{\underset{i=1}{\overset{N}{.Math.}}\left(s_i+m_i+n_i\right)s_i^{*}\right\}\\ ={}_s^2,\end{array}& \left(16\right)\end{array}$

(58) and .sup.2.sub.1 can be obtained as:

(59) 0$\begin{array}{cc}\begin{array}{c}{}_1^2=\mathrm{��}\left\{{.Math.{\hat{R}}_{\mathrm{rs}}.Math.}^2\right\}-{.Math.{}_1.Math.}^2\\ =\frac{1}{N}\left[\mathrm{��}\left\{{.Math.\tilde{s}.Math.}^4\right\}+{}^2{}_s^2{}_m^2+{}_s^2{}_n^2-{\left({}_s^2\right)}^2\right],\end{array}& \left(17\right)\end{array}$

(60) where we assume that {|s.sub.i|.sup.4}={|{tilde over (s)}|.sup.4}i.

(61) Following equation (12), the false alarm rate P.sub.f can be obtained as:

(62) $\begin{array}{cc}\begin{array}{c}{P}_f=P_r\left\{{\hat{R}}_{\mathrm{rs}}|H_0\right\}\\ ={}_{}^{}\frac{1}{\sqrt{2}{}_0}{}^{-\frac{{\left(x-{}_0\right)}^2}{2{}_0^2}}x\\ =Q\left(\frac{-{}_0}{{}_0}\right).\end{array}& \left(18\right)\end{array}$

(63) Similarly, following equation (13), the miss detection probability P.sub.m, can be obtained as:

(64) $\begin{array}{cc}\begin{array}{c}{P}_m=P_r\left\{{\hat{R}}_{\mathrm{rs}}<|H_1\right\}\\ ={}_{-}^{}\frac{1}{\sqrt{2}{}_1}{}^{-\frac{{\left(x-{}_1\right)}^2}{2{}_1^2}}x\\ =1-Q\left(\frac{-{}_1}{{}_1}\right).\end{array}& \left(19\right)\end{array}$

(65) As will be described, when =.sup.2.sub.0/2, both P.sub.f and P.sub.m are essentially zero, and independent of the SNR values. The underlying argument is that the detection of the primary user is based on {circumflex over (R)}.sub.rs (see equation (4)), which is independent of both .sub.m.sup.2 and .sub.n.sup.2.

Analytical Evaluation for Malicious User Detection

(66) False Alarm Rate and Miss Detection Probability for Malicious User Detection

(67) The false alarm rate and miss detection probability for the detection of malicious user are evaluated. Define {hacek over (P)}.sub.j,0 and {hacek over (P)}.sub.j,1 as the false alarm rate when {circumflex over ()}=0 or {circumflex over ()}=1, respectively,
{tilde over (P)}.sub.f,0=Pr(.sub.01|.sub.00),(20)
{tilde over (P)}.sub.f,1=Pr(.sub.11|.sub.10).(21)

(68) The overall false alarm rate is given by:
{tilde over (P)}.sub.f={circumflex over (P)}.sub.0{circumflex over (P)}.sub.f,0+(1{circumflex over (P)}.sub.0){circumflex over (P)}.sub.f,1.(22)

(69) where {circumflex over (P)}.sub.0 is the probability that =0, i.e.
{circumflex over (P)}.sub.0=(1P.sub.f)P(=0)+P.sub.mP(=1).(23)

(70) As will be described, with the avalanche effect of the AES process 22, the cross-correlation between the reference signal and the received signal is always around .sup.2.sub.s or 0, depending on whether the primary user is present or absent, respectively. That is, P.sub.f and P.sub.m are negligible, as will be described. Therefore, in the following, it is assumed that {circumflex over ()}=, and no distinction between .sub.{circumflex over ()} and H.sub.; it follows that {circumflex over (P)}.sub.0=P.sub.0=P(=0) Hence, the overall false alarm rate is given by:
{circumflex over (P)}.sub.f=P.sub.0{circumflex over (P)}.sub.f,0+(1P.sub.0){circumflex over (P)}.sub.f,1.(24)

(71) Similarly, the miss detection probabilities can be defined as {tilde over (P)}.sub.m,0 and {tilde over (P)}.sub.m,1, when the primary user is absent and present, respectively, i.e.,
{tilde over (P)}.sub.m,0=Pr(H.sub.00|H.sub.01).(25)
{tilde over (P)}.sub.m,1=Pr(H.sub.10|H.sub.11).(26)

(72) The overall malicious node miss detection probability is defined as:
{tilde over (P)}.sub.m=P.sub.0{tilde over (P)}.sub.m,0+(1P.sub.0){tilde over (P)}.sub.m,1.(27)

(73) Since {tilde over (R)}.sub.rr is the averaged summation of a large number of random variables, then based on the central limit theorem, {tilde over (R)}.sub.rr can be modeled as a Gaussian random variable. The following case results:

(74) $\begin{array}{cc}\{\begin{array}{cc}{\hat{R}}_{\mathrm{rr}}\mathrm{��}\left({}_{00},{}_{00}^2\right),& H_{00}\\ {\hat{R}}_{\mathrm{rr}}\mathrm{��}\left({}_{01},{}_{01}^2\right),& H_{01}\\ {\hat{R}}_{\mathrm{rr}}\mathrm{��}\left({}_{10},{}_{10}^2\right),& H_{10}\\ {\hat{R}}_{\mathrm{rr}}\mathrm{��}\left({}_{11},{}_{11}^2\right),& H_{11}\end{array}& \left(28\right)\end{array}$

(75) where .sub.00, .sub.00, .sub.01, .sub.01, .sub.10, .sub.10, and .sub.11, .sub.11 can be derived as follows. Under H.sub.00, both the primary user and malicious user are absent, resulting in r.sub.i=n.sub.i. It follows that:

(76) $\begin{array}{cc}\begin{array}{c}{}_{00}^2=\mathrm{��}\left\{{.Math.{\hat{R}}_{\mathrm{rr}}.Math.}^2\right\}-{.Math.{}_{00}.Math.}^2\\ =\frac{1}{N}\left[\mathrm{��}\left\{{.Math.\tilde{n}.Math.}^4\right\}-{\left({}_n^2\right)}^2\right],\end{array}& \left(30\right)\end{array}$

(77) and .sub.00.sup.2 can be obtained as:

(78) $\begin{array}{cc}\begin{array}{c}{}_{00}=\frac{1}{N}\mathrm{��}\left\{\underset{i=1}{\overset{N}{.Math.}}{n}_i{n}_i^{*}\right\}\\ ={}_n^2,\end{array}& \left(29\right)\end{array}$

(79) where it is assumed that {|n.sub.i|.sup.4}={|n|.sup.4}i. Similarly, under H.sub.01, the received signal is represented as r.sub.i=m.sub.i+n.sub.i, and the mean .sub.01 can be obtained as follows:

(80) $\begin{array}{cc}\begin{array}{c}{}_{01}=\frac{1}{N}\mathrm{��}\left\{\underset{i=1}{\overset{N}{.Math.}}\left(m_i+n_i\right){\left(m_i+n_i\right)}^{*}\right\}\\ ={}_m^2+{}_n^2.\end{array}& \left(31\right)\end{array}$

(81) The variance r.sub.01.sup.2 can be obtained as:

(82) $\begin{array}{cc}\begin{array}{c}{}_{01}^2=\mathrm{��}\left\{{.Math.{\hat{R}}_{\mathrm{rr}}.Math.}^2\right\}-{.Math.{}_{01}.Math.}^2\\ =\frac{1}{N}[\mathrm{��}\left\{{.Math.\tilde{m}.Math.}^4\right\}+\mathrm{��}\left\{{.Math.\tilde{n}.Math.}^4\right\}+\mathrm{��}\left\{2\left\{{\left(\tilde{m}\right)}^2{\left({\tilde{n}}^{*}\right)}^2\right\}\right\}+\\ 2{}_m^2{}_n^2-{\left({}_m^2\right)}^2-{\left({}_n^2\right)}^2],\end{array}& \left(32\right)\end{array}$

(83) where it is assumed that {|m.sub.i|.sup.4}={|{tilde over (m)}|.sup.4} and {2{(m.sub.i).sup.2(n.sub.i*)}}={2{({tilde over (m)}).sup.2(*).sup.2}}, i, where {x} means the real part of x.

(84) Under H.sub.10, the received signal is expressed as r.sub.i=s.sub.i+n.sub.i and the mean .sub.10 can be obtained as follows:

(85) $\begin{array}{cc}\begin{array}{c}{}_{10}=\frac{1}{N}\mathrm{��}\left\{\underset{i=1}{\overset{N}{.Math.}}\left(s_i+n_i\right){\left(s_i+n_i\right)}^{*}\right\}\\ ={}_s^2+{}_n^2,\end{array}& \left(33\right)\end{array}$

(86) and |.sub.10.sup.2 can be obtained as:

(87) $\begin{array}{cc}\begin{array}{c}{}_{10}^2=\mathrm{��}\left\{{.Math.{\hat{R}}_{\mathrm{rr}}.Math.}^2\right\}-{.Math.{}_{10}.Math.}^2\\ =\frac{1}{N}[\mathrm{��}\left\{{.Math.\tilde{s}.Math.}^4\right\}+\mathrm{��}\left\{{.Math.\tilde{n}.Math.}^4\right\}+\mathrm{��}\left\{2\left\{{\left(\tilde{s}\right)}^2{\left({\tilde{n}}^{*}\right)}^2\right\}\right\}+\\ 2{}_s^2{}_n^2-{\left({}_s^2\right)}^2-{\left({}_n^2\right)}^2].\end{array}& \left(34\right)\end{array}$

(88) Similarly, under H.sub.11, the received signal is represented as r.sub.i=s.sub.i+m.sub.i+n.sub.i, and the mean .sub.11 can be obtained as follows:

(89) 0$\begin{array}{cc}\begin{array}{c}{}_{11}=\frac{1}{N}\mathrm{��}\left\{\underset{i=1}{\overset{N}{.Math.}}\left(s_i+m_i+n_i\right){\left(s_i+m_i+n_i\right)}^{*}\right\}\\ ={}_s^2+{}_m^2+{}_n^2.\end{array}& \left(35\right)\end{array}$

(90) The variance of .sub.11.sup.2 can be obtained as:

(91) $\begin{array}{cc}\begin{array}{c}{}_{11}^2=\mathrm{��}\left\{{.Math.{\hat{R}}_{\mathrm{rr}}.Math.}^2\right\}-{.Math.{}_{11}.Math.}^2\\ =\frac{1}{N}[\mathrm{��}\left\{{.Math.\tilde{s}.Math.}^4\right\}+\mathrm{��}\left\{{.Math.\tilde{m}.Math.}^4\right\}+\mathrm{��}\left\{{.Math.\tilde{n}.Math.}^4\right\}+\\ \mathrm{��}\left\{2\left\{{\left(\tilde{s}\right)}^2{\left({\tilde{m}}^{*}\right)}^2\right\}\right\}+\\ \mathrm{��}\left\{2\left\{{\left(\tilde{s}\right)}^2{\left({\tilde{n}}^{*}\right)}^2\right\}\right\}+\mathrm{��}\left\{2\left\{{\left(\tilde{m}\right)}^2{\left({\tilde{n}}^{*}\right)}^2\right\}\right\}+\\ 2{}_s^2{}_m^2+2{}_s^2{}_n^2+2{}_m^2{}_n^2-\\ {\left({}_s^2\right)}^2-{\left({}_m^2\right)}^2-{\left({}_n^2\right)}^2].\end{array}& \left(36\right)\end{array}$

(92) From the discussions above, the following case results:

(93) $\begin{array}{cc}\begin{array}{c}{\tilde{P}}_{f,0}=P_r\left\{{\hat{R}}_{\mathrm{rr}}{}_0.Math.H_{00}\right\}\\ =Q\left(\frac{{}_0-{}_{00}}{{}_{00}}\right),\end{array}\mathrm{and}& \left(37\right)\\ \begin{array}{c}{\tilde{P}}_{f,1}=P_r\left\{{\hat{R}}_{\mathrm{rr}}{}_1.Math.H_{10}\right\}\\ =Q\left(\frac{{}_1-{}_{10}}{{}_{10}}\right).\end{array}& \left(38\right)\end{array}$

(94) Similarly, the following case results:

(95) $\begin{array}{cc}\begin{array}{c}{\tilde{P}}_{m,0}=P_r\left\{{\hat{R}}_{\mathrm{rr}}<{}_0.Math.H_{01}\right\}\\ =1-Q\left(\frac{{}_0-{}_{01}}{{}_{01}}\right),\end{array}\mathrm{and}& \left(39\right)\\ \begin{array}{c}{\tilde{P}}_{m,1}=P_r\left\{{\hat{R}}_{\mathrm{rr}}<{}_1.Math.H_{11}\right\}\\ =1-Q\left(\frac{{}_1-{}_{11}}{{}_{11}}\right).\end{array}& \left(40\right)\end{array}$

(96) The overall false alarm rate {tilde over (P)}.sub.c and miss detection probability {tilde over (P)}.sub.m can be calculated from equations (24) and (27). That is:

(97) $\begin{array}{cc}{\tilde{P}}_f=P_{0}Q\left(\frac{{}_0-{}_{00}}{{}_{00}}\right)+\left(1-P_0\right)Q\left(\frac{{}_0-{}_{10}}{{}_{10}}\right),\mathrm{and}& \left(41\right)\\ {\tilde{P}}_m=1-P_{0}Q\left(\frac{{}_0-{}_{01}}{{}_{01}}\right)+\left(P_0+1\right)Q\left(\frac{{}_1-{}_{11}}{{}_{11}}\right).& \left(42\right)\end{array}$

(98) The optimal thresholds .sub.0,opt and .sub.1,opt that minimize the overall miss detection probability {tilde over (P)}.sub.m subject to a constraint on the false alarm rate will be described.

(99) The Optimal Thresholds for Malicious User Detection

(100) The optimal thresholds .sub.0,opt an .sub.1,opt that minimize the overall miss detection probability of the malicious node detection are obtained, while maintaining the false alarm rates below a certain threshold . This problem can be formulated as follows:

(101) $\begin{array}{cc}\min {\tilde{P}}_m\mathrm{subject}\mathrm{to}{\tilde{P}}_{f,0},\mathrm{and}{\tilde{P}}_{f,1}.& \left(43\right)\end{array}$

(102) It is noted that the problem formulation above is equivalent to:

(103) $\begin{array}{cc}\min {\tilde{P}}_{m,0}\mathrm{subject}\mathrm{to}{\tilde{P}}_{f,0},\min {\tilde{P}}_{m,1}\mathrm{subject}\mathrm{to}{\tilde{P}}_{f,1}.& \left(44\right)\end{array}$

(104) Thus, it is requested:

(105) $\begin{array}{cc}{\tilde{P}}_{f,0}=Q\left(\frac{{}_0-{}_{00}}{{}_{00}}\right),\mathrm{and}& \left(45\right)\\ {\tilde{P}}_{f,1}=Q\left(\frac{{}_0-{}_{10}}{{}_{10}}\right),& \left(46\right)\end{array}$

(106) which implies that:
.sub.0.sub.00Q.sup.1()+.sub.00.(47)
and
.sub.1.sub.10Q.sup.1()+.sub.10.(48)

(107) It should be appreciated that in order to minimize the overall miss detection probability {tilde over (P)}.sub.m, .sub.0 in equation (47), and .sub.1 in equation (48) should be as small as possible. Hence, the thresholds are set to:
.sub.0,opt=.sub.00Q.sup.1()+.sub.00,(49)
and
.sub.1,opt=.sub.10Q.sup.1()+.sub.10.(50)

(108) By substituting .sub.0,opt and .sub.1,opt in equation (42), the overall miss detection probability is obtained as:

(109) $\begin{array}{cc}{\tilde{P}}_m=1-P_{0}Q\left(\frac{{}_{00}{Q}^{-1}\left(\right)+{}_{00}-{}_{01}}{{}_{01}}\right)+\left(P_0-1\right)Q\left(\frac{{}_{10}{Q}^{-1}\left(\right)+{}_{10}-{}_{11}}{{}_{11}}\right).& \left(51\right)\end{array}$

(110) It should be appreciated that for malicious user detection, to minimize the overall miss detection probability {tilde over (P)}.sub.m subject to the false alarm rate constraints {tilde over (P)}.sub.f,0 and {tilde over (P)}.sub.f,1, which also ensures that {tilde over (P)}.sub.f, =.sub.0,opt=.sub.00Q.sup.1()+.sub.00, and .sub.1,opt=.sub.10Q.sup.1()+.sub.10 are chosen.

(111) Security and Feasibility of the AES-Assisted DTV Method

(112) Security of the AES-Assisted DTV

(113) As it is well known, AES has been proved to be secure under all known attacks, in the sense that it is computationally infeasible to break AES in real time. In the present invention, this means that it is computationally infeasible for malicious users to regenerate the reference signal. Moreover, the AES process 22 has a very important security feature known as the avalanche effect, which means that a small change in the plaintext or the key yields a large change in the ciphertext.

(114) Because of the avalanche effect of the AES process 22, it is impossible to recover the plaintext given the ciphertext. Actually, even if one bit is changed in the plaintext, the ciphertext will be changed by approximately 50%.

(115) To illustrate the security of the AES-assisted DTV based on the avalanche effect, the cross-correlation between the reference signal and malicious signal under different SNR values is obtained, as shown in FIG. 3. It can be seen that the cross-correlation values are approximately zero, which implies that the malicious signal and the reference signal are uncorrelated. On the other hand, the cross-correlation between the reference signal and noisy versions of the primary signal is shown to be very high (around .sub.1 in equation (16)) under all SNR values, as illustrated in FIG. 4. It should be appreciated that in the system 10, the minimum SNR is 28.3 dB.

(116) These results show that the AES-assisted DTV method of the present invention is secure under PUEAs, as malicious users cannot regenerate the reference signal in real time.

(117) Mitigation of PUEA

(118) The approaches proposed as previously described enable the secondary users to identify the primary signal, as well as malicious nodes. It should be appreciated that due to the large range of DTV channels, the malicious users would not be capable of jamming all DTV white spaces simultaneously. When a primary user emulation attack is detected, the secondary users can adopt different methodologies for effective transmission, such as:

(119) Exploit techniques that are inherently jamming-resistant, such as Code Division Multiple Access (CDMA) and Frequency Hopping (FH) techniques. Both CDMA and FH were initially developed for secure military communications. CDMA is particularly efficient under narrow-band jamming, even if the malicious user hops from band to band. FH based systems are generally robust under wide-band jamming; when the malicious jamming pattern is time-varying, i.e., the malicious user switches between wide-band and narrow-band jamming, the transmitter then needs to be adjusted to combat the cognitive hostile attacks.

(120) Avoid transmission on the white spaces jammed by malicious nodes. For example, consider the case where the benign secondary users are OFDM-based transceivers, then they can shape their transmitted signal through proper precoding design to avoid communication over the jammed subcarriers. For time-varying attacks, the precoder should be adapted accordingly for transmission. This necessitates that jamming detection needs to be performed in real-time, which can generally be achieved by evaluating the time-varying power spectrum of the jamming signal.

(121) Using Energy Harvesting Techniques

(122) PUEA is essentially a jamming interference for the secondary users (SUs). The performance of the SUs can be improved significantly by exploiting PUEA as an extra energy resource using the energy harvesting techniques. That is, each SU can perform information reception and energy harvesting simultaneously. The optimal power splitting ratio can be derived to maximize the sum-rate (i.e. the sum of the downlink data transmission rate and the uplink data transmission rate) for the SUs under PUEA.

(123) Feasibility

(124) It is practical to generate the required sync bits within the frame time duration shown in FIG. 1.

(125) The AES process 22 is one of the block ciphers that can be implemented in different operational modes to generate stream data. In one embodiment, high-throughput (3.84 Gbps and higher) AES chips can be used. In one embodiment, an experiment was performed to measure the AES process 22 performance, where several file sizes from 100 KB to 50 MB were encrypted using a laptop with 2.99 GHz CPU and 2 GB RAM. Based on the results of the experiment, when the AES operates in the cipher feedback (CFB) mode, 554 bytes can be encrypted using 256-bit AES process 22 in 77.3 s. Therefore, 2.99 GHz CPU can generate the required AES reference signal within the frame time duration. It should be appreciated that the TV stations generally have powerful processing units, hence it is not a problem to generate the required secure synchronization bits within the frame duration. With 3.84 Gbps encryption speed, for example, 39 KB can be encrypted in 77.3 s, which is much more than needed.

(126) Simulations

(127) The effectiveness of the AES-assisted DTV method is demonstrated through simulation examples. First, the impact of the noise level on the optimal thresholds .sub.0,opt and .sub.1,opt is illustrated. Then, the false alarm rates and miss detection probabilities for both primary user and malicious user detection is evaluated. In the simulations, it is assumed that s.sub.i, m.sub.i, and n.sub.i are i.i.d. sequences, and are of zero mean. It is further assumed that the primary user is absent with probability P.sub.0=0.25. The primary user's signal power is assumed to be normalized to .sup.2.sub.s=1. For malicious user detection, the false alarm constraint is set to =10.sup.3.

Example 1

The optimal thresholds for malicious

(128) user detection. In this example, the optimal thresholds that minimize the miss detection probabilities under a predefined constraint on the false alarm rates for malicious user detection is demonstrated.

(129) FIG. 5 shows the two optimal thresholds .sub.0,opt and .sub.1,opt versus SNR for =10.sup.3. It is observed that the two curves decrease as the SNR increases, which can be verified with equations (49) and (50).

Example 2

False Alarm Rate and Miss Detection Probability for Primary User Detection

(130) Using =.sup.2.sub.s/2, the false alarm rate and miss detection probability numerically is obtained and compared with the theoretical results. The false alarm rate is illustrated in FIG. 6(a). It is noted that the theoretical false alarm rate P.sub.f in equation (18) depends on , since .sup.2.sub.0 is a function of . However, based on equation (15) and the avalanche effect of the AES process 22, this dependency becomes negligible when N is large. This can be seen from FIG. 6(a) as the theoretical calculations match perfectly with the numerical simulations.

(131) The probability of miss detection is shown in FIG. 6(b). It also can be seen that the theoretical calculations and numerical simulations are matched perfectly. It is clear that the AES-assisted DTV method of the present invention achieves zero false alarm rate and miss detection probability under a large range of SNR values.

Example 3

False Alarm Rate and Miss Detection Probability for Malicious User Detection

(132) In this example, the overall false alarm rate and miss detection probability numerically is obtained and compared with the theoretical results. FIG. 7(a) shows the overall false alarm rate P.sub.f for =10.sup.3. It should be appreciated that the theoretical calculations and numerical simulations are almost equal, and the predefined false alarm constraint is satisfied.

(133) The overall miss detection probability {tilde over (P)}.sub.m, is illustrated in FIG. 7(b). It is shown that the method of the present invention achieves zero overall miss detection probability under a large range of SNR values.

(134) From the discussions above, it is concluded that the AES-assisted DTV method of the present invention can achieve very low false alarm rates and miss detection probabilities when detecting the primary user and malicious user. That is, with the AES-assisted DTV method of the present invention, primary user emulation attacks can be effectively combated. It should be appreciated that the theoretical calculations presented are consistent with the numerical simulations.

(135) Feasibility for Second Generation DTV Standard

(136) It should be appreciated that the method of the present invention can be applied directly to the 2.sup.nd generation Orthogonal Frequency Division Multiplexing (OFDM) based DTV standard for more efficient spectrum sharing under PUEA. Currently, the most prevalent 2.sup.nd generation terrestrial DTV standard is DVB-T2. With the OFDM structure used in DVB-T2, the present invention can accurately detect the presence of the malicious users over each 3-subcarrier sub-band where the P2 pilots present. It should be further appreciated that the present invention can be used to detect PUEA over each single subcarrier if the preamble P2 symbols in the DVB-T2 standard can be adjusted to cover every OFDM subcarrier. The AES encrypted pseudorandom sequence can be used to replace the P2 preamble symbols because their frequency locations are independent of the size of the Fast Fourier Transform (FFT) used, and they have the largest number among all pilot symbols.

(137) Accordingly, a reliable AES-assisted DTV method of the present invention is disclosed for robust primary and secondary system operations under primary user emulation attacks. In the method of the present invention, an AES-encrypted reference signal is generated at the TV transmitter and used as the synchronization bits of the DTV data frames. By allowing a shared secret between the transmitter 12 and the receiver 14, the reference signal can be regenerated at the receiver 14 and be used to achieve accurate identification of authorized primary users. Moreover, when combined with the analysis on the auto-correlation of the received signal, the presence of the malicious user can be detected accurately no matter whether the primary user is present or not. The method of the present invention is practically feasible in the sense that it can effectively combat PUEA with no change in hardware or system structure except of a plug-in AES chip as shown in FIG. 2. It should be appreciated that the method of the present invention can be applied directly to today's HDTV systems for more robust spectrum sharing.

(138) The present invention has been described in an illustrative manner. It is to be understood that the terminology, which has been used, is intended to be in the nature of words of description rather than of limitation.

(139) Many modifications and variations of the present invention are possible in light of the above teachings. Therefore, the present invention may be practiced other than as specifically described.